diff --git a/.travis.yml b/.travis.yml index b70b85af1ec..c5df7d87b5f 100644 --- a/.travis.yml +++ b/.travis.yml @@ -82,10 +82,10 @@ jobs: script: ./scripts/ci/test_ref_doc.sh env: PURPOSE='RefDocVerify' python: 3.6 - - stage: verify - env: PURPOSE='Load extension commands' - script: ./scripts/ci/test_extensions.sh - python: 3.6 + #- stage: verify + # env: PURPOSE='Load extension commands' + # script: ./scripts/ci/test_extensions.sh + # python: 3.6 - stage: publish script: ./scripts/ci/publish.sh python: 3.6 diff --git a/src/command_modules/azure-cli-resource/azure/cli/command_modules/resource/tests/latest/recordings/test_resource_policy_default.yaml b/src/command_modules/azure-cli-resource/azure/cli/command_modules/resource/tests/latest/recordings/test_resource_policy_default.yaml index b1de2938255..0f451eac2a1 100644 --- a/src/command_modules/azure-cli-resource/azure/cli/command_modules/resource/tests/latest/recordings/test_resource_policy_default.yaml +++ b/src/command_modules/azure-cli-resource/azure/cli/command_modules/resource/tests/latest/recordings/test_resource_policy_default.yaml @@ -1,7 +1,7 @@ interactions: - request: - body: '{"location": "westus", "tags": {"product": "azurecli", "cause": "automation", - "date": "2018-10-22T19:40:54Z"}}' + body: '{"location": "westus", "tags": {"date": "2018-11-27T04:14:39Z", "cause": + "automation", "product": "azurecli"}}' headers: Accept: [application/json] Accept-Encoding: ['gzip, deflate'] @@ -9,19 +9,20 @@ interactions: Connection: [keep-alive] Content-Length: ['110'] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 + ParameterSetName: [--location --name --tag] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 msrest_azure/0.4.34 resourcemanagementclient/2.0.0 Azure-SDK-For-Python - AZURECLI/2.0.48] + AZURECLI/2.0.52] accept-language: [en-US] method: PUT uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_policy000001?api-version=2018-05-01 response: - body: {string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001","name":"cli_test_policy000001","location":"westus","tags":{"product":"azurecli","cause":"automation","date":"2018-10-22T19:40:54Z"},"properties":{"provisioningState":"Succeeded"}}'} + body: {string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001","name":"cli_test_policy000001","location":"westus","tags":{"date":"2018-11-27T04:14:39Z","cause":"automation","product":"azurecli"},"properties":{"provisioningState":"Succeeded"}}'} headers: cache-control: [no-cache] content-length: ['384'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:40:56 GMT'] + date: ['Tue, 27 Nov 2018 04:14:42 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -29,13 +30,13 @@ interactions: x-ms-ratelimit-remaining-subscription-writes: ['1199'] status: {code: 201, message: Created} - request: - body: 'b''{"properties": {"mode": "Indexed", "displayName": "test_policy000003", - "description": "desc_for_test_policy_123", "policyRule": {"if": {"not": {"field": - "location", "in": "[parameters(\''allowedLocations\'')]"}}, "then": {"effect": - "deny"}}, "metadata": {"category": "test"}, "parameters": {"allowedLocations": - {"type": "array", "metadata": {"description": "The list of locations that can - be specified when deploying resources", "strongType": "location", "displayName": - "Allowed locations"}}}}}''' + body: 'b''{"properties": {"policyRule": {"if": {"not": {"field": "location", "in": + "[parameters(\''allowedLocations\'')]"}}, "then": {"effect": "deny"}}, "mode": + "Indexed", "description": "desc_for_test_policy_123", "metadata": {"category": + "test"}, "displayName": "test_policy000003", "parameters": {"allowedLocations": + {"type": "array", "metadata": {"displayName": "Allowed locations", "description": + "The list of locations that can be specified when deploying resources", "strongType": + "location"}}}}}''' headers: Accept: [application/json] Accept-Encoding: ['gzip, deflate'] @@ -43,25 +44,26 @@ interactions: Connection: [keep-alive] Content-Length: ['493'] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n --rules --params --display-name --description --mode --metadata] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: PUT uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002?api-version=2018-03-01 response: - body: {string: '{"properties":{"displayName":"test_policy000003","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","metadata":{"category":"test"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The - list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed - locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"}'} + body: {string: '{"properties":{"displayName":"test_policy000003","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","metadata":{"category":"test"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed + locations","description":"The list of locations that can be specified when + deploying resources","strongType":"location"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"}'} headers: cache-control: [no-cache] content-length: ['718'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:40:57 GMT'] + date: ['Tue, 27 Nov 2018 04:14:44 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] x-content-type-options: [nosniff] - x-ms-ratelimit-remaining-subscription-writes: ['1198'] + x-ms-ratelimit-remaining-subscription-writes: ['1199'] status: {code: 201, message: Created} - request: body: null @@ -71,20 +73,21 @@ interactions: CommandName: [policy definition update] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n --description --display-name --metadata] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002?api-version=2018-03-01 response: - body: {string: '{"properties":{"displayName":"test_policy000003","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","metadata":{"category":"test"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The - list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed - locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"}'} + body: {string: '{"properties":{"displayName":"test_policy000003","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","metadata":{"category":"test"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed + locations","description":"The list of locations that can be specified when + deploying resources","strongType":"location"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"}'} headers: cache-control: [no-cache] content-length: ['718'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:40:57 GMT'] + date: ['Tue, 27 Nov 2018 04:14:44 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -93,13 +96,12 @@ interactions: x-content-type-options: [nosniff] status: {code: 200, message: OK} - request: - body: 'b''{"properties": {"displayName": "test_policy000003_new", "description": - "desc_for_test_policy_123_new", "policyRule": {"if": {"not": {"field": "location", - "in": "[parameters(\''allowedLocations\'')]"}}, "then": {"effect": "deny"}}, - "metadata": {"category": "test2"}, "parameters": {"allowedLocations": {"type": - "Array", "metadata": {"description": "The list of locations that can be specified - when deploying resources", "strongType": "location", "displayName": "Allowed - locations"}}}}}''' + body: 'b''{"properties": {"policyRule": {"if": {"not": {"field": "location", "in": + "[parameters(\''allowedLocations\'')]"}}, "then": {"effect": "deny"}}, "displayName": + "test_policy000003_new", "description": "desc_for_test_policy_123_new", "metadata": + {"category": "test2"}, "parameters": {"allowedLocations": {"type": "Array", + "metadata": {"displayName": "Allowed locations", "description": "The list of + locations that can be specified when deploying resources", "strongType": "location"}}}}}''' headers: Accept: [application/json] Accept-Encoding: ['gzip, deflate'] @@ -107,20 +109,21 @@ interactions: Connection: [keep-alive] Content-Length: ['483'] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n --description --display-name --metadata] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: PUT uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002?api-version=2018-03-01 response: - body: {string: '{"properties":{"displayName":"test_policy000003_new","policyType":"Custom","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The - list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed - locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"}'} + body: {string: '{"properties":{"displayName":"test_policy000003_new","policyType":"Custom","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed + locations","description":"The list of locations that can be specified when + deploying resources","strongType":"location"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"}'} headers: cache-control: [no-cache] content-length: ['710'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:40:58 GMT'] + date: ['Tue, 27 Nov 2018 04:14:45 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -135,8 +138,8 @@ interactions: CommandName: [policy definition list] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions?api-version=2018-03-01 @@ -148,7 +151,9 @@ interactions: Analytics workspace","description":"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant ''Log Analytics Contributor'' permissions (or similar) to the - policy assignment''s principal ID.","strongType":"omsWorkspace"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","sles-byos"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"OmsAgentForLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"OmsAgentForLinux","vmExtensionTypeHandlerVersion":"1.7"},"resources":[{"name":"[concat(parameters(''vmName''), + policy assignment''s principal ID.","strongType":"omsWorkspace"}},"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"OmsAgentForLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"OmsAgentForLinux","vmExtensionTypeHandlerVersion":"1.7"},"resources":[{"name":"[concat(parameters(''vmName''), ''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''), ''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''), ''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled @@ -162,7 +167,7 @@ interactions: days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","type":"Microsoft.Authorization/policyDefinitions","name":"057ef27e-665e-4328-8ea3-04b3122bd9fb"},{"properties":{"displayName":"Audit SQL DB Level Audit Setting","policyType":"BuiltIn","mode":"All","description":"Audit DB level audit setting for SQL databases","metadata":{"category":"SQL","deprecated":true},"parameters":{"setting":{"type":"String","metadata":{"displayName":"Audit - Setting"},"allowedValues":["enabled","disabled"]}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers/databases"},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Sql/servers/databases/auditingSettings","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/auditingSettings.state","equals":"[parameters(''setting'')]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"Audit + Setting"},"allowedValues":["enabled","disabled"]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Sql/servers/databases/auditingSettings","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/auditingSettings.state","equals":"[parameters(''setting'')]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"Audit VMs that do not use managed disks","policyType":"BuiltIn","mode":"All","description":"This policy audits VMs that do not use managed disks","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/virtualMachines/osDisk.uri","exists":"True"}]},{"allOf":[{"field":"type","equals":"Microsoft.Compute/VirtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers","exists":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl","exists":"True"}]}]}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a4d"},{"properties":{"displayName":"[Preview]: Deploy Log Analytics Agent for Windows VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy @@ -171,7 +176,9 @@ interactions: Analytics workspace","description":"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant ''Log Analytics Contributor'' permissions (or similar) to the - policy assignment''s principal ID.","strongType":"omsWorkspace"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"MicrosoftMonitoringAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"MicrosoftMonitoringAgent","vmExtensionTypeHandlerVersion":"1.0"},"resources":[{"name":"[concat(parameters(''vmName''), + policy assignment''s principal ID.","strongType":"omsWorkspace"}},"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + values: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"MicrosoftMonitoringAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"MicrosoftMonitoringAgent","vmExtensionTypeHandlerVersion":"1.0"},"resources":[{"name":"[concat(parameters(''vmName''), ''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''), ''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''), ''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled @@ -188,21 +195,36 @@ interactions: that the resource location matches its resource group location","metadata":{"category":"General"},"policyRule":{"if":{"field":"location","notIn":["[resourcegroup().location]","global"]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a","type":"Microsoft.Authorization/policyDefinitions","name":"0a914e76-4921-4c19-b460-a2d36003525a"},{"properties":{"displayName":"[Preview]: Audit Dependency Agent Deployment - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the - agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","sles-byos"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.2-LTS","14.04.3-LTS","14.04.4-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","type":"Microsoft.Authorization/policyDefinitions","name":"11ac78e3-31bc-4f0c-8434-37ab963cea07"},{"properties":{"displayName":"[Preview]: + agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude_windows":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","type":"Microsoft.Authorization/policyDefinitions","name":"11ac78e3-31bc-4f0c-8434-37ab963cea07"},{"properties":{"displayName":"[Preview]: + Deploy VM extension to audit application inside Windows VMs must be present","policyType":"BuiltIn","mode":"Indexed","description":"Include + this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft + Azure Managed Service Identity, and required content to audit applications + inside Windows VMs must be present.