{
"properties": {
"displayName": "[Preview]: NIS2",
"policyType": "BuiltIn",
"description": "The NIS2 Directive enhances the cybersecurity and resilience of critical infrastructure and digital services across the European Union, ensuring a higher level of protection against cyber threats.",
"metadata": {
"category": "Regulatory Compliance",
"version": "1.0.0-preview",
"preview": true
},
"version": "1.0.0-preview",
"policyDefinitionGroups": [
{
"name": "NIS2_LT._Logging_and_Threat_Detection_1",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NIS2_LT._Logging_and_Threat_Detection_1",
"category": "LT. Logging and Threat Detection",
"description": "Responsibility for ensuring the security of network and information system lies, to a great extent, with essential and important entities. A culture of risk management, involving risk assessments and the implementation of cybersecurity risk-management measures appropriate to the risks faced, should be promoted and developed.\r\nIn order to avoid imposing a disproportionate financial and administrative burden on essential and important entities, the cybersecurity risk-management measures should be proportionate to the risks posed to the network and information system concerned, taking into account the state-of-the-art of such measures, and, where applicable, relevant European and international standards, as well as the cost for their implementation."
},
{
"name": "NIS2_IR._Incident_Response_2",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NIS2_IR._Incident_Response_2",
"category": "IR. Incident Response",
"description": "Where essential or important entities become aware of a significant incident, they should be required to submit an early warning without undue delay and in any event within 24 hours. That early warning should be followed by an incident notification. The entities concerned should submit an incident notification without undue delay and in any event within 72 hours of becoming aware of the significant incident, with the aim, in particular, of updating information submitted through the early warning and indicating an initial assessment of the significant incident, including its severity and impact, as well as indicators of compromise, where available. A final report should be submitted not later than one month after the incident notification. The early warning should only include the information necessary to make the CSIRT, or where applicable the competent authority, aware of the significant incident and allow the entity concerned to seek assistance, if required. Such early warning, where applicable, should indicate whether the significant incident is suspected of being caused by unlawful or malicious acts, and whether it is likely to have a cross-border impact. Member States should ensure that the obligation to submit that early warning, or the subsequent incident notification, does not divert the notifying entity�s resources from activities related to incident handling that should be prioritised, in order to prevent incident reporting obligations from either diverting resources from significant incident response handling or otherwise compromising the entity�s efforts in that respect. 27.12.2022 EN Official Journal of the European Union L 333/99 In the event of an ongoing incident at the time of the submission of the final report, Member States should ensure that entities concerned provide a progress report at that time, and a final report within one month of their handling of the significant incident"
},
{
"name": "NIS2_BR._Backup_and_Recovery_3",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NIS2_BR._Backup_and_Recovery_3",
"category": "BR. Backup and Recovery",
"description": "Directive (EU) 2016/1148 of the European Parliament and the Council (4) aimed to build cybersecurity capabilities across the Union, mitigate threats to network and information systems used to provide essential services in key sectors and ensure the continuity of such services when facing incidents, thus contributing to the Union�s security and to the effective functioning of its economy and society."
},
{
"name": "NIS2_AM._Asset_Management_4",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NIS2_AM._Asset_Management_4",
"category": "AM. Asset Management",
"description": "To further address key supply chain risks and assist essential and important entities operating in sectors covered by this Directive to appropriately manage supply chain and supplier related risks, the Cooperation Group, in cooperation with the Commission and ENISA, and where appropriate after consulting relevant stakeholders including from the industry, should carry out coordinated security risk assessments of critical supply chains, as carried out for 5G networks following Commission Recommendation (EU) 2019/534 (19), with the aim of identifying, per sector, the critical ICT services, ICT systems or ICT products, relevant threats and vulnerabilities. Such coordinated security risk assessments should identify measures, mitigation plans and best practices to counter critical dependencies, potential single points of failure, threats, vulnerabilities and other risks associated with the supply chain and should explore ways to further encourage their wider adoption by essential and important entities. Potential non-technical risk factors, such as undue influence by a third country on suppliers and service providers, in particular in the case of alternative models of governance, include concealed vulnerabilities or backdoors and potential systemic supply disruptions, in particular in the case of technological lock-in or provider dependency."
},
{
"name": "NIS2_PV._Posture_and_Vulnerability_Management_5",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NIS2_PV._Posture_and_Vulnerability_Management_5",
"category": "PV. Posture and Vulnerability Management",
"description": "In that regard, international standards ISO/IEC 30111 and ISO/IEC 29147 provide guidance on vulnerability handling and vulnerability disclosure. Strengthening the coordination between reporting natural and legal persons and manufacturers or providers of ICT products or ICT services is particularly important for the purpose of facilitating the voluntary framework of vulnerability disclosure. Coordinated vulnerability disclosure specifies a structured process through which vulnerabilities are reported to the manufacturer or provider of the potentially vulnerable ICT products or ICT services in a manner allowing it to diagnose and remedy the vulnerability before detailed vulnerability information is disclosed to third parties or to the public. Coordinated vulnerability disclosure should also include coordination between the reporting natural or legal person and the manufacturer or provider of the potentially vulnerable ICT products or ICT services as regards the timing of remediation and publication of vulnerabilities."
},
{
"name": "NIS2_ES._Endpoint_Security_6",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NIS2_ES._Endpoint_Security_6",
"category": "ES. Endpoint Security",
"description": "Entities should evaluate their own cybersecurity capabilities and, where appropriate, pursue the integration of cybersecurity enhancing technologies, such as artificial intelligence. For the purpose of demonstrating compliance with cybersecurity risk-management measures and in the absence of appropriate European cybersecurity certification schemes adopted in accordance with Regulation (EU) 2019/881 of the European Parliament and of the Council (18), Member States should, in consultation with the Cooperation Group and the European Cybersecurity Certification Group, promote the use of relevant European and international standards by essential and important entities or may require entities to use certified ICT products, ICT services and ICT processes."
},
{
"name": "NIS2_Cybersecurity_training_7",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NIS2_Cybersecurity_training_7",
"category": "Cybersecurity training",
"description": "Essential and important entities should adopt a wide range of basic cyber hygiene practices, such as zero-trust principles, software updates, device configuration, network segmentation, identity and access management or user awareness, organise training for their staff and raise awareness concerning cyber threats, phishing or social engineering techniques. \r\nCyber hygiene policies provide the foundations for protecting network and information system infrastructures, hardware, software and online application security, and business or end-user data upon which entities rely. Cyber hygiene policies comprising a common baseline set of practices, including software and hardware updates, password changes, the management of new installs, the limitation of administrator-level access accounts, and the backing-up of data, enable a proactive framework of preparedness and overall safety and security in the event of incidents or cyber threats. ENISA should monitor and analyse Member States� cyber hygiene policies."
},
{
"name": "NIS2_DP._Data_Protection_8",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NIS2_DP._Data_Protection_8",
"category": "DP. Data Protection",
"description": "In order to safeguard the security of public electronic communications networks and publicly available electronic communications services, the use of encryption technologies, in particular end-to-end encryption as well as data-centric security concepts, such as cartography, segmentation, tagging, access policy and access management, and automated access decisions, should be promoted. Where necessary, the use of encryption, in particular end-to-end encryption should be mandatory for providers of public electronic communications networks or of publicly available electronic communications services in accordance with the principles of security and privacy by default and by design for the purposes of this Directive. The use of end-to-end encryption should be reconciled with the Member States� powers to ensure the protection of their essential security interests and public security, and to allow for the prevention, investigation, detection and prosecution of criminal offences in accordance with Union law. However, this should not weaken end-to-end encryption, which is a critical technology for the effective protection of data and privacy and the security of communications."
},
{
"name": "NIS2_AM._Asset_Management_9",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NIS2_AM._Asset_Management_9",
"category": "AM. Asset Management",
"description": "The cybersecurity risk-management measures should therefore also address the physical and environmental security of network and information systems by including measures to protect such systems from system failures, human error, malicious acts or natural phenomena, in line with European and international standards, such as those included in the ISO/IEC 27000 series. In that regard, essential and important entities should, as part of their cybersecurity risk-management measures, also address human resources security and have in place appropriate access control policies. Those measures should be consistent with Directive (EU) 2022/2557."