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"installedApplication":{"type":"String","metadata":{"displayName":"Application + name (supports wildcard)","description":"Application name. Example: ''Microsoft + SQL Server 2014 (64-bit)'' or ''Microsoft SQL Server 2014*'' to match any + application starting with ''Microsoft SQL Server 2014''."}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"WhitelistedApplication","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"WhitelistedApplication"},"installedApplication":{"value":"[parameters(''installedApplication'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"installedApplication":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]bwhitelistedapp;Name","value":"[Parameters(''installedApplication'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), + ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6","type":"Microsoft.Authorization/policyDefinitions","name":"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6"},{"properties":{"displayName":"[Preview]: Deploy VM extension to audit Windows VM minimum password age 1 day","policyType":"BuiltIn","mode":"Indexed","description":"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password must be used before the user can change it.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"MinimumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"MinimumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"MinimumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"MinimumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","type":"Microsoft.Authorization/policyDefinitions","name":"16390df4-2f73-4b42-af13-c801066763df"},{"properties":{"displayName":"Audit transparent data encryption status","policyType":"BuiltIn","mode":"Indexed","description":"Audit transparent data encryption status for SQL databases","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers/databases"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"enabled"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"17k78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"[Preview]: + or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"enabled"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"17k78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"[Preview]: Deploy Dependency Agent for Windows VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined - and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentWindows"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentWindows","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''), + and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentWindows"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentWindows","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''), ''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04","type":"Microsoft.Authorization/policyDefinitions","name":"1c210e94-a481-4beb-95fa-1571b434fb04"},{"properties":{"displayName":"Audit use of classic virtual machines","policyType":"BuiltIn","mode":"All","description":"Use @@ -239,7 +261,7 @@ interactions: Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the least number of characters that a password for a user account may contain.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"MinimumPasswordLength","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"MinimumPasswordLength"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"MinimumPasswordLength","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"MinimumPasswordLength"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","type":"Microsoft.Authorization/policyDefinitions","name":"23020aa6-1135-4be2-bae2-149982b06eca"},{"properties":{"displayName":"[Preview]: Audit Windows VM maximum password age 70 days","policyType":"BuiltIn","mode":"Indexed","description":"This @@ -280,13 +302,17 @@ interactions: is disabled.","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","type":"Microsoft.Authorization/policyDefinitions","name":"2d67222d-05fd-4526-a171-2ee132ad9e83"},{"properties":{"displayName":"[Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the - agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","sles-byos"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","type":"Microsoft.Authorization/policyDefinitions","name":"32133ab0-ee4b-4b44-98d6-042180979d50"},{"properties":{"displayName":"[Preview]: + agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude_windows":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","type":"Microsoft.Authorization/policyDefinitions","name":"32133ab0-ee4b-4b44-98d6-042180979d50"},{"properties":{"displayName":"[Preview]: Deploy VM extension to audit Linux VM accounts with no passwords","policyType":"BuiltIn","mode":"Indexed","description":"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies there are no accounts without passwords.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordPolicy_msid232","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordPolicy_msid232"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordPolicy_msid232","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordPolicy_msid232"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","type":"Microsoft.Authorization/policyDefinitions","name":"3470477a-b35a-49db-aca5-1073d04524fe"},{"properties":{"displayName":"Audit unrestricted network access to storage accounts","policyType":"BuiltIn","mode":"Indexed","description":"Audit @@ -308,7 +334,7 @@ interactions: Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password can be used before the system requires the user to change - it.","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"MaximumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"MaximumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + it.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"MaximumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"MaximumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","type":"Microsoft.Authorization/policyDefinitions","name":"356a906e-05e5-4625-8729-90771e0ee934"},{"properties":{"displayName":"Audit enablement of encryption of Automation account variables","policyType":"BuiltIn","mode":"All","description":"It @@ -324,7 +350,31 @@ interactions: Resource Manager based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.classicStorage/storageAccounts"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","type":"Microsoft.Authorization/policyDefinitions","name":"37e0d2fe-28a5-43d6-a273-67d37d1f5606"},{"properties":{"displayName":"Deploy + or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.classicStorage/storageAccounts"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","type":"Microsoft.Authorization/policyDefinitions","name":"37e0d2fe-28a5-43d6-a273-67d37d1f5606"},{"properties":{"displayName":"[Preview]: + Deploy Dependency Agent for Windows VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy + Dependency Agent for Windows VM Scale Sets if the VM Image (OS) is in the + list defined and the agent is not installed. Note: if your scale set upgradePolicy + is set to Manual, you need to apply the extension to the all VMs in the set + by calling upgrade on them. In CLI this would be az vmss update-instances.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"DependencyAgentWindows"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentWindows","vmExtensionTypeHandlerVersion":"9.7"},"resources":[{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","name":"[concat(parameters(''vmName''), + ''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled + extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9","type":"Microsoft.Authorization/policyDefinitions","name":"3be22e3b-d919-47aa-805e-8985dbeb0ad9"},{"properties":{"displayName":"[Preview]: + Deploy Log Analytics Agent for Windows VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy + Log Analytics Agent for Windows VM Scale Sets if the VM Image (OS) is in the + list defined and the agent is not installed. Note: if your scale set upgradePolicy + is set to Manual, you need to apply the extension to the all VMs in the set + by calling upgrade on them. In CLI this would be az vmss update-instances.","metadata":{"category":"Monitoring"},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log + Analytics workspace","description":"Select Log Analytics workspace from dropdown + list. If this workspace is outside of the scope of the assignment you must + manually grant ''Log Analytics Contributor'' permissions (or similar) to the + policy assignment''s principal ID.","strongType":"omsWorkspace"}},"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293","/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"MicrosoftMonitoringAgent"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"MicrosoftMonitoringAgent","vmExtensionTypeHandlerVersion":"1.0"},"resources":[{"name":"[concat(parameters(''vmName''), + ''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachineScaleSets/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''), + ''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''), + ''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled + extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038","type":"Microsoft.Authorization/policyDefinitions","name":"3c1b3629-c8f8-4bf6-862c-037cb9094038"},{"properties":{"displayName":"Deploy default Log Analytics Agent for Ubuntu VMs","policyType":"BuiltIn","mode":"Indexed","description":"This policy deploys the Log Analytics Agent on Ubuntu VMs, and connects to the selected Log Analytics workspace","metadata":{"category":"Compute","deprecated":true},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log @@ -372,7 +422,9 @@ interactions: parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71","type":"Microsoft.Authorization/policyDefinitions","name":"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71"},{"properties":{"displayName":"[Preview]: Deploy Dependency Agent for Linux VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined - and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.2-LTS","14.04.3-LTS","14.04.4-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","sles-byos"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentLinux","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''), + and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentLinux","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''), ''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee","type":"Microsoft.Authorization/policyDefinitions","name":"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee"},{"properties":{"displayName":"[Preview]: Audit maximum number of owners for a subscription","policyType":"BuiltIn","mode":"All","description":"It @@ -386,13 +438,39 @@ interactions: Audit Windows VM passwords must be at least 14 characters","policyType":"BuiltIn","mode":"Indexed","description":"This security setting determines the least number of characters that a password for a user account may contain.","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","type":"Microsoft.Authorization/policyDefinitions","name":"5aebc8d1-020d-4037-89a0-02043a7524ec"},{"properties":{"displayName":"[Preview]: + Audit Log Analytics Agent Deployment in VMSS - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports + VMSS as non-compliant if the VM Image (OS) is not in the list defined and + the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude_windows":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","type":"Microsoft.Authorization/policyDefinitions","name":"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138"},{"properties":{"displayName":"[Preview]: Audit external accounts with write permissions on a subscription","policyType":"BuiltIn","mode":"All","description":"External accounts with write privileges should be removed from your subscription in order to prevent unmonitored access.","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","type":"Microsoft.Authorization/policyDefinitions","name":"5c607a2e-c700-4744-8254-d77e7c9eb5e4"},{"properties":{"displayName":"Allow + or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","type":"Microsoft.Authorization/policyDefinitions","name":"5c607a2e-c700-4744-8254-d77e7c9eb5e4"},{"properties":{"displayName":"[Preview]: + Audit application inside Windows VMs must be present","policyType":"BuiltIn","mode":"Indexed","description":"This + policy will audit instances of applications running inside Windows virtual + machines, to verify that the application exists.","metadata":{"category":"Guest + Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WhitelistedApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9","type":"Microsoft.Authorization/policyDefinitions","name":"5e393799-e3ca-4e43-a9a5-0ec4648a57d9"},{"properties":{"displayName":"Allow resource creation only in India data centers","policyType":"BuiltIn","description":"Allows resource creation in the following locations only: West India, South India, Central India","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["westindia","southindia","centralindia"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54","type":"Microsoft.Authorization/policyDefinitions","name":"5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54"},{"properties":{"displayName":"[Preview]: + Deploy Log Analytics Agent for Linux VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy + Log Analytics Agent for Linux VM Scale Sets if the VM Image (OS) is in the + list defined and the agent is not installed. Note: if your scale set upgradePolicy + is set to Manual, you need to apply the extension to the all VMs in the set + by calling upgrade on them. In CLI this would be az vmss update-instances.","metadata":{"category":"Monitoring"},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log + Analytics workspace","description":"Select Log Analytics workspace from dropdown + list. If this workspace is outside of the scope of the assignment you must + manually grant ''Log Analytics Contributor'' permissions (or similar) to the + policy assignment''s principal ID.","strongType":"omsWorkspace"}},"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293","/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"OmsAgentForLinux"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"OmsAgentForLinux","vmExtensionTypeHandlerVersion":"1.7"},"resources":[{"name":"[concat(parameters(''vmName''), + ''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachineScaleSets/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''), + ''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''), + ''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled + extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069","type":"Microsoft.Authorization/policyDefinitions","name":"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069"},{"properties":{"displayName":"[Preview]: Audit external accounts with read permissions on a subscription","policyType":"BuiltIn","mode":"All","description":"External accounts with read privileges should be removed from your subscription in order to prevent unmonitored access.","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable @@ -430,7 +508,7 @@ interactions: Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the number of unique new passwords that have to be associated with a user account before an old - password can be reused.","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"EnforcePasswordHistory","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"EnforcePasswordHistory"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + password can be reused.