},
{
"name": "NIS2_IM._Identity_Management_10",
"additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/NIS2_IM._Identity_Management_10",
"category": "IM. Identity Management",
"description": "The use of multi-factor authentication or continuous authentication solutions, secured voice, video and text communications and secured emergency communication systems within the entity, where appropriate."
}
],
"parameters": {
"listOfImageIdToInclude_linux-1": {
"type": "Array",
"metadata": {
"displayName": "Optional: List of virtual machine images that have supported Linux OS to add to scope",
"description": "Example value: '/subscriptions/<subscriptionId>/resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'"
},
"defaultValue": []
},
"requiredRetentionDays-1": {
"type": "String",
"metadata": {
"displayName": "Required retention (days)",
"description": "The required resource logs retention in days if exporting to an Azure Storage account"
},
"defaultValue": "365"
},
"IncludeArcMachines-1": {
"type": "String",
"metadata": {
"displayName": "Include Arc connected servers",
"description": "By selecting this option, you agree to be charged monthly per Arc connected machine.",
"portalReview": "true"
},
"allowedValues": [
"true",
"false"
],
"defaultValue": "false"
},
"endpointType-1": {
"type": "String",
"metadata": {
"displayName": "Public Endpoint Type",
"description": "Public Endpoint Type for which to enforce the access check"
},
"allowedValues": [
"Management",
"Git",
"Gateway Configuration"
],
"defaultValue": "Management"
},
"listOfApplicableLocations-1": {
"type": "Array",
"metadata": {
"displayName": "Applicable Locations",
"description": "The list of locations where the policy should be applied.",
"strongType": "location"
},
"allowedValues": [
"australiasoutheast",
"australiaeast",
"brazilsouth",
"canadacentral",
"centralindia",
"centralus",
"eastasia",
"eastus2euap",
"eastus",
"eastus2",
"francecentral",
"japaneast",
"koreacentral",
"northcentralus",
"northeurope",
"norwayeast",
"southcentralus",
"southeastasia",
"switzerlandnorth",
"uaenorth",
"uksouth",
"westcentralus",
"westeurope",
"westus",
"westus2"
],
"defaultValue": [
"australiasoutheast",
"australiaeast",
"brazilsouth",
"canadacentral",
"centralindia",
"centralus",
"eastasia",
"eastus2euap",
"eastus",
"eastus2",
"francecentral",
"japaneast",
"koreacentral",
"northcentralus",
"northeurope",
"norwayeast",
"southcentralus",
"southeastasia",
"switzerlandnorth",
"uaenorth",
"uksouth",
"westcentralus",
"westeurope",
"westus",
"westus2"
]
},
"listOfImageIdToInclude_windows-1": {
"type": "Array",
"metadata": {
"displayName": "Optional: List of virtual machine images that have supported Windows OS to add to scope",
"description": "Example value: '/subscriptions/<subscriptionId>/resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'"
},
"defaultValue": []
}
},
"policyDefinitions": [
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2ef3cc79-733e-48ed-ab6f-7bf439e9b406",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1000 - Access Control Policy And Procedures Requirements",
"parameters": {},
"groupNames": [
"NIS2_LT._Logging_and_Threat_Detection_1",
"NIS2_AM._Asset_Management_9"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9e61da80-0957-4892-b70c-609d5eaafb6b",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1490 - Security Planning Policy And Procedures",
"parameters": {},
"groupNames": [
"NIS2_LT._Logging_and_Threat_Detection_1",
"NIS2_ES._Endpoint_Security_6"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1571dd40-dafc-4ef4-8f55-16eba27efc7b",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1491 - Security Planning Policy And Procedures",
"parameters": {},
"groupNames": [
"NIS2_LT._Logging_and_Threat_Detection_1"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7ad5f307-e045-46f7-8214-5bdb7e973737",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1492 - System Security Plan",
"parameters": {},
"groupNames": [
"NIS2_LT._Logging_and_Threat_Detection_1"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c1fa9c2f-d439-4ab9-8b83-81fb1934f81d",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1503 - Information Security Architecture",
"parameters": {},
"groupNames": [
"NIS2_LT._Logging_and_Threat_Detection_1"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d74fdc92-1cb8-4a34-9978-8556425cd14c",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1529 - Third-Party Personnel Security",
"parameters": {},
"groupNames": [
"NIS2_LT._Logging_and_Threat_Detection_1"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6e40d9de-2ad4-4cb5-8945-23143326a502",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1536 - Risk Assessment Policy And Procedures",
"parameters": {},
"groupNames": [
"NIS2_LT._Logging_and_Threat_Detection_1"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b19454ca-0d70-42c0-acf5-ea1c1e5726d1",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1537 - Risk Assessment Policy And Procedures",
"parameters": {},
"groupNames": [
"NIS2_LT._Logging_and_Threat_Detection_1",
"NIS2_ES._Endpoint_Security_6"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/70f6af82-7be6-44aa-9b15-8b9231b2e434",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1541 - Risk Assessment",
"parameters": {},
"groupNames": [
"NIS2_LT._Logging_and_Threat_Detection_1"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/eab340d0-3d55-4826-a0e5-feebfeb0131d",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1542 - Risk Assessment",
"parameters": {},
"groupNames": [
"NIS2_LT._Logging_and_Threat_Detection_1",
"NIS2_ES._Endpoint_Security_6"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/43ced7c9-cd53-456b-b0da-2522649a4271",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1544 - Risk Assessment",
"parameters": {},
"groupNames": [
"NIS2_LT._Logging_and_Threat_Detection_1"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3f4b171a-a56b-4328-8112-32cf7f947ee1",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1545 - Risk Assessment",
"parameters": {},
"groupNames": [
"NIS2_LT._Logging_and_Threat_Detection_1"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/45692294-f074-42bd-ac54-16f1a3c07554",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1559 - System And Services Acquisition Policy And Procedures",
"parameters": {},
"groupNames": [
"NIS2_LT._Logging_and_Threat_Detection_1",
"NIS2_BR._Backup_and_Recovery_3"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e29e0915-5c2f-4d09-8806-048b749ad763",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1560 - System And Services Acquisition Policy And Procedures",
"parameters": {},
"groupNames": [
"NIS2_LT._Logging_and_Threat_Detection_1"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/854db8ac-6adf-42a0-bef3-b73f764f40b9",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1580 - Information System Documentation",
"parameters": {},
"groupNames": [
"NIS2_LT._Logging_and_Threat_Detection_1"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d61880dc-6e38-4f2a-a30c-3406a98f8220",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1667 - System And Information Integrity Policy And Procedures",
"parameters": {},
"groupNames": [
"NIS2_LT._Logging_and_Threat_Detection_1"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1fa50212-51a9-471b-95cf-3a23410ec9e9",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1730 - Information Security Program Plan",
"parameters": {},
"groupNames": [
"NIS2_LT._Logging_and_Threat_Detection_1"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/59a7116d-19fd-49e9-a068-dec4460b97e5",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1731 - Information Security Program Plan",
"parameters": {},
"groupNames": [
"NIS2_LT._Logging_and_Threat_Detection_1"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5fd9ced5-18e8-4c09-91b7-3725680f8ade",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1734 - Information Security Resources",
"parameters": {},
"groupNames": [
"NIS2_LT._Logging_and_Threat_Detection_1"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/66a56404-7b65-4e33-b371-28d069172dd4",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1743 - Risk Management Strategy",
"parameters": {},
"groupNames": [
"NIS2_LT._Logging_and_Threat_Detection_1"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/07458826-9325-4481-abaf-bc9ed043459d",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1744 - Risk Management Strategy",
"parameters": {},
"groupNames": [
"NIS2_LT._Logging_and_Threat_Detection_1"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1c0b3710-03dc-450a-a56a-77b85e744f0d",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1749 - Mission-Business Process Definition",
"parameters": {},
"groupNames": [
"NIS2_LT._Logging_and_Threat_Detection_1"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1b4d1c4e-934c-4703-944c-27c82c06bebb",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Diagnostic logs in Azure AI services resources should be enabled",
"parameters": {},
"groupNames": [
"NIS2_LT._Logging_and_Threat_Detection_1"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/138ff14d-b687-4faa-a81c-898c91a87fa2",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Resource logs in Azure Databricks Workspaces should be enabled",
"parameters": {
"requiredRetentionDays": {
"value": "[parameters('requiredRetentionDays-1')]"
}
},
"groupNames": [
"NIS2_LT._Logging_and_Threat_Detection_1"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/21de687c-f15e-4e51-bf8d-f35c8619965b",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1111 - Response To Audit Processing Failures",
"parameters": {},
"groupNames": [