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"EnforcePasswordHistory","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"EnforcePasswordHistory"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","type":"Microsoft.Authorization/policyDefinitions","name":"726671ac-c4de-4908-8c7d-6043ae62e3b6"},{"properties":{"displayName":"Allowed storage account SKUs","policyType":"BuiltIn","description":"This policy enables @@ -446,7 +524,16 @@ interactions: vulnerabilities detected by Vulnerability Assessment solution and VMs without a Vulnerability Assessment solution in Azure Security Center as recommendations.","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"vulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","type":"Microsoft.Authorization/policyDefinitions","name":"760a85ff-6162-42b3-8d70-698e268f648c"},{"properties":{"displayName":"Audit + or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"vulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","type":"Microsoft.Authorization/policyDefinitions","name":"760a85ff-6162-42b3-8d70-698e268f648c"},{"properties":{"displayName":"[Preview]: + Deploy Dependency Agent for Linux VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy + Dependency Agent for Linux VM Scale Sets if the VM Image (OS) is in the list + defined and the agent is not installed. Note: if your scale set upgradePolicy + is set to Manual, you need to apply the extension to the all VMs in the set + by calling upgrade on them. In CLI this would be az vmss update-instances.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentLinux","vmExtensionTypeHandlerVersion":"9.7"},"resources":[{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","name":"[concat(parameters(''vmName''), + ''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled + extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0","type":"Microsoft.Authorization/policyDefinitions","name":"765266ab-e40e-4c61-bcb2-5a5275d0b7c0"},{"properties":{"displayName":"Audit enabling of diagnostics logs in Service Fabric and Virtual Machine Scale Sets","policyType":"BuiltIn","mode":"Indexed","description":"It is recommended to enable Logs so that activity trail can be recreated when investigations are required in the event of an incident or a compromise.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable @@ -459,7 +546,7 @@ interactions: Azure Managed Service Identity, and required content to check settings inside the virtual machine. If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordMustMeetComplexityRequirements","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordMustMeetComplexityRequirements"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordMustMeetComplexityRequirements","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordMustMeetComplexityRequirements"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","type":"Microsoft.Authorization/policyDefinitions","name":"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8"},{"properties":{"displayName":"Audit diagnostic setting","policyType":"BuiltIn","mode":"All","description":"Audit @@ -473,7 +560,7 @@ interactions: retention (days)","description":"The required diagnostic logs retention in days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","type":"Microsoft.Authorization/policyDefinitions","name":"83a214f7-d01a-484b-91a9-ed54470c9a6a"},{"properties":{"displayName":"Deploy SQL DB transparent data encryption","policyType":"BuiltIn","mode":"Indexed","description":"Enables - transparent data encryption on SQL databases","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers/databases"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"fullDbName":{"type":"string"}},"resources":[{"name":"[concat(parameters(''fullDbName''), + transparent data encryption on SQL databases","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"fullDbName":{"type":"string"}},"resources":[{"name":"[concat(parameters(''fullDbName''), ''/current'')]","type":"Microsoft.Sql/servers/databases/transparentDataEncryption","apiVersion":"2014-04-01","properties":{"status":"Enabled"}}]},"parameters":{"fullDbName":{"value":"[field(''fullName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f","type":"Microsoft.Authorization/policyDefinitions","name":"86a912f6-9a06-4e26-b447-11b16ba8659f"},{"properties":{"displayName":"[Preview]: Monitor missing system updates in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Missing security system updates on your servers will be monitored by Azure Security @@ -490,7 +577,7 @@ interactions: Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines whether the operating system stores passwords using reversible encryption.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"StorePasswordsUsingReversibleEncryption","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"StorePasswordsUsingReversibleEncryption"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"StorePasswordsUsingReversibleEncryption","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"StorePasswordsUsingReversibleEncryption"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","type":"Microsoft.Authorization/policyDefinitions","name":"8ff0b18b-262e-4512-857a-48ad0aeb9a78"},{"properties":{"displayName":"[Preview]: Audit accounts with write permissions who are not MFA enabled on a subscription","policyType":"BuiltIn","mode":"All","description":"Multi-Factor @@ -582,7 +669,7 @@ interactions: Azure Managed Service Identity, and required content to audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"AuditSecureProtocol","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AuditSecureProtocol"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"AuditSecureProtocol","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AuditSecureProtocol"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","type":"Microsoft.Authorization/policyDefinitions","name":"b2fc8f91-866d-4434-9089-5ebfe38d6fd8"},{"properties":{"displayName":"Audit enabling of diagnostic logs for Search service","policyType":"BuiltIn","mode":"Indexed","description":"Audit @@ -641,6 +728,13 @@ interactions: which do not satisfy the configured baseline will be monitored by Azure Security Center as recommendations","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines","Microsoft.OperationalInsights/workspaces"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"osVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","type":"Microsoft.Authorization/policyDefinitions","name":"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15"},{"properties":{"displayName":"[Preview]: + Audit Dependency Agent Deployment in VMSS - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports + VMSS as non-compliant if the VM Image (OS) is not in the list defined and + the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude_windows":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10","type":"Microsoft.Authorization/policyDefinitions","name":"e2dd799a-a932-4e9d-ac17-d473bc3c6c10"},{"properties":{"displayName":"[Preview]: Audit accounts with read permissions who are not MFA enabled on a subscription","policyType":"BuiltIn","mode":"All","description":"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with read privileges to prevent a breach of accounts or resources.","metadata":{"category":"Security @@ -669,7 +763,7 @@ interactions: Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies remote connections from accounts - with empty passwords is disabled.","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordPolicy_msid110","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordPolicy_msid110"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + with empty passwords is disabled.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordPolicy_msid110","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordPolicy_msid110"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","type":"Microsoft.Authorization/policyDefinitions","name":"ec49586f-4939-402d-a29e-6ff502b20592"},{"properties":{"displayName":"[Preview]: Deploy VM extension to audit Linux VM passwd file permissions","policyType":"BuiltIn","mode":"Indexed","description":"Include @@ -678,7 +772,7 @@ interactions: the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordPolicy_msid121","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordPolicy_msid121"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordPolicy_msid121","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordPolicy_msid121"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","type":"Microsoft.Authorization/policyDefinitions","name":"f19aa1c1-6b91-4c27-ae6a-970279f03db9"},{"properties":{"displayName":"[Preview]: Audit Log Analytics Workspace for VM - Report Mismatch","policyType":"BuiltIn","mode":"Indexed","description":"Reports @@ -732,407 +826,72 @@ interactions: Monitor SQL vulnerability assessment results in Azure Security Center","policyType":"BuiltIn","mode":"Indexed","description":"Monitor Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Sql/servers/databases","Microsoft.Sql/managedinstances/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"sqlVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","type":"Microsoft.Authorization/policyDefinitions","name":"feedbf84-6b99-488c-acc2-71c829aa5ffc"},{"properties":{"displayName":"storage_httpsTrafficOnly","policyType":"Custom","mode":"All","metadata":{"category":"Demo"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly","equals":"True"}}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/023217dd-81bb-461f-93ea-8799caac50c7","type":"Microsoft.Authorization/policyDefinitions","name":"023217dd-81bb-461f-93ea-8799caac50c7"},{"properties":{"displayName":"test_allowedlocation","policyType":"Custom","mode":"All","metadata":{},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources.","strongType":"location"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/05bf225f-806e-496d-802c-9d6bc548b0bc","type":"Microsoft.Authorization/policyDefinitions","name":"05bf225f-806e-496d-802c-9d6bc548b0bc"},{"properties":{"displayName":"akif - incident - 85944710","policyType":"Custom","mode":"All","description":"reproing - incident 85944710\nhttps://icm.ad.msft.net/imp/v3/incidents/details/85944710/home\n","metadata":{"category":"akhe"},"parameters":{"listOfAllowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources.","strongType":"location"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"anyOf":[{"field":"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName","notIn":"[parameters(''listOfAllowedLocations'')]"},{"field":"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName","notIn":"[parameters(''listOfAllowedLocations'')]"},{"field":"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName","notIn":"[parameters(''listOfAllowedLocations'')]"}]}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/0e0d567a-6089-46fc-b12c-ca5af12870bd","type":"Microsoft.Authorization/policyDefinitions","name":"0e0d567a-6089-46fc-b12c-ca5af12870bd"},{"properties":{"displayName":"akhe-incident-86226837-v2","policyType":"Custom","mode":"All","description":"second - attempt to repro this incident. ","metadata":{"category":"akhe"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Sql/servers/firewallRules","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/servers/firewallRules/startIpAddress","equals":"0.0.0.0"},{"field":"Microsoft.Sql/servers/firewallRules/endIpAddress","equals":"0.0.0.0"}]}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/0e0d567a-6089-46fc-b12c-ca5af1287abe","type":"Microsoft.Authorization/policyDefinitions","name":"0e0d567a-6089-46fc-b12c-ca5af1287abe"},{"properties":{"displayName":"testSandipsh - metric alert policy","policyType":"Custom","mode":"All","description":"test","metadata":{"category":"testSandipsh"},"parameters":{"resourceType":{"type":"String","metadata":{"displayName":"Resource - Type","description":"The target resource type."}},"alertNamePrefix":{"type":"String","metadata":{"displayName":"Alert - name prefix","description":"A prefix to be used for the metrics alert."}},"alertDescription":{"type":"String","metadata":{"displayName":"Alert - description.","description":"The description of alert."