"NIS2_IR._Incident_Response_2"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bcfb6683-05e5-4ce6-9723-c3fbe9896bdd",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1351 - Incident Response Policy And Procedures",
"parameters": {},
"groupNames": [
"NIS2_IR._Incident_Response_2"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c785ad59-f78f-44ad-9a7f-d1202318c748",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1353 - Incident Response Training",
"parameters": {},
"groupNames": [
"NIS2_IR._Incident_Response_2"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/effbaeef-5bf4-400d-895e-ef8cbc0e64c7",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1358 - Incident Response Testing",
"parameters": {},
"groupNames": [
"NIS2_IR._Incident_Response_2"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47bc7ea0-7d13-4f7c-a154-b903f7194253",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1359 - Incident Response Testing - Coordination With Related Plans",
"parameters": {},
"groupNames": [
"NIS2_IR._Incident_Response_2"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/be5b05e7-0b82-4ebc-9eda-25e447b1a41e",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1360 - Incident Handling",
"parameters": {},
"groupNames": [
"NIS2_IR._Incident_Response_2"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/03ed3be1-7276-4452-9a5d-e4168565ac67",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1361 - Incident Handling",
"parameters": {},
"groupNames": [
"NIS2_IR._Incident_Response_2"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5d169442-d6ef-439b-8dca-46c2c3248214",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1362 - Incident Handling",
"parameters": {},
"groupNames": [
"NIS2_IR._Incident_Response_2"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ea3e8156-89a1-45b1-8bd6-938abc79fdfd",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1363 - Incident Handling - Automated Incident Handling Processes",
"parameters": {},
"groupNames": [
"NIS2_IR._Incident_Response_2"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4c615c2a-dc83-4dda-8220-abce7b50c9bc",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1364 - Incident Handling - Dynamic Reconfiguration",
"parameters": {},
"groupNames": [
"NIS2_IR._Incident_Response_2"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4116891d-72f7-46ee-911c-8056cc8dcbd5",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1365 - Incident Handling - Continuity Of Operations",
"parameters": {},
"groupNames": [
"NIS2_IR._Incident_Response_2",
"NIS2_BR._Backup_and_Recovery_3"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/06c45c30-ae44-4f0f-82be-41331da911cc",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1366 - Incident Handling - Information Correlation",
"parameters": {},
"groupNames": [
"NIS2_IR._Incident_Response_2"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/435b2547-6374-4f87-b42d-6e8dbe6ae62a",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1367 - Incident Handling - Insider Threats - Specific Capabilities",
"parameters": {},
"groupNames": [
"NIS2_IR._Incident_Response_2"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/465f32da-0ace-4603-8d1b-7be5a3a702de",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1368 - Incident Handling - Correlation With External Organizations",
"parameters": {},
"groupNames": [
"NIS2_IR._Incident_Response_2"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/18cc35ed-a429-486d-8d59-cb47e87304ed",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1369 - Incident Monitoring",
"parameters": {},
"groupNames": [
"NIS2_IR._Incident_Response_2"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/924e1b2d-c502-478f-bfdb-a7e09a0d5c01",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1370 - Incident Monitoring - Automated Tracking - Data Collection - Analysis",
"parameters": {},
"groupNames": [
"NIS2_IR._Incident_Response_2"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9447f354-2c85-4700-93b3-ecdc6cb6a417",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1371 - Incident Reporting",
"parameters": {},
"groupNames": [
"NIS2_IR._Incident_Response_2"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/25b96717-c912-4c00-9143-4e487f411726",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1372 - Incident Reporting",
"parameters": {},
"groupNames": [
"NIS2_IR._Incident_Response_2"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4cca950f-c3b7-492a-8e8f-ea39663c14f9",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1373 - Incident Reporting - Automated Reporting",
"parameters": {},
"groupNames": [
"NIS2_IR._Incident_Response_2"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/cc5c8616-52ef-4e5e-8000-491634ed9249",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1374 - Incident Response Assistance",
"parameters": {},
"groupNames": [
"NIS2_IR._Incident_Response_2"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/00379355-8932-4b52-b63a-3bc6daf3451a",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1375 - Incident Response Assistance - Automation Support For Availability Of Information - Support",
"parameters": {},
"groupNames": [
"NIS2_IR._Incident_Response_2"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/493a95f3-f2e3-47d0-af02-65e6d6decc2f",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1376 - Incident Response Assistance - Coordination With External Providers",
"parameters": {},
"groupNames": [
"NIS2_IR._Incident_Response_2"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/97fceb70-6983-42d0-9331-18ad8253184d",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1378 - Incident Response Plan",
"parameters": {},
"groupNames": [
"NIS2_IR._Incident_Response_2"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e5368258-9684-4567-8126-269f34e65eab",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1381 - Incident Response Plan",
"parameters": {},
"groupNames": [
"NIS2_IR._Incident_Response_2"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/fd4a2ac8-868a-4702-a345-6c896c3361ce",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1707 - Security Alerts & Advisories - Automated Alerts And Advisories",
"parameters": {},
"groupNames": [
"NIS2_IR._Incident_Response_2"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b083a535-a66a-41ec-ba7f-f9498bf67cde",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1711 - Security Functionality Verification",
"parameters": {},
"groupNames": [
"NIS2_IR._Incident_Response_2"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2d5600ed-575a-4723-9ff4-52d694be0a59",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1856 - Privacy Incident Response",
"parameters": {},
"groupNames": [
"NIS2_IR._Incident_Response_2"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/fb845c34-808d-4c17-a0ce-85a530e9164b",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1857 - Privacy Incident Response",
"parameters": {},
"groupNames": [
"NIS2_IR._Incident_Response_2"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Email notification for high severity alerts should be enabled",
"parameters": {},
"groupNames": [
"NIS2_IR._Incident_Response_2"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d",
"definitionVersion": "2.*.*",
"policyDefinitionReferenceId": "Email notification to subscription owner for high severity alerts should be enabled",
"parameters": {},
"groupNames": [
"NIS2_IR._Incident_Response_2"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Subscriptions should have a contact email address for security issues",
"parameters": {},
"groupNames": [
"NIS2_IR._Incident_Response_2"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1c988dd6-ade4-430f-a608-2a3e5b0a6d38",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Defender for Containers should be enabled",
"parameters": {},
"groupNames": [
"NIS2_IR._Incident_Response_2"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a1840de2-8088-4ea8-b153-b4c723e9cb01",
"definitionVersion": "2.*.*",
"policyDefinitionReferenceId": "Azure Kubernetes Service clusters should have Defender profile enabled",
"parameters": {},
"groupNames": [
"NIS2_IR._Incident_Response_2"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/938c4981-c2c9-4168-9cd6-972b8675f906",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Defender for SQL status should be protected for Arc-enabled SQL Servers",
"parameters": {},
"groupNames": [
"NIS2_IR._Incident_Response_2"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f171df5c-921b-41e9-b12b-50801c315475",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1028 - Information Flow Enforcement",
"parameters": {},
"groupNames": [
"NIS2_BR._Backup_and_Recovery_3",
"NIS2_DP._Data_Protection_8",
"NIS2_AM._Asset_Management_9"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e2f8f6c6-dde4-436b-a79d-bc50e129eb3a",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1161 - Continuous Monitoring",
"parameters": {},
"groupNames": [
"NIS2_BR._Backup_and_Recovery_3"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5770f3d6-8c2b-4f6f-bf0e-c8c8fc36d592",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1162 - Continuous Monitoring",
"parameters": {},
"groupNames": [
"NIS2_BR._Backup_and_Recovery_3"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/cf3b3293-667a-445e-a722-fa0b0afc0958",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1242 - Contingency Planning Policy And Procedures",
"parameters": {},
"groupNames": [
"NIS2_BR._Backup_and_Recovery_3"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ca9a4469-d6df-4ab2-a42f-1213c396f0ec",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1243 - Contingency Planning Policy And Procedures",