}},"alertSeverity":{"type":"String","metadata":{"displayName":"alertSeverity","description":"Severity - of alert {0,1,2,3,4}"},"allowedValues":["0","1","2","3","4"]},"isEnabled":{"type":"String","metadata":{"displayName":"isEnabled","description":"Specifies - whether the alert is enabled."},"allowedValues":["true","false"]},"metricName":{"type":"String","metadata":{"displayName":"Metric - name","description":"The metric name."}},"operator":{"type":"String","metadata":{"displayName":"Operator","description":"The - operator comparing the current value with the threshold value."}},"threshold":{"type":"String","metadata":{"displayName":"Threshold","description":"The - threshold value at which the alert is activated."}},"timeAggregation":{"type":"String","metadata":{"displayName":"TimeAggregation","description":"How - the data that is collected should be combined over time."}},"windowSize":{"type":"String","metadata":{"displayName":"Window - size","description":"Period of time used to monitor alert activity based on - the threshold. Must be between five minutes and one day. ISO 8601 duration - format."}},"evaluationFrequency":{"type":"String","metadata":{"displayName":"Evaluation - Frequency","description":"How often the metric alert is evaluated represented - in ISO 8601 duration format"}},"actionGroupId":{"type":"String","metadata":{"displayName":"ActionGroupId","description":"The - ID of the action group that is triggered when the alert is activated or deactivated"}}},"policyRule":{"if":{"field":"type","equals":"[parameters(''resourceType'')]"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Insights/metricAlerts","existenceCondition":{"field":"name","equals":"[concat(parameters(''alertNamePrefix''), - ''-'', resourcegroup().name, ''-'', field(''name''))]"},"existenceScope":"subscription","deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"alertNamePrefix":{"type":"string","minLength":1,"metadata":{"description":"A - prefix to be used for the metrics alert."}},"alertDescription":{"type":"string","defaultValue":"This - is a metric alert","metadata":{"description":"Description of alert"}},"alertSeverity":{"type":"string","defaultValue":"3","allowedValues":["0","1","2","3","4"],"metadata":{"description":"Severity - of alert {0,1,2,3,4}"}},"isEnabled":{"type":"string","defaultValue":"true","metadata":{"description":"Specifies - whether the alert is enabled"}},"metricName":{"type":"string","minLength":1,"metadata":{"description":"Name - of the metric used in the comparison to activate the alert."}},"operator":{"type":"string","defaultValue":"GreaterThan","allowedValues":["Equals","NotEquals","GreaterThan","GreaterThanOrEqual","LessThan","LessThanOrEqual"],"metadata":{"description":"Operator - comparing the current value with the threshold value."}},"threshold":{"type":"string","defaultValue":"0","metadata":{"description":"The - threshold value at which the alert is activated."}},"timeAggregation":{"type":"string","defaultValue":"Average","allowedValues":["Average","Minimum","Maximum","Total"],"metadata":{"description":"How - the data that is collected should be combined over time."}},"windowSize":{"type":"string","defaultValue":"PT5M","metadata":{"description":"Period - of time used to monitor alert activity based on the threshold. Must be between - five minutes and one day. ISO 8601 duration format."}},"evaluationFrequency":{"type":"string","defaultValue":"PT1M","metadata":{"description":"how - often the metric alert is evaluated represented in ISO 8601 duration format"}},"actionGroupId":{"type":"string","defaultValue":"","metadata":{"description":"The - ID of the action group that is triggered when the alert is activated or deactivated"}},"resourceType":{"type":"string","metadata":{"description":"The - resource type of target resource."}},"targetResourceName":{"type":"string","metadata":{"description":"The - target resource name."}}},"variables":{"targetResourceType":"[parameters(''resourceType'')]","resourceIdentifier":"[resourceId(variables(''targetResourceType''), - parameters(''targetResourceName''))]","alertName":"[concat(parameters(''alertNamePrefix''), - ''-'', resourcegroup().name, ''-'', parameters(''targetResourceName''))]"},"resources":[{"name":"[variables(''alertName'')]","type":"Microsoft.Insights/metricAlerts","location":"global","apiVersion":"2018-03-01","tags":{},"properties":{"description":"[parameters(''alertDescription'')]","severity":"[parameters(''alertSeverity'')]","enabled":"[parameters(''isEnabled'')]","scopes":["[variables(''resourceIdentifier'')]"],"evaluationFrequency":"[parameters(''evaluationFrequency'')]","windowSize":"[parameters(''windowSize'')]","criteria":{"odata.type":"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria","allOf":[{"name":"1st - criterion","metricName":"[parameters(''metricName'')]","dimensions":[],"operator":"[parameters(''operator'')]","threshold":"[parameters(''threshold'')]","timeAggregation":"[parameters(''timeAggregation'')]"}]},"actions":[{"actionGroupId":"[parameters(''actionGroupId'')]"}]}}]},"parameters":{"alertNamePrefix":{"value":"[parameters(''alertNamePrefix'')]"},"alertDescription":{"value":"[parameters(''alertDescription'')]"},"alertSeverity":{"value":"[parameters(''alertSeverity'')]"},"isEnabled":{"value":"[parameters(''isEnabled'')]"},"metricName":{"value":"[parameters(''metricName'')]"},"operator":{"value":"[parameters(''operator'')]"},"threshold":{"value":"[parameters(''threshold'')]"},"timeAggregation":{"value":"[parameters(''timeAggregation'')]"},"windowSize":{"value":"[parameters(''windowSize'')]"},"evaluationFrequency":{"value":"[parameters(''evaluationFrequency'')]"},"actionGroupId":{"value":"[parameters(''actionGroupId'')]"},"resourceType":{"value":"[parameters(''resourceType'')]"},"targetResourceName":{"value":"[field(''name'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/123c6354-fc96-4f54-984e-8d49d06a80a3","type":"Microsoft.Authorization/policyDefinitions","name":"123c6354-fc96-4f54-984e-8d49d06a80a3"},{"properties":{"displayName":"jilim-incident-86226837-fix","policyType":"Custom","mode":"all","description":"1 - - reproing the incident: https://icm.ad.msft.net/imp/v3/incidents/details/86226837/home","metadata":{"category":"akhe"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/firewallRules"},{"field":"Microsoft.Sql/servers/firewallRules/startIpAddress","equals":"0.0.0.0"},{"field":"Microsoft.Sql/servers/firewallRules/endIpAddress","equals":"0.0.0.0"}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/15358dd8-671e-4c96-be33-2b668791418f","type":"Microsoft.Authorization/policyDefinitions","name":"15358dd8-671e-4c96-be33-2b668791418f"},{"properties":{"displayName":"Attempt - service bus","policyType":"Custom","mode":"All","metadata":{"category":"camarvin"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Insights/logProfiles"},{"anyOf":[{"field":"Microsoft.Insights/logProfiles/serviceBusRuleId","exists":"false"}]}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/163c640e-681c-445f-92ba-cd434bd8c11c","type":"Microsoft.Authorization/policyDefinitions","name":"163c640e-681c-445f-92ba-cd434bd8c11c"},{"properties":{"displayName":"jilim - exists2","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"not":{"field":"tags.zyx","exists":"false"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/17d43473-870f-4bc8-93c6-3961fa1d91cc","type":"Microsoft.Authorization/policyDefinitions","name":"17d43473-870f-4bc8-93c6-3961fa1d91cc"},{"properties":{"displayName":"inherit - all tags","policyType":"Custom","mode":"All","metadata":{"category":"tags"},"parameters":{},"policyRule":{"if":{"field":"tags","exists":"false"},"then":{"effect":"append","details":[{"field":"tags","value":"[resourceGroup().tags]"}]}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/1e3c9312-c011-40a3-ac40-3bf3ddc24120","type":"Microsoft.Authorization/policyDefinitions","name":"1e3c9312-c011-40a3-ac40-3bf3ddc24120"},{"properties":{"displayName":"Allowed - resource group locations","policyType":"Custom","mode":"All","description":"Allowed - resource group locations","parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources.","strongType":"location"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/1f20036f-28c3-48f3-9266-05d50fe391f4","type":"Microsoft.Authorization/policyDefinitions","name":"1f20036f-28c3-48f3-9266-05d50fe391f4"},{"properties":{"displayName":"docdb_aliases_test","policyType":"Custom","mode":"All","metadata":{},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"field":"Microsoft.DocumentDB/databaseAccounts/isVirtualNetworkFilterEnabled","equals":"false"}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/1f5360b7-fe59-43f7-8af5-825df420d09c","type":"Microsoft.Authorization/policyDefinitions","name":"1f5360b7-fe59-43f7-8af5-825df420d09c"},{"properties":{"displayName":"Deploy - security rule with restricted source IPs","policyType":"Custom","mode":"All","description":"Ovewrites - security rules with IP restrictions at the securityRule level","metadata":{"category":"Port - Lockdown"},"parameters":{"destinationPortRanges":{"type":"Array","metadata":{"displayName":"Destination - port ranges","description":"Destination port ranges requiring IP restrictions. - Limit to one protocol. The most inclusive should come last. I.e. 22;22-22;22-23"}},"sourceAddressPrefixes":{"type":"Array","metadata":{"displayName":"IP - restriction prefixes","description":"The IP ranges incoming traffic will be - restricted to. I.e. 192.4.0.0/8;192.5.0.0/8"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkSecurityGroups/securityRules"},{"allOf":[{"anyOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange","in":"[parameters(''destinationPortRanges'')]"},{"not":{"field":"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]","notIn":"[parameters(''destinationPortRanges'')]"}}]},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/access","equals":"Allow"},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/direction","equals":"Inbound"},{"anyOf":[{"allOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]","exists":"true"},{"not":{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]","notLike":"*"}},{"not":{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]","notIn":["*","Internet"]}},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]","notEquals":"VirtualNetwork"}]},{"allOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix","exists":"true"},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix","notEquals":""},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix","in":["*","Internet"]},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix","notEquals":"VirtualNetwork"}]},{"allOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]","equals":""},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix","equals":""}]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Authorization/policyAssignments","name":"DoesNotExist101","deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"fullRuleName":{"type":"string"},"sourceAddressPrefixes":{"type":"array"},"destinationPortRanges":{"type":"array"},"priority":{"type":"int"}},"resources":[{"name":"[parameters(''fullRuleName'')]","type":"Microsoft.Network/networkSecurityGroups/securityRules","apiVersion":"2018-02-01","properties":{"protocol":"*","sourceAddressPrefixes":"[parameters(''sourceAddressPrefixes'')]","destinationAddressPrefix":"*","sourcePortRange":"*","destinationPortRange":"[last(parameters(''destinationPortRanges''))]","access":"Allow","direction":"Inbound","priority":"[parameters(''priority'')]"}}]},"parameters":{"fullRuleName":{"value":"[field(''fullName'')]"},"sourceAddressPrefixes":{"value":"[parameters(''sourceAddressPrefixes'')]"},"destinationPortRanges":{"value":"[parameters(''destinationPortRanges'')]"},"priority":{"value":"[field(''Microsoft.Network/networksecurityGroups/securityRules/priority'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111","type":"Microsoft.Authorization/policyDefinitions","name":"20c4afd0-8a77-4433-b8b0-4ad06e4c7111"},{"properties":{"displayName":"Deploy - NSGs on Subnets","policyType":"Custom","mode":"All","description":"Enforce - that all subnets have a Network Security Group. If a subnet does not have - one an NSG with the default Internet Exposed Endpoint restrictions will be - created and associated with it.","metadata":{"category":"Port Lockdown"},"parameters":{"nsgPrefix":{"type":"String","metadata":{"displayName":"NSG - name prefix","description":"The prefix string to apply to all automatically - created network security groups."}},"sourceAddressPrefixes":{"type":"Array","metadata":{"displayName":"IP - restriction prefixes","description":"The IP ranges incoming traffic will be - restricted to. I.e. 192.4.0.0/8;192.5.0.0/8"}},"destinationPortRanges":{"type":"Array","metadata":{"displayName":"Destination - port ranges","description":"Destination port ranges requiring IP restrictions. - Ranges must not overlap."