"parameters": {},
"groupNames": [
"NIS2_BR._Backup_and_Recovery_3"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/398eb61e-8111-40d5-a0c9-003df28f1753",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1246 - Contingency Plan",
"parameters": {},
"groupNames": [
"NIS2_BR._Backup_and_Recovery_3"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0afce0b3-dd9f-42bb-af28-1e4284ba8311",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1253 - Contingency Plan - Resume Essential Missions - Business Functions",
"parameters": {},
"groupNames": [
"NIS2_BR._Backup_and_Recovery_3"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f3793f5e-937f-44f7-bfba-40647ef3efa0",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1255 - Contingency Plan - Continue Essential Missions - Business Functions",
"parameters": {},
"groupNames": [
"NIS2_BR._Backup_and_Recovery_3"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/65aeceb5-a59c-4cb1-8d82-9c474be5d431",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1261 - Contingency Plan Testing",
"parameters": {},
"groupNames": [
"NIS2_BR._Backup_and_Recovery_3"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/dd280d4b-50a1-42fb-a479-ece5878acf19",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1264 - Contingency Plan Testing - Coordinate With Related Plans",
"parameters": {},
"groupNames": [
"NIS2_BR._Backup_and_Recovery_3"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4e97ba1d-be5d-4953-8da4-0cccf28f4805",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1267 - Alternate Storage Site",
"parameters": {},
"groupNames": [
"NIS2_BR._Backup_and_Recovery_3"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8dc459b3-0e77-45af-8d71-cfd8c9654fe2",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1281 - Telecommunications Services - Priority Of Service Provisions",
"parameters": {},
"groupNames": [
"NIS2_BR._Backup_and_Recovery_3"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/87f7cd82-2e45-4d0f-9e2f-586b0962d142",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1293 - Information System Backup - Separate Storage For Critical Information",
"parameters": {},
"groupNames": [
"NIS2_BR._Backup_and_Recovery_3"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/49dbe627-2c1e-438c-979e-dd7a39bbf81d",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1294 - Information System Backup - Transfer To Alternate Storage Site",
"parameters": {},
"groupNames": [
"NIS2_BR._Backup_and_Recovery_3"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a895fbdb-204d-4302-9689-0a59dc42b3d9",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1295 - Information System Recovery And Reconstitution",
"parameters": {},
"groupNames": [
"NIS2_BR._Backup_and_Recovery_3"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8c79fee4-88dd-44ce-bbd4-4de88948c4f8",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1683 - Information System Monitoring",
"parameters": {},
"groupNames": [
"NIS2_BR._Backup_and_Recovery_3"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/16bfdb59-db38-47a5-88a9-2e9371a638cf",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1684 - Information System Monitoring",
"parameters": {},
"groupNames": [
"NIS2_BR._Backup_and_Recovery_3"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7a87fc7f-301e-49f3-ba2a-4d74f424fa97",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1687 - Information System Monitoring",
"parameters": {},
"groupNames": [
"NIS2_BR._Backup_and_Recovery_3"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/426c4ac9-ff17-49d0-acd7-a13c157081c0",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1694 - Information System Monitoring - Analyze Communications Traffic Anomalies",
"parameters": {},
"groupNames": [
"NIS2_BR._Backup_and_Recovery_3"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d461dd50-c8fb-4ccb-93bf-61f53b44e54d",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1742 - Critical Infrastructure Plan",
"parameters": {},
"groupNames": [
"NIS2_BR._Backup_and_Recovery_3"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/013e242c-8828-4970-87b3-ab247555486d",
"definitionVersion": "3.*.*",
"policyDefinitionReferenceId": "Azure Backup should be enabled for Virtual Machines",
"parameters": {},
"groupNames": [
"NIS2_BR._Backup_and_Recovery_3"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Geo-redundant backup should be enabled for Azure Database for PostgreSQL",
"parameters": {},
"groupNames": [
"NIS2_BR._Backup_and_Recovery_3"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Geo-redundant backup should be enabled for Azure Database for MySQL",
"parameters": {},
"groupNames": [
"NIS2_BR._Backup_and_Recovery_3"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/68434bd1-e14b-4031-9edb-a4adf5f84a67",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1377 - Incident Response Assistance - Coordination With External Providers",
"parameters": {},
"groupNames": [
"NIS2_AM._Asset_Management_4"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d922484a-8cfc-4a6b-95a4-77d6a685407f",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1577 - Acquisitions Process - Continuous Monitoring Plan",
"parameters": {},
"groupNames": [
"NIS2_AM._Asset_Management_4"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b73b7b3b-677c-4a2a-b949-ad4dc4acd89f",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1608 - Supply Chain Protection",
"parameters": {},
"groupNames": [
"NIS2_AM._Asset_Management_4"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/804faf7d-b687-40f7-9f74-79e28adf4205",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1703 - Security Alerts & Advisories",
"parameters": {},
"groupNames": [
"NIS2_AM._Asset_Management_4"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f82e3639-fa2b-4e06-a786-932d8379b972",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1705 - Security Alerts & Advisories",
"parameters": {},
"groupNames": [
"NIS2_AM._Asset_Management_4",
"NIS2_PV._Posture_and_Vulnerability_Management_5"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c",
"definitionVersion": "3.*.*",
"policyDefinitionReferenceId": "Management ports of virtual machines should be protected with just-in-time network access control",
"parameters": {},
"groupNames": [
"NIS2_AM._Asset_Management_4",
"NIS2_PV._Posture_and_Vulnerability_Management_5",
"NIS2_AM._Asset_Management_9"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e9ac8f8e-ce22-4355-8f04-99b911d6be52",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Guest accounts with read permissions on Azure resources should be removed",
"parameters": {},
"groupNames": [
"NIS2_AM._Asset_Management_4"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/339353f6-2387-4a45-abe4-7f529d121046",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Guest accounts with owner permissions on Azure resources should be removed",
"parameters": {},
"groupNames": [
"NIS2_AM._Asset_Management_4"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/94e1c2ac-cbbe-4cac-a2b5-389c812dee87",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Guest accounts with write permissions on Azure resources should be removed",
"parameters": {},
"groupNames": [
"NIS2_AM._Asset_Management_4"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1cb4d9c2-f88f-4069-bee0-dba239a57b09",
"definitionVersion": "4.*.*-preview",
"policyDefinitionReferenceId": "[Preview]: Guest Attestation extension should be installed on supported Windows virtual machines",
"parameters": {},
"groupNames": [
"NIS2_AM._Asset_Management_4"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/672fe5a1-2fcd-42d7-b85d-902b6e28c6ff",
"definitionVersion": "6.*.*-preview",
"policyDefinitionReferenceId": "[Preview]: Guest Attestation extension should be installed on supported Linux virtual machines",
"parameters": {},
"groupNames": [
"NIS2_AM._Asset_Management_4"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4e26f8c3-4bf3-4191-b8fc-d888805101b7",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1001 - Access Control Policy And Procedures Requirements",
"parameters": {},
"groupNames": [
"NIS2_PV._Posture_and_Vulnerability_Management_5",
"NIS2_AM._Asset_Management_9"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c17822dc-736f-4eb4-a97d-e6be662ff835",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1004 - Account Management",
"parameters": {},
"groupNames": [
"NIS2_PV._Posture_and_Vulnerability_Management_5"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5b626abc-26d4-4e22-9de8-3831818526b1",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1005 - Account Management",
"parameters": {},
"groupNames": [
"NIS2_PV._Posture_and_Vulnerability_Management_5"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8356cfc6-507a-4d20-b818-08038011cd07",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1008 - Account Management",
"parameters": {},
"groupNames": [
"NIS2_PV._Posture_and_Vulnerability_Management_5"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b26f8610-e615-47c2-abd6-c00b2b0b503a",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1009 - Account Management",
"parameters": {},
"groupNames": [
"NIS2_PV._Posture_and_Vulnerability_Management_5"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/784663a8-1eb0-418a-a98c-24d19bc1bb62",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1010 - Account Management",
"parameters": {},
"groupNames": [
"NIS2_PV._Posture_and_Vulnerability_Management_5"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7e6a54f3-883f-43d5-87c4-172dfd64a1f5",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1011 - Account Management",
"parameters": {},
"groupNames": [