}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},{"anyOf":[{"field":"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id","exists":"false"},{"field":"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id","equals":""}]}]},{"allOf":[{"field":"type","equals":"Microsoft.Network/virtualNetworks"},{"anyOf":[{"field":"Microsoft.Network/virtualNetworks/subnets[*].networkSecurityGroup.id","exists":"false"},{"not":{"field":"Microsoft.Network/virtualNetworks/subnets[*].networkSecurityGroup.id","notEquals":"null"}}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Authorization/policyAssignments","name":"DoesNotExist101","deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"fullResourceName":{"type":"string"},"resourceName":{"type":"string"},"location":{"type":"string"},"nsgPrefix":{"type":"string"},"sourceAddressPrefixes":{"type":"array"},"destinationPortRanges":{"type":"array"}},"variables":{"nsgName":"[concat(parameters(''nsgPrefix''), - ''-'', parameters(''location''))]","vnetName":"[split(parameters(''fullResourceName''), - ''/'')[0]]","vnetResourceId":"[resourceId(''Microsoft.Network/virtualNetworks'', - variables(''vnetName''))]","getVnetDeploymentName":"[concat(''getVnet-'', - variables(''vnetName''))]","collectSubnetsDeploymentName":"[concat(''collectSubnets-'', - variables(''vnetName''))]","overwriteVnetDeploymentName":"[concat(''overwriteVnet-'', - variables(''vnetName''))]"},"resources":[{"apiVersion":"2018-02-01","type":"Microsoft.Resources/deployments","name":"[variables(''getVnetDeploymentName'')]","properties":{"mode":"Incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","resources":[],"outputs":{"vnetProperties":{"type":"object","value":"[reference(variables(''vnetResourceId''), - ''2018-03-01'', ''Full'')]"}}}}},{"name":"[variables(''nsgName'')]","type":"Microsoft.Network/networkSecurityGroups","apiVersion":"2018-03-01","location":"[parameters(''location'')]","properties":{"securityRules":[{"name":"PortLockdown_ControlledPorts_Restrict","properties":{"description":"Allow - controlled port connections from specific IP ranges (either corpnet or SAW)","protocol":"*","sourcePortRange":"*","destinationPortRange":"","destinationPortRanges":"[parameters(''destinationPortRanges'')]","sourceAddressPrefix":"","sourceAddressPrefixes":"[parameters(''sourceAddressPrefixes'')]","destinationAddressPrefix":"*","access":"Allow","priority":3997,"direction":"Inbound"}},{"name":"PortLockdown_ControlledPorts_AllowVnet","properties":{"description":"Allow - controlled port connections from within the VNET","protocol":"*","sourcePortRange":"*","destinationPortRange":"","destinationPortRanges":"[parameters(''destinationPortRanges'')]","sourceAddressPrefix":"VirtualNetwork","destinationAddressPrefix":"*","access":"Allow","priority":3998,"direction":"Inbound"}},{"name":"PortLockdown_ControlledPorts_Deny","properties":{"description":"Deny - any controlled port connections that aren''t explicitly allowed in higher - priority rules","protocol":"*","sourcePortRange":"*","destinationPortRange":"","destinationPortRanges":"[parameters(''destinationPortRanges'')]","sourceAddressPrefix":"*","destinationAddressPrefix":"*","access":"Deny","priority":3999,"direction":"Inbound"}},{"name":"PortLockdown_AllowAll","properties":{"description":"Allow - all inbound traffic that isn''t explicitly blocked by Port Lockdown restrictions","protocol":"*","sourcePortRange":"*","destinationPortRange":"*","sourceAddressPrefix":"*","destinationAddressPrefix":"*","access":"Allow","priority":4000,"direction":"Inbound"}}]}},{"apiVersion":"2018-02-01","type":"Microsoft.Resources/deployments","name":"[variables(''collectSubnetsDeploymentName'')]","properties":{"mode":"Incremental","templateLink":{"uri":"https://portlockdown.blob.core.windows.net/portlockdown-templates/Subnet_OverwriteWithNsg_collectSubnets_template.json","contentVersion":"1.0.0.0"},"parameters":{"vnetProperties":{"value":"[reference(variables(''getVnetDeploymentName'')).outputs.vnetProperties.value]"},"nsgResourceId":{"value":"[resourceid(''Microsoft.Network/networkSecurityGroups'', - variables(''nsgName''))]"},"vnetName":{"value":"[variables(''vnetName'')]"}}}},{"dependsOn":["[variables(''nsgName'')]"],"apiVersion":"2018-02-01","type":"Microsoft.Resources/deployments","name":"[variables(''overwriteVnetDeploymentName'')]","properties":{"mode":"Incremental","templateLink":{"uri":"https://portlockdown.blob.core.windows.net/portlockdown-templates/Subnet_OverwriteWithNsg_overwriteVnet_template.json","contentVersion":"1.0.0.0"},"parameters":{"vnetProperties":{"value":"[reference(variables(''getVnetDeploymentName'')).outputs.vnetProperties.value]"},"location":{"value":"[parameters(''location'')]"},"updatedSubnets":{"value":"[reference(variables(''collectSubnetsDeploymentName'')).outputs.updatedSubnets.value]"},"vnetName":{"value":"[variables(''vnetName'')]"}}}}]},"parameters":{"fullResourceName":{"value":"[field(''fullName'')]"},"resourceName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"nsgPrefix":{"value":"[parameters(''nsgPrefix'')]"},"sourceAddressPrefixes":{"value":"[parameters(''sourceAddressPrefixes'')]"},"destinationPortRanges":{"value":"[parameters(''destinationPortRanges'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/210ed8bd-6b07-4d5e-a62c-c34f07293288","type":"Microsoft.Authorization/policyDefinitions","name":"210ed8bd-6b07-4d5e-a62c-c34f07293288"},{"properties":{"displayName":"Audit - existence of a tag2","policyType":"Custom","mode":"All","description":"Audits - that a required tag is present on resources","metadata":{},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag - Name","description":null}}},"policyRule":{"if":{"field":"tags","notcontainsKey":"[parameters(''tagName'')]"},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/24813039-7534-408a-9842-eb99f45721b1","type":"Microsoft.Authorization/policyDefinitions","name":"24813039-7534-408a-9842-eb99f45721b1"},{"properties":{"displayName":"camarvin - oms vm linux parameterized effect","policyType":"Custom","mode":"all","metadata":{},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log - Analytics workspace","description":"Select Log Analytics workspace from dropdown - list","strongType":"omsWorkspace"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Select - Log Analytics workspace from dropdown list","strongType":"omsWorkspace"},"allowedValues":["deployIfNotExists","disabled"],"defaultValue":"deployIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"OmsAgentForLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"resources":[{"name":"[concat(parameters(''vmName''),''/omsPolicy'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2017-12-01","properties":{"publisher":"Microsoft.EnterpriseCloud.Monitoring","type":"OmsAgentForLinux","typeHandlerVersion":"1.4","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''), - ''2015-03-20'').customerId]"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''), - ''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled - monitoring for Linux VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/263f13f4-6b88-4788-bead-34beedde70ce","type":"Microsoft.Authorization/policyDefinitions","name":"263f13f4-6b88-4788-bead-34beedde70ce"},{"properties":{"displayName":"akhe-incident-85944710-v2","policyType":"Custom","mode":"all","description":"2nd - attempt on this policy. ","metadata":{"category":"akhe"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources."}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"field":"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName","notIn":"[parameters(''allowedLocations'')]"}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/290b38e4-eff9-434b-b4d3-3ddd60841400","type":"Microsoft.Authorization/policyDefinitions","name":"290b38e4-eff9-434b-b4d3-3ddd60841400"},{"properties":{"displayName":"akhe-incident-85944710-combined","policyType":"Custom","mode":"all","description":"the - combined policy attempt for both cosmos db cases. ","metadata":{},"parameters":{"locationNames":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources."}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"anyOf":[{"allOf":[{"field":"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName","exists":"true"},{"not":{"field":"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName","In":"[parameters(''locationNames'')]"}}]},{"allOf":[{"field":"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName","exists":"true"},{"not":{"field":"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName","In":"[parameters(''locationNames'')]"}}]},{"allOf":[{"field":"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName","exists":"true"},{"not":{"field":"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName","In":"[parameters(''locationNames'')]"}}]},{"allOf":[{"field":"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName","exists":"true"},{"not":{"field":"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName","In":"[parameters(''locationNames'')]"}}]}]}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/290b38e4-eff9-434b-b4d3-3ddd6084180f","type":"Microsoft.Authorization/policyDefinitions","name":"290b38e4-eff9-434b-b4d3-3ddd6084180f"},{"properties":{"displayName":"storage - ip rules append 2","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"}]},"then":{"effect":"append","details":[{"field":"Microsoft.Storage/storageAccounts/networkAcls.ipRules","value":[{"value":"8.8.8.8","action":"Allow"}]}]}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/2b2317a7-ab02-47b5-8159-eb7e6227709f","type":"Microsoft.Authorization/policyDefinitions","name":"2b2317a7-ab02-47b5-8159-eb7e6227709f"},{"properties":{"displayName":"[demo] - Enforce KeyVault diagnostic log storage","policyType":"Custom","mode":"all","description":"Ensures - that AuditEvents are collected from all Key Vaults in the subscription and - stored in a specific storage account for 30 days.","metadata":{"category":"Key - Vault"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"},"roleDefinitionIds":["/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","variables":{"storageName":"[tolower(concat(''cheggkv'', - parameters(''location'')))]"},"resources":[{"type":"Microsoft.KeyVault/vaults/providers/diagnosticSettings","name":"[concat(parameters(''vaultName''),''/Microsoft.Insights/setbypolicy'')]","apiVersion":"2017-05-01-preview","location":"[parameters(''location'')]","properties":{"storageAccountId":"[resourceid(''cheggremdemo'', - ''Microsoft.Storage/storageAccounts'', variables(''storageName''))]","logs":[{"category":"AuditEvent","enabled":true,"retentionPolicy":{"enabled":true,"days":30}}]}}],"parameters":{"vaultName":{"type":"string"},"location":{"type":"string"}}},"parameters":{"vaultName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/332ce4ac-9200-4573-8c66-92b85fc82c8d","type":"Microsoft.Authorization/policyDefinitions","name":"332ce4ac-9200-4573-8c66-92b85fc82c8d"},{"properties":{"displayName":"audit_cosmosdb_enableAutomaticFailover","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"allof":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"field":"Microsoft.DocumentDB/databaseAccounts/enableAutomaticFailover","equals":"false"}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0a0","type":"Microsoft.Authorization/policyDefinitions","name":"37501145-d01b-4bc8-92d0-c795a19fd0a0"},{"properties":{"displayName":"audit_cosmosdb_defaultConsistencyLevel","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"allof":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"not":{"field":"Microsoft.DocumentDB/databaseAccounts/consistencyPolicy.defaultConsistencyLevel","equals":"lalala"}}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0b7","type":"Microsoft.Authorization/policyDefinitions","name":"37501145-d01b-4bc8-92d0-c795a19fd0b7"},{"properties":{"displayName":"audit_cosmosdb_readLocations","policyType":"Custom","mode":"All","metadata":{},"parameters":{},"policyRule":{"if":{"allof":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"not":{"allof":[{"field":"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName","equals":"lalala"}]}}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0bd","type":"Microsoft.Authorization/policyDefinitions","name":"37501145-d01b-4bc8-92d0-c795a19fd0bd"},{"properties":{"displayName":"audit_cosmosdb_writeLocations","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"allof":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"not":{"allof":[{"field":"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName","equals":"lalala"}]}}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0ce","type":"Microsoft.Authorization/policyDefinitions","name":"37501145-d01b-4bc8-92d0-c795a19fd0ce"},{"properties":{"displayName":"audit_cosmosdb_failoverPolicies","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"allof":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"not":{"allof":[{"field":"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName","equals":"lalala"}]}}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd160","type":"Microsoft.Authorization/policyDefinitions","name":"37501145-d01b-4bc8-92d0-c795a19fd160"},{"properties":{"displayName":"jilim - recovery services vaults test","policyType":"Custom","mode":"all","metadata":{"category":"Test"},"parameters":{"vault":{"type":"String","metadata":{"displayName":"Recovery - Services Vault","description":"The Recovery Services Vault.","strongType":"Microsoft.RecoveryServices/vaults"}},"vaults":{"type":"Array","metadata":{"displayName":"Recovery - Services Vaults","description":"The list of Recovery Services Vaults.","strongType":"Microsoft.RecoveryServices/vaults"}}},"policyRule":{"if":{"allOf":[{"field":"location","equals":"[parameters(''vault'')]"},{"field":"location","in":"[parameters(''vaults'')]"}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3b2c1b0f-63c5-4943-8578-6d37fbe411bb","type":"Microsoft.Authorization/policyDefinitions","name":"3b2c1b0f-63c5-4943-8578-6d37fbe411bb"},{"properties":{"displayName":"Name - should have prefix and suffix","policyType":"Custom","description":"Name should - have prefix and suffix","parameters":{"prefix":{"type":"String","metadata":{"displayName":"The - prefix","description":"The name prefix"},"allowedValues":[]},"suffix":{"type":"String","metadata":{"displayName":"The - suffix","description":"The name suffix."