"NIS2_PV._Posture_and_Vulnerability_Management_5"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2ce1ea7e-4038-4e53-82f4-63e8859333c1",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1546 - Vulnerability Scanning",
"parameters": {},
"groupNames": [
"NIS2_PV._Posture_and_Vulnerability_Management_5"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1547 - Vulnerability Scanning",
"parameters": {},
"groupNames": [
"NIS2_PV._Posture_and_Vulnerability_Management_5"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3afe6c78-6124-4d95-b85c-eb8c0c9539cb",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1548 - Vulnerability Scanning",
"parameters": {},
"groupNames": [
"NIS2_PV._Posture_and_Vulnerability_Management_5"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d6976a08-d969-4df2-bb38-29556c2eb48a",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1549 - Vulnerability Scanning",
"parameters": {},
"groupNames": [
"NIS2_PV._Posture_and_Vulnerability_Management_5"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/902908fb-25a8-4225-a3a5-5603c80066c9",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1550 - Vulnerability Scanning",
"parameters": {},
"groupNames": [
"NIS2_PV._Posture_and_Vulnerability_Management_5"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5bbda922-0172-4095-89e6-5b4a0bf03af7",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1551 - Vulnerability Scanning - Update Tool Capability",
"parameters": {},
"groupNames": [
"NIS2_PV._Posture_and_Vulnerability_Management_5"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/43684572-e4f1-4642-af35-6b933bc506da",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1552 - Vulnerability Scanning - Update By Frequency - Prior To New Scan - When Identified",
"parameters": {},
"groupNames": [
"NIS2_PV._Posture_and_Vulnerability_Management_5"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9e5225fe-cdfb-4fce-9aec-0fe20dd53b62",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1553 - Vulnerability Scanning - Breadth - Depth Of Coverage",
"parameters": {},
"groupNames": [
"NIS2_PV._Posture_and_Vulnerability_Management_5"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/65592b16-4367-42c5-a26e-d371be450e17",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1558 - Vulnerability Scanning - Correlate Scanning Information",
"parameters": {},
"groupNames": [
"NIS2_PV._Posture_and_Vulnerability_Management_5"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/45b7b644-5f91-498e-9d89-7402532d3645",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1578 - Acquisitions Process - Functions - Ports - Protocols - Services In Use",
"parameters": {},
"groupNames": [
"NIS2_PV._Posture_and_Vulnerability_Management_5"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f751cdb7-fbee-406b-969b-815d367cb9b3",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1591 - External Information System Services - Identification Of Functions - Ports - Protocols...",
"parameters": {},
"groupNames": [
"NIS2_PV._Posture_and_Vulnerability_Management_5"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1606 - Developer Security Testing And Evaluation - Threat And Vulnerability Analyses",
"parameters": {},
"groupNames": [
"NIS2_PV._Posture_and_Vulnerability_Management_5"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8fb0966e-be1d-42c3-baca-60df5c0bcc61",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1668 - Flaw Remediation",
"parameters": {},
"groupNames": [
"NIS2_PV._Posture_and_Vulnerability_Management_5"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f475ee0e-f560-4c9b-876b-04a77460a404",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1706 - Security Alerts & Advisories",
"parameters": {},
"groupNames": [
"NIS2_PV._Posture_and_Vulnerability_Management_5"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d39620a4-95c6-4d4f-8aa4-83c0c6a2c640",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1818 - Accounting of Disclosures",
"parameters": {},
"groupNames": [
"NIS2_PV._Posture_and_Vulnerability_Management_5"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c6c43097-8552-4279-8b38-7dcabff781d3",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1819 - Accounting of Disclosures",
"parameters": {},
"groupNames": [
"NIS2_PV._Posture_and_Vulnerability_Management_5"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f6de0be7-9a8a-4b8a-b349-43cf02d22f7c",
"definitionVersion": "3.*.*",
"policyDefinitionReferenceId": "Internet-facing virtual machines should be protected with network security groups",
"parameters": {},
"groupNames": [
"NIS2_PV._Posture_and_Vulnerability_Management_5"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bb91dfba-c30d-4263-9add-9c2384e659a6",
"definitionVersion": "3.*.*",
"policyDefinitionReferenceId": "Non-internet-facing virtual machines should be protected with network security groups",
"parameters": {},
"groupNames": [
"NIS2_PV._Posture_and_Vulnerability_Management_5"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Storage accounts should restrict network access using virtual network rules",
"parameters": {},
"groupNames": [
"NIS2_PV._Posture_and_Vulnerability_Management_5"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Storage accounts should restrict network access",
"parameters": {},
"groupNames": [
"NIS2_PV._Posture_and_Vulnerability_Management_5"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6",
"definitionVersion": "3.*.*",
"policyDefinitionReferenceId": "All network ports should be restricted on network security groups associated to your virtual machine",
"parameters": {},
"groupNames": [
"NIS2_PV._Posture_and_Vulnerability_Management_5"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07",
"definitionVersion": "2.*.*",
"policyDefinitionReferenceId": "Dependency agent should be enabled for listed virtual machine images",
"parameters": {
"listOfImageIdToInclude_linux": {
"value": "[parameters('listOfImageIdToInclude_linux-1')]"
},
"listOfImageIdToInclude_windows": {
"value": "[parameters('listOfImageIdToInclude_windows-1')]"
}
},
"groupNames": [
"NIS2_PV._Posture_and_Vulnerability_Management_5"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10",
"definitionVersion": "2.*.*",
"policyDefinitionReferenceId": "Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images",
"parameters": {
"listOfImageIdToInclude_linux": {
"value": "[parameters('listOfImageIdToInclude_linux-1')]"
},
"listOfImageIdToInclude_windows": {
"value": "[parameters('listOfImageIdToInclude_windows-1')]"
}
},
"groupNames": [
"NIS2_PV._Posture_and_Vulnerability_Management_5"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517",
"definitionVersion": "3.*.*",
"policyDefinitionReferenceId": "Subnets should be associated with a Network Security Group",
"parameters": {},
"groupNames": [
"NIS2_PV._Posture_and_Vulnerability_Management_5"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2154edb9-244f-4741-9970-660785bccdaa",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "VM Image Builder templates should use private link",
"parameters": {},
"groupNames": [
"NIS2_PV._Posture_and_Vulnerability_Management_5"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917",
"definitionVersion": "3.*.*",
"policyDefinitionReferenceId": "Management ports should be closed on your virtual machines",
"parameters": {},
"groupNames": [
"NIS2_PV._Posture_and_Vulnerability_Management_5"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744",
"definitionVersion": "3.*.*",
"policyDefinitionReferenceId": "IP Forwarding on your virtual machine should be disabled",
"parameters": {},
"groupNames": [
"NIS2_PV._Posture_and_Vulnerability_Management_5"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66",
"definitionVersion": "2.*.*",
"policyDefinitionReferenceId": "Web Application Firewall (WAF) should be enabled for Application Gateway",
"parameters": {},
"groupNames": [
"NIS2_PV._Posture_and_Vulnerability_Management_5"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/037eea7a-bd0a-46c5-9a66-03aea78705d3",
"definitionVersion": "3.*.*",
"policyDefinitionReferenceId": "Azure AI Services resources should restrict network access",
"parameters": {},
"groupNames": [
"NIS2_PV._Posture_and_Vulnerability_Management_5"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/df73bd95-24da-4a4f-96b9-4e8b94b402bd",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "API Management should disable public network access to the service configuration endpoints",
"parameters": {
"endpointType": {
"value": "[parameters('endpointType-1')]"
}
},
"groupNames": [
"NIS2_PV._Posture_and_Vulnerability_Management_5"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/13a6c84f-49a5-410a-b5df-5b880c3fe009",
"definitionVersion": "1.*.*-preview",
"policyDefinitionReferenceId": "[Preview]: Linux virtual machines should use only signed and trusted boot components",
"parameters": {},
"groupNames": [
"NIS2_PV._Posture_and_Vulnerability_Management_5"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1c30f9cd-b84c-49cc-aa2c-9288447cc3b3",
"definitionVersion": "2.*.*-preview",
"policyDefinitionReferenceId": "[Preview]: vTPM should be enabled on supported virtual machines",
"parameters": {},
"groupNames": [
"NIS2_PV._Posture_and_Vulnerability_Management_5"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/97566dd7-78ae-4997-8b36-1c7bfe0d8121",
"definitionVersion": "4.*.*-preview",
"policyDefinitionReferenceId": "[Preview]: Secure Boot should be enabled on supported Windows virtual machines",
"parameters": {},
"groupNames": [
"NIS2_PV._Posture_and_Vulnerability_Management_5"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d26f7642-7545-4e18-9b75-8c9bbdee3a9a",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Virtual machines- Guest Configuration extension should be deployed with system-assigned managed identity",
"parameters": {},
"groupNames": [
"NIS2_PV._Posture_and_Vulnerability_Management_5"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6ba6d016-e7c3-4842-b8f2-4992ebc0d72d",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "SQL servers on machines should have vulnerability findings resolved",
"parameters": {},
"groupNames": [
"NIS2_PV._Posture_and_Vulnerability_Management_5"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc",
"definitionVersion": "4.*.*",
"policyDefinitionReferenceId": "SQL databases should have vulnerability findings resolved",
"parameters": {},
"groupNames": [
"NIS2_PV._Posture_and_Vulnerability_Management_5"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f85bf3e0-d513-442e-89c3-1784ad63382b",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "System updates should be installed on your machines (powered by Update Center)",
"parameters": {},
"groupNames": [
"NIS2_PV._Posture_and_Vulnerability_Management_5"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7fe3b40f-802b-4cdd-8bd4-fd799c948cc2",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Azure Defender for Azure SQL Database servers should be enabled",
"parameters": {},
"groupNames": [
"NIS2_PV._Posture_and_Vulnerability_Management_5"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/01524fa8-4555-48ce-ba5f-c3b8dcef5147",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1142 - Certification- Authorization- Security Assessment Policy And Procedures",
"parameters": {},
"groupNames": [
"NIS2_ES._Endpoint_Security_6"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/beff0acf-7e67-40b2-b1ca-1a0e8205cf1b",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1152 - System Interconnections",
"parameters": {},
"groupNames": [
"NIS2_ES._Endpoint_Security_6"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/42a9a714-8fbb-43ac-b115-ea12d2bd652f",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1174 - Configuration Management Policy And Procedures",
"parameters": {},
"groupNames": [
"NIS2_ES._Endpoint_Security_6"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f35e02aa-0a55-49f8-8811-8abfa7e6f2c0",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1615 - System And Communications Protection Policy And Procedures",
"parameters": {},
"groupNames": [
"NIS2_ES._Endpoint_Security_6",
"NIS2_DP._Data_Protection_8"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f5a44e7d-77a2-474e-b2e3-4e8c42ba514b",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1729 - Information Security Program Plan",
"parameters": {},
"groupNames": [
"NIS2_ES._Endpoint_Security_6"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4152937a-1a44-401a-a179-04b44ea15f4c",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1733 - Senior Information Security Officer",
"parameters": {},
"groupNames": [
"NIS2_ES._Endpoint_Security_6"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e4df5fb7-58e9-41de-9399-f043c7a931f8",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1740 - Information Security Measures Of Performance",
"parameters": {},
"groupNames": [
"NIS2_ES._Endpoint_Security_6"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7cb8a3d2-a208-4b6f-95e8-e8f0bb85a7a6",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1807 - Governance And Privacy Program",
"parameters": {},
"groupNames": [
"NIS2_ES._Endpoint_Security_6"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a28323fe-276d-3787-32d2-cef6395764c4",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Develop audit and accountability policies and procedures",
"parameters": {},
"groupNames": [
"NIS2_ES._Endpoint_Security_6"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1282809c-9001-176b-4a81-260a085f4872",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Perform audit for configuration change control",
"parameters": {},
"groupNames": [
"NIS2_ES._Endpoint_Security_6"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/333b4ada-4a02-0648-3d4d-d812974f1bb2",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Govern and monitor audit processing activities",
"parameters": {},
"groupNames": [
"NIS2_ES._Endpoint_Security_6"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/33602e78-35e3-4f06-17fb-13dd887448e4",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Conduct capacity planning",
"parameters": {},
"groupNames": [
"NIS2_ES._Endpoint_Security_6"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Adhere to retention periods defined",
"parameters": {},
"groupNames": [
"NIS2_ES._Endpoint_Security_6"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9622aaa9-5c49-40e2-5bf8-660b7cd23deb",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Alert personnel of information spillage",
"parameters": {},
"groupNames": [
"NIS2_ES._Endpoint_Security_6"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ef080e67-0d1a-4f76-a0c5-fb9b0358485e",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1089 - Security Awareness",
"parameters": {},
"groupNames": [
"NIS2_Cybersecurity_training_7"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2fb740e5-cbc7-4d10-8686-d1bf826652b1",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1090 - Security Awareness",
"parameters": {},
"groupNames": [
"NIS2_Cybersecurity_training_7"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b23bd715-5d1c-4e5c-9759-9cbdf79ded9d",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1091 - Security Awareness",
"parameters": {},
"groupNames": [
"NIS2_Cybersecurity_training_7"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8a29d47b-8604-4667-84ef-90d203fcb305",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1092 - Security Awareness - Insider Threat",
"parameters": {},
"groupNames": [
"NIS2_Cybersecurity_training_7"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7a0bdeeb-15f4-47e8-a1da-9f769f845fdf",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1093 - Role-Based Security Training",
"parameters": {},
"groupNames": [
"NIS2_Cybersecurity_training_7"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/420c1477-aa43-49d0-bd7e-c4abdd9addff",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1096 - Role-Based Security Training - Practical Exercises",
"parameters": {},
"groupNames": [
"NIS2_Cybersecurity_training_7"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/cf3e4836-f19e-47eb-a8cd-c3ca150452c0",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1097 - Role-Based Security Training - Suspicious Communications And Anomalous System Behavior",
"parameters": {},
"groupNames": [
"NIS2_Cybersecurity_training_7"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/84363adb-dde3-411a-9fc1-36b56737f822",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1098 - Security Training Records",
"parameters": {},
"groupNames": [
"NIS2_Cybersecurity_training_7"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/53ac8f8e-c2b5-4d44-8a2d-058e9ced9b69",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1029 - Information Flow Enforcement - Security Policy Filters",
"parameters": {},
"groupNames": [
"NIS2_DP._Data_Protection_8",
"NIS2_AM._Asset_Management_9"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d3531453-b869-4606-9122-29c1cd6e7ed1",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1030 - Information Flow Enforcement - Physical - Logical Separation Of Information Flows",
"parameters": {},
"groupNames": [
"NIS2_DP._Data_Protection_8"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4708723f-e099-4af1-bbf9-b6df7642e444",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1062 - Remote Access - Protection Of Confidentiality - Integrity Using Encryption",
"parameters": {},
"groupNames": [
"NIS2_DP._Data_Protection_8"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/91c97b44-791e-46e9-bad7-ab7c4949edbb",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1069 - Wireless Access Restrictions - Authentication And Encryption",
"parameters": {},
"groupNames": [
"NIS2_DP._Data_Protection_8"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2006457a-48b3-4f7b-8d2e-1532287f9929",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1616 - System And Communications Protection Policy And Procedures",
"parameters": {},
"groupNames": [
"NIS2_DP._Data_Protection_8"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ecf56554-164d-499a-8d00-206b07c27bed",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1622 - Boundary Protection",
"parameters": {},
"groupNames": [
"NIS2_DP._Data_Protection_8"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/74ae9b8e-e7bb-4c9c-992f-c535282f7a2c",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1631 - Boundary Protection - Deny By Default - Allow By Exception",
"parameters": {},
"groupNames": [
"NIS2_DP._Data_Protection_8"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/87551b5d-1deb-4d0f-86cc-9dc14cb4bf7e",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1635 - Boundary Protection - Host-Based Protection",
"parameters": {},
"groupNames": [
"NIS2_DP._Data_Protection_8"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/05a289ce-6a20-4b75-a0f3-dc8601b6acd0",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1640 - Transmission Confidentiality And Integrity",
"parameters": {},
"groupNames": [
"NIS2_DP._Data_Protection_8",
"NIS2_AM._Asset_Management_9"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d39d4f68-7346-4133-8841-15318a714a24",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1641 - Transmission Confidentiality And Integrity - Cryptographic Or Alternate Physical Protection",