},"allowedValues":[]}},"policyRule":{"if":{"not":{"field":"name","like":"[concat(parameters(''prefix''), - ''*'', parameters(''suffix''))]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3e275e2e-a157-4ade-8f91-43b3ea370007","type":"Microsoft.Authorization/policyDefinitions","name":"3e275e2e-a157-4ade-8f91-43b3ea370007"},{"properties":{"displayName":"Restrict - VM skus","policyType":"Custom","mode":"All","description":"Restricts allowed - VM skus to a predefined regex","parameters":{"allowedSkuTemplate":{"type":"String","metadata":{"displayName":"Allowed - VM sku template","description":"The VM sku template. Supports wildcards via - ''*''"}}},"policyRule":{"if":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/sku.name","like":"[parameters(''allowedSkuTemplate'')]"},{"field":"type","equals":"Microsoft.Compute/virtualMachines"}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e34c8","type":"Microsoft.Authorization/policyDefinitions","name":"3e3807c1-65c9-49e0-a406-82d8ae3e34c8"},{"properties":{"displayName":"Audit - storage account SKU","policyType":"Custom","mode":"All","description":"Audits - the use of storage account SKUs that don''t meet organizational cost policy.","parameters":{"listOfAllowedSkus":{"type":"Array","metadata":{"displayName":"List - of allowed SKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/sku.name","in":"[parameters(''listOfAllowedSkus'')]"}}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e3682","type":"Microsoft.Authorization/policyDefinitions","name":"3e3807c1-65c9-49e0-a406-82d8ae3e3682"},{"properties":{"displayName":"RobgaDataFactoryTest1","policyType":"Custom","mode":"all","description":"RobgaDataFactoryTest","metadata":{},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataFactory/factories"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"field":"Microsoft.Insights/diagnosticSettings/workspaceId","equals":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/robgatestworkspace/providers/Microsoft.OperationalInsights/workspaces/robgatestworkspace"}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3ffb9f8c-fdaa-41b0-ad4b-b0f55e2860c9","type":"Microsoft.Authorization/policyDefinitions","name":"3ffb9f8c-fdaa-41b0-ad4b-b0f55e2860c9"},{"properties":{"displayName":"Enforce - autoUpgrade on VM/VMSS extensions","policyType":"Custom","mode":"All","description":"Denies - any VM or VMSS extensions that do not have autoUpgradeMinorVersion set to - true.","metadata":{},"parameters":{},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines/extensions"},{"field":"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion","notEquals":"true"}]},{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets/extensions"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion","notEquals":"true"}]}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f772","type":"Microsoft.Authorization/policyDefinitions","name":"41f9e24d-1586-455f-811a-92a2ca39f772"},{"properties":{"displayName":"Append - autoUpgrade to VM extensions","policyType":"Custom","mode":"All","description":"Automatically - enabled autoUpgradeMinorVersion on VM extensions","metadata":{},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines/extensions"},{"field":"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion","exists":"false"}]},"then":{"effect":"append","details":[{"field":"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion","value":"true"}]}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f783","type":"Microsoft.Authorization/policyDefinitions","name":"41f9e24d-1586-455f-811a-92a2ca39f783"},{"properties":{"displayName":"Append - autoUpgrade to VM scale set extensions","policyType":"Custom","mode":"All","description":"Automatically - appends autoUpgradeMinorVersion=true to VMSS extensions","metadata":{},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets/extensions"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion","exists":"false"}]},"then":{"effect":"append","details":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion","value":"true"}]}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f7a3","type":"Microsoft.Authorization/policyDefinitions","name":"41f9e24d-1586-455f-811a-92a2ca39f7a3"},{"properties":{"displayName":"MSIT - - AppService must use serverFarm","policyType":"Custom","mode":"All","metadata":{},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"anyOf":[{"field":"Microsoft.Web/sites/serverFarmId","exists":"false"},{"field":"Microsoft.Web/sites/serverFarmId","equals":""}]}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39fc12","type":"Microsoft.Authorization/policyDefinitions","name":"41f9e24d-1586-455f-811a-92a2ca39fc12"},{"properties":{"displayName":"MSIT - - AppService serverFarm must have capacity > 1","policyType":"Custom","mode":"All","metadata":{},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/serverFarms"},{"field":"Microsoft.Web/serverFarms/sku.capacity","in":["0","1"]}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39fc23","type":"Microsoft.Authorization/policyDefinitions","name":"41f9e24d-1586-455f-811a-92a2ca39fc23"},{"properties":{"displayName":"rohitbh: - Definition to be deleted.","policyType":"Custom","mode":"indexed","description":"This - policy will deploy a key vault named KV_B if a key vault named KV_A does not - exist.","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.KeyVault/vaults","existenceCondition":{"field":"name","equals":"KV_B"},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","resources":[{"apiVersion":"2016-10-01","name":"KV_A","type":"Microsoft.KeyVault/vaults","location":"eastus2","properties":{"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","sku":{"family":"A","name":"standard"},"accessPolicies":[]}}]}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/48ba81c1-0012-4796-8166-c2efb4304190","type":"Microsoft.Authorization/policyDefinitions","name":"48ba81c1-0012-4796-8166-c2efb4304190"},{"properties":{"displayName":"Do_Not_Delete","policyType":"Custom","mode":"All","description":"This - policy is used for unit tests. Please do not delete it.","parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources."}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4a0425e4-97bf-4ad0-ab36-145b94083c60","type":"Microsoft.Authorization/policyDefinitions","name":"4a0425e4-97bf-4ad0-ab36-145b94083c60"},{"properties":{"displayName":"ICM - 83686598","policyType":"Custom","mode":"All","description":"deny the creation - of storage if supportsHttpsTrafficOnly is false","metadata":{},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly","equals":"True"}}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4c03a3e3-e038-4a55-a6a6-abf8e7bb9175","type":"Microsoft.Authorization/policyDefinitions","name":"4c03a3e3-e038-4a55-a6a6-abf8e7bb9175"},{"properties":{"displayName":"detect - ''allow All'' NSG rule","policyType":"Custom","mode":"All","metadata":{},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkSecurityGroups/securityRules"},{"allOf":[{"anyOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange","equals":"*"},{"not":{"field":"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]","notEquals":"*"}}]},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/access","equals":"Allow"},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/direction","equals":"Inbound"},{"anyOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix","in":["*","Internet"]},{"not":{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]","notIn":["*","Internet"]}}]}]}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4c915617-16f0-4c62-b021-e66d5409d11d","type":"Microsoft.Authorization/policyDefinitions","name":"4c915617-16f0-4c62-b021-e66d5409d11d"},{"properties":{"displayName":"rohitbh: - Deploy Auditing on SQL servers without role definitions","policyType":"Custom","mode":"indexed","description":"This - policy ensures that Auditing is enabled on SQL Servers for enhanced security - and compliance. It will automatically create a storage account in the same - region as the SQL server to store audit records.","metadata":{"category":"rohitbh"},"parameters":{"retentionDays":{"type":"String","metadata":{"displayName":"Retention - days (optional, 180 days if unspecified)","description":"The value in days - of the retention period (0 indicates unlimited retention)"},"defaultValue":"180"},"storageAccountsResourceGroup":{"type":"String","metadata":{"displayName":"Resource - group name for storage accounts","description":"Auditing writes database events - to an audit log in your Azure Storage account (a storage account will be created - in each region where a SQL Server is created that will be shared by all servers - in that region). Important - for proper operation of Auditing do not delete - or rename the resource group or the storage accounts.","strongType":"existingResourceGroups"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"Default","existenceCondition":{"field":"Microsoft.Sql/auditingSettings.state","equals":"Enabled"},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"serverName":{"type":"string"},"auditRetentionDays":{"type":"string"},"storageAccountsResourceGroup":{"type":"string"},"location":{"type":"string"}},"variables":{"retentionDays":"[int(parameters(''auditRetentionDays''))]","subscriptionId":"[subscription().subscriptionId]","uniqueStorage":"[uniqueString(variables(''subscriptionId''), - parameters(''location''), parameters(''storageAccountsResourceGroup''))]","locationCode":"[substring(parameters(''location''), - 0, 3)]","storageName":"[tolower(concat(''sqlaudit'', variables(''locationCode''), - variables(''uniqueStorage'')))]","createStorageAccountDeploymentName":"[concat(''sqlServerAuditingStorageAccount-'', - uniqueString(variables(''locationCode''), parameters(''serverName'')))]"},"resources":[{"apiVersion":"2017-05-10","name":"[variables(''createStorageAccountDeploymentName'')]","type":"Microsoft.Resources/deployments","resourceGroup":"[parameters(''storageAccountsResourceGroup'')]","properties":{"mode":"Incremental","parameters":{"location":{"value":"[parameters(''location'')]"},"storageName":{"value":"[variables(''storageName'')]"}},"templateLink":{"uri":"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json","contentVersion":"1.0.0.0"}}},{"name":"[concat(parameters(''serverName''), - ''/Default'')]","type":"Microsoft.Sql/servers/auditingSettings","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","storageEndpoint":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountEndPoint.value]","storageAccountAccessKey":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountKey.value]","retentionDays":"[variables(''retentionDays'')]","auditActionsAndGroups":null,"storageAccountSubscriptionId":"[subscription().subscriptionId]","isStorageSecondaryKeyInUse":false}}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"auditRetentionDays":{"value":"[parameters(''retentionDays'')]"},"storageAccountsResourceGroup":{"value":"[parameters(''storageAccountsResourceGroup'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf332195","type":"Microsoft.Authorization/policyDefinitions","name":"4cf9b9fd-45d3-4126-8ba7-cc9adf332195"},{"properties":{"displayName":"rohitbh: - Deploy Auditing on SQL servers with role definitions","policyType":"Custom","mode":"indexed","description":"This - policy ensures that Auditing is enabled on SQL Servers for enhanced security - and compliance. It will automatically create a storage account in the same - region as the SQL server to store audit records.","metadata":{"category":"Test"},"parameters":{"retentionDays":{"type":"String","metadata":{"displayName":"Retention - days (optional, 180 days if unspecified)","description":"The value in days - of the retention period (0 indicates unlimited retention)"},"defaultValue":"180"},"storageAccountsResourceGroup":{"type":"String","metadata":{"displayName":"Resource - group name for storage accounts","description":"Auditing writes database events - to an audit log in your Azure Storage account (a storage account will be created - in each region where a SQL Server is created that will be shared by all servers - in that region). Important - for proper operation of Auditing do not delete - or rename the resource group or the storage accounts.","strongType":"existingResourceGroups"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"Default","existenceCondition":{"field":"Microsoft.Sql/auditingSettings.state","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3","/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"serverName":{"type":"string"},"auditRetentionDays":{"type":"string"},"storageAccountsResourceGroup":{"type":"string"},"location":{"type":"string"}},"variables":{"retentionDays":"[int(parameters(''auditRetentionDays''))]","subscriptionId":"[subscription().subscriptionId]","uniqueStorage":"[uniqueString(variables(''subscriptionId''), - parameters(''location''), parameters(''storageAccountsResourceGroup''))]","locationCode":"[substring(parameters(''location''), - 0, 3)]","storageName":"[tolower(concat(''sqlaudit'', variables(''locationCode''), - variables(''uniqueStorage'')))]","createStorageAccountDeploymentName":"[concat(''sqlServerAuditingStorageAccount-'', - uniqueString(variables(''locationCode''), parameters(''serverName'')))]"},"resources":[{"apiVersion":"2017-05-10","name":"[variables(''createStorageAccountDeploymentName'')]","type":"Microsoft.Resources/deployments","resourceGroup":"[parameters(''storageAccountsResourceGroup'')]","properties":{"mode":"Incremental","parameters":{"location":{"value":"[parameters(''location'')]"},"storageName":{"value":"[variables(''storageName'')]"}},"templateLink":{"uri":"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json","contentVersion":"1.0.0.0"}}},{"name":"[concat(parameters(''serverName''), - ''/Default'')]","type":"Microsoft.Sql/servers/auditingSettings","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","storageEndpoint":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountEndPoint.value]","storageAccountAccessKey":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountKey.value]","retentionDays":"[variables(''retentionDays'')]","auditActionsAndGroups":null,"storageAccountSubscriptionId":"[subscription().subscriptionId]","isStorageSecondaryKeyInUse":false}}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"auditRetentionDays":{"value":"[parameters(''retentionDays'')]"},"storageAccountsResourceGroup":{"value":"[parameters(''storageAccountsResourceGroup'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf332199","type":"Microsoft.Authorization/policyDefinitions","name":"4cf9b9fd-45d3-4126-8ba7-cc9adf332199"},{"properties":{"displayName":"rohitbh: - Audit VMs that do not use managed disks without role definitions","policyType":"Custom","mode":"all","description":"This - policy audits VMs that do not use managed disks","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/virtualMachines/osDisk.uri","exists":"True"}]},{"allOf":[{"field":"type","equals":"Microsoft.Compute/VirtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers","exists":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl","exists":"True"}]}]}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf33219f","type":"Microsoft.Authorization/policyDefinitions","name":"4cf9b9fd-45d3-4126-8ba7-cc9adf33219f"},{"properties":{"displayName":"rohitbh: - Audit VMs that do not use managed disks with role definitions","policyType":"Custom","mode":"all","description":"This - policy audits VMs that do not use managed disks","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/virtualMachines/osDisk.uri","exists":"True"}]},{"allOf":[{"field":"type","equals":"Microsoft.Compute/VirtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers","exists":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl","exists":"True"}]}]}]},"then":{"effect":"audit","details":{"type":"Microsoft.Sql/servers/auditingSettings","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3"]}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf3321a3","type":"Microsoft.Authorization/policyDefinitions","name":"4cf9b9fd-45d3-4126-8ba7-cc9adf3321a3"},{"properties":{"displayName":"Ensure - auto-created NSG rules exist","policyType":"Custom","mode":"All","description":"Ensures - that security rules created in auto-created PortLockdown NSGs are not tampered - with","metadata":{"category":"Port Lockdown"},"parameters":{"nsgPrefix":{"type":"String","metadata":{"displayName":"NSG - name prefix","description":"The prefix string applied to automatically created - network security groups."