"parameters": {},
"groupNames": [
"NIS2_DP._Data_Protection_8"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6d8d492c-dd7a-46f7-a723-fa66a425b87c",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1643 - Cryptographic Key Establishment And Management",
"parameters": {},
"groupNames": [
"NIS2_DP._Data_Protection_8"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/afbd0baf-ff1a-4447-a86f-088a97347c0c",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1645 - Cryptographic Key Establishment And Management - Symmetric Keys",
"parameters": {},
"groupNames": [
"NIS2_DP._Data_Protection_8"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/506814fa-b930-4b10-894e-a45b98c40e1a",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1646 - Cryptographic Key Establishment And Management - Asymmetric Keys",
"parameters": {},
"groupNames": [
"NIS2_DP._Data_Protection_8"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/791cfc15-6974-42a0-9f4c-2d4b82f4a78c",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1647 - Use of Cryptography",
"parameters": {},
"groupNames": [
"NIS2_DP._Data_Protection_8",
"NIS2_AM._Asset_Management_9"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/201d3740-bd16-4baf-b4b8-7cda352228b7",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1650 - Public Key Infrastructure Certificates",
"parameters": {},
"groupNames": [
"NIS2_DP._Data_Protection_8"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/90f01329-a100-43c2-af31-098996135d2b",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1657 - Secure Name - Address Resolution Service (Authoritative Source)",
"parameters": {},
"groupNames": [
"NIS2_DP._Data_Protection_8"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/60171210-6dde-40af-a144-bf2670518bfa",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1663 - Protection Of Information At Rest",
"parameters": {},
"groupNames": [
"NIS2_DP._Data_Protection_8"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a2cdf6b8-9505-4619-b579-309ba72037ac",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1664 - Protection Of Information At Rest - Cryptographic Protection",
"parameters": {},
"groupNames": [
"NIS2_DP._Data_Protection_8"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2234feec-08c6-4fc9-af78-df0dcc482efd",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1860 - Privacy Notice",
"parameters": {},
"groupNames": [
"NIS2_DP._Data_Protection_8"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12",
"definitionVersion": "2.*.*",
"policyDefinitionReferenceId": "Transparent Data Encryption on SQL databases should be enabled",
"parameters": {},
"groupNames": [
"NIS2_DP._Data_Protection_8"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign",
"parameters": {},
"groupNames": [
"NIS2_DP._Data_Protection_8"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e",
"definitionVersion": "4.*.*",
"policyDefinitionReferenceId": "Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities",
"parameters": {},
"groupNames": [
"NIS2_DP._Data_Protection_8"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6",
"definitionVersion": "4.*.*",
"policyDefinitionReferenceId": "Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity",
"parameters": {},
"groupNames": [
"NIS2_DP._Data_Protection_8"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d",
"definitionVersion": "4.*.*",
"policyDefinitionReferenceId": "App Service apps should only be accessible over HTTPS",
"parameters": {},
"groupNames": [
"NIS2_DP._Data_Protection_8"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661",
"definitionVersion": "2.*.*",
"policyDefinitionReferenceId": "Audit Windows machines that do not store passwords using reversible encryption",
"parameters": {
"IncludeArcMachines": {
"value": "[parameters('IncludeArcMachines-1')]"
}
},
"groupNames": [
"NIS2_DP._Data_Protection_8"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Automation account variables should be encrypted",
"parameters": {},
"groupNames": [
"NIS2_DP._Data_Protection_8"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs",
"parameters": {},
"groupNames": [
"NIS2_DP._Data_Protection_8"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab",
"definitionVersion": "5.*.*",
"policyDefinitionReferenceId": "Function apps should only be accessible over HTTPS",
"parameters": {},
"groupNames": [
"NIS2_DP._Data_Protection_8"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Only secure connections to your Azure Cache for Redis should be enabled",
"parameters": {},
"groupNames": [
"NIS2_DP._Data_Protection_8"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9",
"definitionVersion": "2.*.*",
"policyDefinitionReferenceId": "Secure transfer to storage accounts should be enabled",
"parameters": {},
"groupNames": [
"NIS2_DP._Data_Protection_8"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a76ca9b0-3f4a-4192-9a38-b25e4f8ae48c",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1027 - Access Enforcement",
"parameters": {},
"groupNames": [
"NIS2_AM._Asset_Management_9"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6b93a801-fe25-4574-a60d-cb22acffae00",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1031 - Separation Of Duties",
"parameters": {},
"groupNames": [
"NIS2_AM._Asset_Management_9"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/48540f01-fc11-411a-b160-42807c68896e",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1033 - Separation Of Duties",
"parameters": {},
"groupNames": [
"NIS2_AM._Asset_Management_9"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5c5e54f6-0127-44d0-8b61-f31dc8dd6190",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1067 - Wireless Access Restrictions",
"parameters": {},
"groupNames": [
"NIS2_AM._Asset_Management_9"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/27a69937-af92-4198-9b86-08d355c7e59a",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1074 - Access Control for Portable And Mobile Systems",
"parameters": {},
"groupNames": [
"NIS2_AM._Asset_Management_9"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/40a2a83b-74f2-4c02-ae65-f460a5d2792a",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1202 - Access Restrictions For Change",
"parameters": {},
"groupNames": [
"NIS2_AM._Asset_Management_9"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/28cfa30b-7f72-47ce-ba3b-eed26c8d2c82",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1224 - Information System Component Inventory - Updates During Installations - Removals",
"parameters": {},
"groupNames": [
"NIS2_AM._Asset_Management_9"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/03752212-103c-4ab8-a306-7e813022ca9d",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1229 - Information System Component Inventory - No Duplicate Accounting Of Components",
"parameters": {},
"groupNames": [
"NIS2_AM._Asset_Management_9"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c722e569-cb52-45f3-a643-836547d016e1",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1619 - Information In Shared Resources",
"parameters": {},
"groupNames": [
"NIS2_AM._Asset_Management_9"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/74520428-3aa8-449c-938d-93f51940759e",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1739 - Information System Inventory",
"parameters": {},
"groupNames": [
"NIS2_AM._Asset_Management_9"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0cfea604-3201-4e14-88fc-fae4c427a6c5",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Blocked accounts with owner permissions on Azure resources should be removed",
"parameters": {},
"groupNames": [
"NIS2_AM._Asset_Management_9"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8d7e1fde-fe26-4b5f-8108-f8e432cbc2be",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Blocked accounts with read and write permissions on Azure resources should be removed",
"parameters": {},
"groupNames": [
"NIS2_AM._Asset_Management_9"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f",
"definitionVersion": "2.*.*",
"policyDefinitionReferenceId": "Azure Machine Learning Computes should have local authentication methods disabled",
"parameters": {},
"groupNames": [
"NIS2_AM._Asset_Management_9"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Service Fabric clusters should only use Azure Active Directory for client authentication",
"parameters": {},
"groupNames": [
"NIS2_AM._Asset_Management_9"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3aa03346-d8c5-4994-a5bc-7652c2a2aef1",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "API Management subscriptions should not be scoped to all APIs",
"parameters": {},
"groupNames": [
"NIS2_AM._Asset_Management_9"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/fc47609f-4d9b-4aed-806b-446816cc63a3",
"definitionVersion": "1.*.*-preview",
"policyDefinitionReferenceId": "[Preview]: ChangeTracking extension should be installed on your Linux Arc machine",
"parameters": {
"listOfApplicableLocations": {
"value": "[parameters('listOfApplicableLocations-1')]"
}
},
"groupNames": [
"NIS2_AM._Asset_Management_9"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8893442c-e7cb-4637-bab8-299a5d4ed96a",
"definitionVersion": "2.*.*-preview",
"policyDefinitionReferenceId": "[Preview]: ChangeTracking extension should be installed on your Linux virtual machine",
"parameters": {
"listOfApplicableLocations": {
"value": "[parameters('listOfApplicableLocations-1')]"
}
},
"groupNames": [
"NIS2_AM._Asset_Management_9"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e71c1e29-9c76-4532-8c4b-cb0573b0014c",
"definitionVersion": "2.*.*-preview",
"policyDefinitionReferenceId": "[Preview]: ChangeTracking extension should be installed on your Linux virtual machine scale sets",
"parameters": {
"listOfApplicableLocations": {
"value": "[parameters('listOfApplicableLocations-1')]"
}
},
"groupNames": [
"NIS2_AM._Asset_Management_9"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a7f5e735-d212-4c32-9229-d12bffbc7e00",
"definitionVersion": "1.*.*-preview",
"policyDefinitionReferenceId": "[Preview]: ChangeTracking extension should be installed on your Windows Arc machine",
"parameters": {
"listOfApplicableLocations": {
"value": "[parameters('listOfApplicableLocations-1')]"
}
},
"groupNames": [
"NIS2_AM._Asset_Management_9"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/221aac80-54d8-484b-83d7-24f4feac2ce0",
"definitionVersion": "2.*.*-preview",
"policyDefinitionReferenceId": "[Preview]: ChangeTracking extension should be installed on your Windows virtual machine",
"parameters": {
"listOfApplicableLocations": {
"value": "[parameters('listOfApplicableLocations-1')]"
}
},
"groupNames": [
"NIS2_AM._Asset_Management_9"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4bb303db-d051-4099-95d2-e3e1428a4d00",
"definitionVersion": "2.*.*-preview",
"policyDefinitionReferenceId": "[Preview]: ChangeTracking extension should be installed on your Windows virtual machine scale sets",
"parameters": {
"listOfApplicableLocations": {
"value": "[parameters('listOfApplicableLocations-1')]"
}
},
"groupNames": [
"NIS2_AM._Asset_Management_9"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/78255758-6d45-4bf0-a005-7016bc03b13c",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1057 - Permitted Actions Without Identification Or Authentication",
"parameters": {},
"groupNames": [
"NIS2_IM._Identity_Management_10"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a29b5d9f-4953-4afe-b560-203a6410b6b4",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1059 - Remote Access",
"parameters": {},
"groupNames": [
"NIS2_IM._Identity_Management_10"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c30690a5-7bf3-467f-b0cd-ef5c7c7449cd",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1176 - Baseline Configuration",
"parameters": {},
"groupNames": [
"NIS2_IM._Identity_Management_10"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1dc784b5-4895-4d27-9d40-a06b032bd1ee",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1298 - Identification And Authentication Policy And Procedures",
"parameters": {},
"groupNames": [
"NIS2_IM._Identity_Management_10"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/99deec7d-5526-472e-b07c-3645a792026a",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1300 - User Identification And Authentication",
"parameters": {},
"groupNames": [
"NIS2_IM._Identity_Management_10"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b6a8e0cc-ac23-468b-abe4-a8a1cc6d7a08",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1301 - User Identification And Authentication - Network Access To Privileged Accounts",
"parameters": {},
"groupNames": [
"NIS2_IM._Identity_Management_10"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/09828c65-e323-422b-9774-9d5c646124da",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1302 - User Identification And Authentication - Network Access To Non-Privileged Accounts",
"parameters": {},
"groupNames": [
"NIS2_IM._Identity_Management_10"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/80ca0a27-918a-4604-af9e-723a27ee51e8",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1303 - User Identification And Authentication - Local Access To Privileged Accounts",
"parameters": {},
"groupNames": [
"NIS2_IM._Identity_Management_10"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6ca71be3-16cb-4d39-8b50-7f8fd5e2f11b",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1304 - User Identification And Authentication - Local Access To Non-Privileged Accounts",
"parameters": {},
"groupNames": [
"NIS2_IM._Identity_Management_10"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9d9166a8-1722-4b8f-847c-2cf3f2618b3d",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1305 - User Identification And Authentication - Group Authentication",
"parameters": {},
"groupNames": [
"NIS2_IM._Identity_Management_10"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/cafc6c3c-5fc5-4c5e-a99b-a0ccb1d34eff",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1306 - User Identification And Authentication - Network Access To Privileged Accounts - Replay...",
"parameters": {},
"groupNames": [
"NIS2_IM._Identity_Management_10"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/84e622c8-4bed-417c-84c6-b2fb0dd73682",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1307 - User Identification And Authentication - Network Access To Non-Privileged Accounts - Replay...",
"parameters": {},
"groupNames": [
"NIS2_IM._Identity_Management_10"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/81817e1c-5347-48dd-965a-40159d008229",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1308 - User Identification And Authentication - Remote Access - Separate Device",
"parameters": {},
"groupNames": [
"NIS2_IM._Identity_Management_10"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f355d62b-39a8-4ba3-abf7-90f71cb3b000",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1309 - User Identification And Authentication - Acceptance Of Piv Credentials",
"parameters": {},
"groupNames": [
"NIS2_IM._Identity_Management_10"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/450d7ede-823d-4931-a99d-57f6a38807dc",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1310 - Device Identification And Authentication",
"parameters": {},
"groupNames": [
"NIS2_IM._Identity_Management_10"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8877f519-c166-47b7-81b7-8a8eb4ff3775",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1317 - Authenticator Management",
"parameters": {},
"groupNames": [
"NIS2_IM._Identity_Management_10"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/fced5fda-3bdb-4d73-bfea-0e2c80428b66",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1318 - Authenticator Management",
"parameters": {},
"groupNames": [
"NIS2_IM._Identity_Management_10"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/66f7ae57-5560-4fc5-85c9-659f204e7a42",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1319 - Authenticator Management",
"parameters": {},
"groupNames": [
"NIS2_IM._Identity_Management_10"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/03188d8f-1ae5-4fe1-974d-2d7d32ef937d",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1327 - Authenticator Management - Password-Based Authentication",
"parameters": {},
"groupNames": [
"NIS2_IM._Identity_Management_10"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f5c66fdc-3d02-4034-9db5-ba57802609de",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1328 - Authenticator Management - Password-Based Authentication",
"parameters": {},
"groupNames": [
"NIS2_IM._Identity_Management_10"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/498f6234-3e20-4b6a-a880-cbd646d973bd",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1329 - Authenticator Management - Password-Based Authentication",
"parameters": {},
"groupNames": [
"NIS2_IM._Identity_Management_10"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f75cedb2-5def-4b31-973e-b69e8c7bd031",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1330 - Authenticator Management - Password-Based Authentication",
"parameters": {},
"groupNames": [
"NIS2_IM._Identity_Management_10"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/068260be-a5e6-4b0a-a430-cd27071c226a",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1332 - Authenticator Management - Password-Based Authentication",
"parameters": {},
"groupNames": [
"NIS2_IM._Identity_Management_10"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/382016f3-d4ba-4e15-9716-55077ec4dc2a",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1335 - Authenticator Management - Pki-Based Authentication",
"parameters": {},
"groupNames": [
"NIS2_IM._Identity_Management_10"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/463e5220-3f79-4e24-a63f-343e4096cd22",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1337 - Authenticator Management - In-Person Or Trusted Third-Party Registration",
"parameters": {},
"groupNames": [
"NIS2_IM._Identity_Management_10"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/367ae386-db7f-4167-b672-984ff86277c0",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1339 - Authenticator Management - Protection Of Authenticators",
"parameters": {},
"groupNames": [
"NIS2_IM._Identity_Management_10"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/34cb7e92-fe4c-4826-b51e-8cd203fa5d35",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1341 - Authenticator Management - Multiple Information System Accounts",
"parameters": {},
"groupNames": [
"NIS2_IM._Identity_Management_10"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/283a4e29-69d5-4c94-b99e-29acf003c899",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1342 - Authenticator Management - Hardware Token-Based Authentication",
"parameters": {},
"groupNames": [
"NIS2_IM._Identity_Management_10"
]
},
{
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f86aa129-7c07-4aa4-bbf5-792d93ffd9ea",
"definitionVersion": "1.*.*",
"policyDefinitionReferenceId": "Microsoft Managed Control 1345 - Cryptographic Module Authentication",
"parameters": {},
"groupNames": [
"NIS2_IM._Identity_Management_10"
]
}
],
"versions": [
"1.0.0-PREVIEW"
]
},
"id": "/providers/Microsoft.Authorization/policySetDefinitions/32ff9e30-4725-4ca7-ba3a-904a7721ee87",
"name": "32ff9e30-4725-4ca7-ba3a-904a7721ee87"
}