}},"sourceAddressPrefixes":{"type":"Array","metadata":{"displayName":"Expected - IP restriction prefixes","description":"The IP ranges incoming traffic will - be restricted to in the expected security rule. I.e. 192.4.0.0/8;192.5.0.0/8 - or *"}},"destinationPortRanges":{"type":"Array","metadata":{"displayName":"Expected - destination port ranges","description":"Destination port ranges requiring - IP restrictions in the expected security rule"}},"priority":{"type":"String","metadata":{"displayName":"Expected - priority","description":"The priority of the expected security rule."}},"access":{"type":"String","metadata":{"displayName":"Expected - access","description":"The access (allow/deny) of the expected security rule."},"allowedValues":["Allow","Deny"]},"name":{"type":"String","metadata":{"displayName":"Expected - name","description":"The name of the expected security rule."}}},"policyRule":{"if":{"allOf":[{"field":"name","equals":"[concat(parameters(''nsgPrefix''), - ''-'', field(''location''))]"},{"field":"type","equals":"Microsoft.Network/networkSecurityGroups"}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Network/networkSecurityGroups/securityRules","existenceCondition":{"allOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/priority","equals":"[parameters(''priority'')]"},{"anyOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]","in":"[parameters(''sourceAddressPrefixes'')]"},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix","in":"[parameters(''sourceAddressPrefixes'')]"}]},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]","in":"[parameters(''destinationPortRanges'')]"},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/access","equals":"[parameters(''access'')]"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"sourceAddressPrefixes":{"type":"array"},"destinationPortRanges":{"type":"array"},"name":{"type":"string"},"priority":{"type":"string"},"access":{"type":"string"},"nsgName":{"type":"string"}},"variables":{"isSinglePrefix":"[equals(count(parameters(''sourceAddressPrefixes'')), - 1)]","isSinglePortRange":"[equals(count(parameters(''destinationPortRanges'')), - 1)]"},"resources":[{"name":"[concat(parameters(''nsgName''), ''/'', parameters(''name''))]","type":"Microsoft.Network/networkSecurityGroups/securityRules","apiVersion":"2018-03-01","properties":{"description":"Rule - auto-created by Internet Exposed Endpoints protection","protocol":"*","sourcePortRange":"*","destinationPortRange":"[if(variables(''isSinglePortRange''), - first(parameters(''destinationPortRanges'')), '''')]","destinationPortRanges":"[if(not(variables(''isSinglePortRange'')), - parameters(''destinationPortRanges''), json(''[]''))]","sourceAddressPrefix":"[if(variables(''isSinglePrefix''), - first(parameters(''sourceAddressPrefixes'')), '''')]","sourceAddressPrefixes":"[if(not(variables(''isSinglePrefix'')), - parameters(''sourceAddressPrefixes''), json(''[]''))]","destinationAddressPrefix":"*","access":"[parameters(''access'')]","priority":"[int(parameters(''priority''))]","direction":"Inbound"}}]},"parameters":{"sourceAddressPrefixes":{"value":"[parameters(''sourceAddressPrefixes'')]"},"destinationPortRanges":{"value":"[parameters(''destinationPortRanges'')]"},"name":{"value":"[parameters(''name'')]"},"priority":{"value":"[parameters(''priority'')]"},"access":{"value":"[parameters(''access'')]"},"nsgName":{"value":"[field(''name'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115","type":"Microsoft.Authorization/policyDefinitions","name":"4f283ec4-25a9-46df-bbf2-806ed5a3e115"},{"properties":{"displayName":"rohitbh: - Deploy key vault KV_B if key vault KV_A does not exist.","policyType":"Custom","mode":"indexed","description":"This - policy will deploy a key vault named KV_B if a key vault named KV_A does not - exist.","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.KeyVault/vaults","existenceCondition":{"field":"name","equals":"KV_B"},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","resources":[{"apiVersion":"2016-10-01","name":"KV_A","type":"Microsoft.KeyVault/vaults","location":"eastus2","properties":{"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","sku":{"family":"A","name":"standard"},"accessPolicies":[]}}]}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/50e2972e-143c-4edf-9ef6-bee0f84212d6","type":"Microsoft.Authorization/policyDefinitions","name":"50e2972e-143c-4edf-9ef6-bee0f84212d6"},{"properties":{"displayName":"GokmenhAuditLocation","policyType":"Custom","mode":"all","description":"Audit - if not west us","metadata":{},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["eastus"]}},"then":{"effect":"Audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5948d091-78b7-4d3b-a404-cc6a0329b0c6","type":"Microsoft.Authorization/policyDefinitions","name":"5948d091-78b7-4d3b-a404-cc6a0329b0c6"},{"properties":{"displayName":"deployifnotexist - template alias tests - redis","policyType":"Custom","mode":"all","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Cache/Redis"},{"field":"Microsoft.Cache/Redis/sku.family","equals":"C"}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Resources/links","existenceCondition":{"field":"name","like":"Whatever*"},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"skuFamily":{"type":"string"},"enableNonSslPort":{"type":"string"},"nameField":{"type":"string"}},"resources":[],"outputs":{"skuFamilyOut":{"value":"[parameters(''skuFamily'')]","type":"string"},"enableNonSslPortOut":{"value":"[parameters(''enableNonSslPort'')]","type":"string"},"nameFieldOut":{"value":"[parameters(''nameField'')]","type":"string"}}},"parameters":{"skuFamily":{"value":"[field(''Microsoft.Cache/Redis/sku.family'')]"},"enableNonSslPort":{"value":"[field(''Microsoft.Cache/Redis/enableNonSslPort'')]"},"nameField":{"value":"[field(''name'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5a8a68e8-ae1c-420a-9639-a94ebeb3c0c8","type":"Microsoft.Authorization/policyDefinitions","name":"5a8a68e8-ae1c-420a-9639-a94ebeb3c0c8"},{"properties":{"displayName":"akhe-incident-86226837","policyType":"Custom","mode":"All","description":"reproing - the incident: https://icm.ad.msft.net/imp/v3/incidents/details/86226837/home","metadata":{"category":"akhe"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers"},{"field":"Microsoft.Sql/servers/firewallRules/startIpAddress","exists":"false"},{"field":"Microsoft.Sql/servers/firewallRules/endIpAddress","exists":" - false"}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca376","type":"Microsoft.Authorization/policyDefinitions","name":"5b02be71-b0a4-4942-a376-9dc88d9ca376"},{"properties":{"displayName":"akhe-incident-86318519","policyType":"Custom","mode":"all","description":"reproing - incident 86318519","metadata":{"category":"akhe"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/firewallrules"},{"field":"name","equals":"AllowAllWindowsAzureIps"}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca600","type":"Microsoft.Authorization/policyDefinitions","name":"5b02be71-b0a4-4942-a376-9dc88d9ca600"},{"properties":{"displayName":"akhe-incident-86230190","policyType":"Custom","mode":"All","description":"reproing - incident 86230190, https://icm.ad.msft.net/imp/v3/incidents/details/86230190/home\n\nAudits - if a resource doesn''t have a lock","metadata":{"category":"akhe"},"parameters":{},"policyRule":{"if":{"field":"type","exists":"true"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Authorization/locks","existenceCondition":{"field":"Microsoft.Authorization/locks/level","notIn":["ReadOnly","CanNotDelete"]}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca8d6","type":"Microsoft.Authorization/policyDefinitions","name":"5b02be71-b0a4-4942-a376-9dc88d9ca8d6"},{"properties":{"displayName":"Test - storage alias","policyType":"Custom","mode":"all","description":"Test storage - alias","metadata":{"category":"camarvin"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Storage/storageAccounts"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Authorization/policyAssignments","name":"DoesNotExist101","deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"httpsOnly":{"type":"string"},"encrypt":{"type":"string"},"accessTier":{"type":"string"},"skuName":{"type":"string"}},"resources":[],"outputs":{"skuNameOut":{"type":"string","value":"[parameters(''skuName'')]"},"accessTierOut":{"type":"string","value":"[parameters(''accessTier'')]"},"httpsOnlyOut":{"type":"String","value":"[parameters(''httpsOnly'')]"},"encryptOut":{"type":"String","value":"[parameters(''encrypt'')]"}}},"parameters":{"httpsOnly":{"value":"[field(''Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly'')]"},"encrypt":{"value":"[field(''Microsoft.Storage/storageAccounts/enableBlobEncryption'')]"},"accessTier":{"value":"[field(''Microsoft.Storage/storageAccounts/accessTier'')]"},"skuName":{"value":"[field(''Microsoft.Storage/storageAccounts/sku.name'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5fa69139-9a49-464e-90b5-0d243a469138","type":"Microsoft.Authorization/policyDefinitions","name":"5fa69139-9a49-464e-90b5-0d243a469138"},{"properties":{"displayName":"testSandipsh - metric alert policy1","policyType":"Custom","mode":"All","metadata":{"category":"testSandipsh"},"parameters":{"resourceType":{"type":"String","metadata":{"displayName":"Resource - Type","description":"The target resource type."}},"alertNamePrefix":{"type":"String","metadata":{"displayName":"Alert - name prefix","description":"A prefix to be used for the metrics alert."}},"alertDescription":{"type":"String","metadata":{"displayName":"Alert - description.","description":null}},"alertSeverity":{"type":"String","metadata":{"displayName":"alertSeverity","description":"Severity - of alert {0,1,2,3,4}"},"allowedValues":["0","1","2","3","4"],"defaultValue":"3"},"isEnabled":{"type":"String","metadata":{"displayName":"isEnabled","description":"Specifies - whether the alert is enabled."},"allowedValues":["true","false"],"defaultValue":"true"},"metricName":{"type":"String","metadata":{"displayName":"Metric - name","description":"Metric name."}},"operator":{"type":"String","metadata":{"displayName":"Operator","description":"The - metric operator."}},"threshold":{"type":"String","metadata":{"displayName":"Threshold","description":"The - threshold."}},"timeAggregation":{"type":"String","metadata":{"displayName":"TimeAggregation","description":"The - timeAggregation."}},"windowSize":{"type":"String","metadata":{"displayName":"Window - size","description":"The window size."}},"evaluationFrequency":{"type":"String","metadata":{"displayName":"Evaluation - Frequency","description":"The evaluation frequency."}},"actionGroupId":{"type":"String","metadata":{"displayName":"ActionGroupId","description":"The - action group id."}}},"policyRule":{"if":{"field":"type","equals":"[parameters(''resourceType'')]"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Insights/metricAlerts","existenceCondition":{"field":"name","like":"[concat(parameters(''alertNamePrefix''), - ''*'')]"},"existenceScope":"subscription","deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"alertNamePrefix":{"type":"string","minLength":1,"metadata":{"description":"A - prefix to be used for the metrics alert."}},"alertDescription":{"type":"string","defaultValue":"This - is a metric alert","metadata":{"description":"Description of alert"}},"alertSeverity":{"type":"string","defaultValue":"3","allowedValues":["0","1","2","3","4"],"metadata":{"description":"Severity - of alert {0,1,2,3,4}"}},"isEnabled":{"type":"string","defaultValue":"true","metadata":{"description":"Specifies - whether the alert is enabled"}},"metricName":{"type":"string","minLength":1,"metadata":{"description":"Name - of the metric used in the comparison to activate the alert."}},"operator":{"type":"string","defaultValue":"GreaterThan","allowedValues":["Equals","NotEquals","GreaterThan","GreaterThanOrEqual","LessThan","LessThanOrEqual"],"metadata":{"description":"Operator - comparing the current value with the threshold value."}},"threshold":{"type":"string","defaultValue":"0","metadata":{"description":"The - threshold value at which the alert is activated."}},"timeAggregation":{"type":"string","defaultValue":"Average","allowedValues":["Average","Minimum","Maximum","Total"],"metadata":{"description":"How - the data that is collected should be combined over time."}},"windowSize":{"type":"string","defaultValue":"PT5M","metadata":{"description":"Period - of time used to monitor alert activity based on the threshold. Must be between - five minutes and one day. ISO 8601 duration format."}},"evaluationFrequency":{"type":"string","defaultValue":"PT1M","metadata":{"description":"how - often the metric alert is evaluated represented in ISO 8601 duration format"}},"actionGroupId":{"type":"string","defaultValue":"","metadata":{"description":"The - ID of the action group that is triggered when the alert is activated or deactivated"}},"resourceType":{"type":"string","metadata":{"description":"The - resource type of target resource."}},"targetResourceName":{"type":"string","metadata":{"description":"The - target resource name."}}},"variables":{"targetResourceType":"[parameters(''resourceType'')]","resourceIdentifier":"[resourceId(variables(''targetResourceType''), - parameters(''targetResourceName''))]","alertName":"[concat(toLower(parameters(''alertNamePrefix'')), - uniqueString(resourceGroup().id))]"},"resources":[{"name":"[variables(''alertName'')]","type":"Microsoft.Insights/metricAlerts","location":"global","apiVersion":"2018-03-01","tags":{},"properties":{"description":"[parameters(''alertDescription'')]","severity":"[parameters(''alertSeverity'')]","enabled":"[parameters(''isEnabled'')]","scopes":["[variables(''resourceIdentifier'')]"],"evaluationFrequency":"[parameters(''evaluationFrequency'')]","windowSize":"[parameters(''windowSize'')]","criteria":{"odata.type":"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria","allOf":[{"name":"1st - criterion","metricName":"[parameters(''metricName'')]","dimensions":[],"operator":"[parameters(''operator'')]","threshold":"[parameters(''threshold'')]","timeAggregation":"[parameters(''timeAggregation'')]"}]},"actions":[{"actionGroupId":"[parameters(''actionGroupId'')]"}]}}]},"parameters":{"alertNamePrefix":{"value":"[parameters(''alertNamePrefix'')]"},"alertDescription":{"value":"[parameters(''alertDescription'')]"},"alertSeverity":{"value":"[parameters(''alertSeverity'')]"},"isEnabled":{"value":"[parameters(''isEnabled'')]"},"metricName":{"value":"[parameters(''metricName'')]"},"operator":{"value":"[parameters(''operator'')]"},"threshold":{"value":"[parameters(''threshold'')]"},"timeAggregation":{"value":"[parameters(''timeAggregation'')]"},"windowSize":{"value":"[parameters(''windowSize'')]"},"evaluationFrequency":{"value":"[parameters(''evaluationFrequency'')]"},"actionGroupId":{"value":"[parameters(''actionGroupId'')]"},"resourceType":{"value":"[parameters(''resourceType'')]"},"targetResourceName":{"value":"[field(''name'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/6f2c6354-fc96-4f54-984e-8d49d06a80a3","type":"Microsoft.Authorization/policyDefinitions","name":"6f2c6354-fc96-4f54-984e-8d49d06a80a3"},{"properties":{"displayName":"testImageId","policyType":"Custom","mode":"All","metadata":{"category":"css"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.Compute/VirtualMachineScaleSets"]},{"not":{"field":"Microsoft.Compute/imageId","contains":"resourceGroups/testSandipsh"}}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/70dc1e8d-61c9-4089-8bf5-895b227c1298","type":"Microsoft.Authorization/policyDefinitions","name":"70dc1e8d-61c9-4089-8bf5-895b227c1298"},{"properties":{"displayName":"Policy - tracked resources SDK tests","policyType":"Custom","mode":"all","metadata":{"category":""},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkSecurityGroups"},{"field":"name","equals":"policyTrackedResources-sdk-tests"}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Network/networkSecurityGroups/securityRules","existenceCondition":{"field":"name","notIn":["policyTrackedResources-sdk-tests-rule1","policyTrackedResources-sdk-tests-rule2"]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"nsgName":{"type":"string"}},"resources":[{"apiVersion":"2018-08-01","type":"Microsoft.Network/networkSecurityGroups/securityRules","name":"[concat(parameters(''nsgName''), - ''/policyTrackedResources-sdk-tests-rule1'')]","properties":{"description":"Test - Rule","protocol":"Tcp","sourcePortRange":"*","destinationPortRange":"*","sourceAddressPrefix":"*","destinationAddressPrefix":"*","access":"Allow","priority":2000,"direction":"Outbound"}},{"apiVersion":"2018-08-01","type":"Microsoft.Network/networkSecurityGroups/securityRules","name":"[concat(parameters(''nsgName''), - ''/policyTrackedResources-sdk-tests-rule2'')]","properties":{"description":"Test - Rule","protocol":"Tcp","sourcePortRange":"*","destinationPortRange":"*","sourceAddressPrefix":"*","destinationAddressPrefix":"*","access":"Allow","priority":2001,"direction":"Outbound"}}]},"parameters":{"nsgName":{"value":"[field(''name'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/71289c53-22e7-4f31-a6dd-780b532380c2","type":"Microsoft.Authorization/policyDefinitions","name":"71289c53-22e7-4f31-a6dd-780b532380c2"},{"properties":{"displayName":"Deny - if blob is not encrypted","policyType":"Custom","mode":"All","parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"True"}}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/74d5cf40-7293-46a4-a285-7ea971e3719a","type":"Microsoft.Authorization/policyDefinitions","name":"74d5cf40-7293-46a4-a285-7ea971e3719a"},{"properties":{"displayName":"[cstack] - Location restriction","policyType":"Custom","mode":"All","description":"Policy - to force allocations to a set of given locations","metadata":{"category":"cstack"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources.","strongType":"location"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/763dcd1d-a4a9-46a8-8bd3-357c4533a335","type":"Microsoft.Authorization/policyDefinitions","name":"763dcd1d-a4a9-46a8-8bd3-357c4533a335"},{"properties":{"displayName":"ICM - 83577342 deny proxy resource location","policyType":"Custom","mode":"All","description":"https://icm.ad.msft.net/imp/v3/incidents/details/83577342/home","metadata":{},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"location","notEquals":"eastus"},{"field":"type","equals":"Microsoft.StreamAnalytics/streamingjobs/transformations"}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/77429b44-aac1-4417-a53e-6900c07e11ac","type":"Microsoft.Authorization/policyDefinitions","name":"77429b44-aac1-4417-a53e-6900c07e11ac"},{"properties":{"displayName":"akhe-incident-86230190-v2","policyType":"Custom","mode":"all","description":"reproing - incident 86230190, https://icm.ad.msft.net/imp/v3/incidents/details/86230190/home\n\nAudits - if a resource doesn''t have a lock v2","metadata":{"category":"akhe"},"parameters":{},"policyRule":{"if":{"not":{"field":"type","equals":"Microsoft.Authorization/locks"}},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Authorization/locks","existenceCondition":{"field":"Microsoft.Authorization/locks/level","in":["ReadOnly","CanNotDelete"]}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/83daa8ee-7c9a-470c-81a8-5a99ac09d134","type":"Microsoft.Authorization/policyDefinitions","name":"83daa8ee-7c9a-470c-81a8-5a99ac09d134"},{"properties":{"displayName":"Parameterized - effect (if location != eastus)","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The - policy effect."}}},"policyRule":{"if":{"not":{"field":"location","equals":"eastus"}},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2","type":"Microsoft.Authorization/policyDefinitions","name":"885f1dcb-a9c5-4c8c-8996-2702db44a2d2"},{"properties":{"displayName":"jilim - exists","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"not":{"field":"tags.xyz","exists":false}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/8959fd87-c1dd-4831-9034-a4f876bee1cc","type":"Microsoft.Authorization/policyDefinitions","name":"8959fd87-c1dd-4831-9034-a4f876bee1cc"},{"properties":{"displayName":"audit_cosmosdb_ipRangeFilter","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"allof":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"not":{"field":"Microsoft.DocumentDB/databaseAccounts/ipRangeFilter","equals":"lalala"}}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/9012b1cd-b045-46c6-a510-6137e06a009c","type":"Microsoft.Authorization/policyDefinitions","name":"9012b1cd-b045-46c6-a510-6137e06a009c"},{"properties":{"displayName":"chegg: - Remediation powershell test policy","policyType":"Custom","mode":"indexed","description":"This - policy is used in policyinsights powershell testing","metadata":{"category":""},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"location":{"type":"string"}},"resources":[],"outputs":{"location":{"type":"string","value":"[parameters(''location'')]"}}},"parameters":{"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/9934be7a-0e18-454d-a738-a1d9bcb0c202","type":"Microsoft.Authorization/policyDefinitions","name":"9934be7a-0e18-454d-a738-a1d9bcb0c202"},{"properties":{"displayName":"akhe - - Subscription Lvl test","policyType":"Custom","mode":"All","description":"Subscriptionlevel - auditIfNotExist policy","metadata":{"category":"akhe"},"parameters":{},"policyRule":{"if":{"source":"action","equals":"Microsoft.Resources/subscriptions/write"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Authorization/locks","existenceCondition":{"field":"name","equals":"testlock"}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a1b067c8-2970-4c0b-b0da-31ae7f33d1de","type":"Microsoft.Authorization/policyDefinitions","name":"a1b067c8-2970-4c0b-b0da-31ae7f33d1de"},{"properties":{"displayName":"[cstack] - Noop","policyType":"Custom","mode":"All","description":"Don''t do anything","metadata":{},"parameters":{},"policyRule":{"if":{"field":"type","in":["yabba","dabba","doo"]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a309ad64-0bae-48d9-a6b1-d99c0b4218b6","type":"Microsoft.Authorization/policyDefinitions","name":"a309ad64-0bae-48d9-a6b1-d99c0b4218b6"},{"properties":{"displayName":"HTTPS - For Web Apps","policyType":"Custom","mode":"all","description":"CSS","metadata":{"category":"WebApps"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"anyof":[{"not":{"field":"Microsoft.Web/sites/httpsOnly","exists":"true"}},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a337c781-c7d8-4e12-ae69-1951c7e74378","type":"Microsoft.Authorization/policyDefinitions","name":"a337c781-c7d8-4e12-ae69-1951c7e74378"},{"properties":{"displayName":"Ensure - https traffic only for storage account","policyType":"Custom","mode":"all","description":"Ensure - https traffic only for storage account","metadata":{},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly","equals":"true"}}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a5f66345-5fb9-4dfd-864a-e3464ee6c0c4","type":"Microsoft.Authorization/policyDefinitions","name":"a5f66345-5fb9-4dfd-864a-e3464ee6c0c4"},{"properties":{"displayName":"add - subscription name tag","policyType":"Custom","mode":"All","description":"add - subscription name tag","metadata":{"category":"camarvin"},"parameters":{},"policyRule":{"if":{"field":"tags.subscriptionname","exists":"false"},"then":{"effect":"append","details":[{"field":"tags.subscriptionname","value":"[subscription().displayName]"}]}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d82a2","type":"Microsoft.Authorization/policyDefinitions","name":"a752f8cb-6498-4e40-8431-b658ca4d82a2"},{"properties":{"displayName":"Add - subscription \"id\" tag","policyType":"Custom","mode":"All","metadata":{"category":"camarvin"},"parameters":{},"policyRule":{"if":{"field":"tags.id","exists":"false"},"then":{"effect":"append","details":[{"field":"tags.id","value":"[subscription().id]"}]}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d8339","type":"Microsoft.Authorization/policyDefinitions","name":"a752f8cb-6498-4e40-8431-b658ca4d8339"},{"properties":{"displayName":"add - subscriptionId tag","policyType":"Custom","mode":"All","metadata":{"category":"camarvin"},"parameters":{},"policyRule":{"if":{"field":"tags.subscriptionId","exists":"false"},"then":{"effect":"append","details":[{"field":"tags.subscriptionId","value":"[subscription().subscriptionId]"}]}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d8635","type":"Microsoft.Authorization/policyDefinitions","name":"a752f8cb-6498-4e40-8431-b658ca4d8635"},{"properties":{"displayName":"Allowed - Location Indexed","policyType":"Custom","mode":"Indexed","description":"hackathon - policy","parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources."}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/Allowed-Locations-Indexed","type":"Microsoft.Authorization/policyDefinitions","name":"Allowed-Locations-Indexed"},{"properties":{"displayName":"Audit - if antiMalware extension does not exist","policyType":"Custom","description":"This - policy audits if the anti malware extension .","policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Security"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"IaaSAntimalware"}]}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/antiMalwareExtensionExists","type":"Microsoft.Authorization/policyDefinitions","name":"antiMalwareExtensionExists"},{"properties":{"displayName":"Web - socket must be disabled on App Services","policyType":"Custom","description":"Ensures - web sockets are disabled on App Services.","policyRule":{"if":{"field":"location","equals":"foo"},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/AppServiceWebSockets","type":"Microsoft.Authorization/policyDefinitions","name":"AppServiceWebSockets"},{"properties":{"displayName":"Azure - Security Center must be enabled","policyType":"Custom","description":"Ensures - Azure Security Center is enabled.","policyRule":{"if":{"field":"location","equals":"foo"},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ASCEnabled","type":"Microsoft.Authorization/policyDefinitions","name":"ASCEnabled"},{"properties":{"displayName":"Audit - a tag and it''s value","policyType":"Custom","description":"Audits if a tag - and it''s value doesn''t exist for a given resource","parameters":{"tagName":{"type":"String","metadata":{"displayName":"The - name for the tag","description":"The name for the tag."},"allowedValues":[]},"tagValue":{"type":"String","metadata":{"displayName":"The - value for the tag","description":"The value for the tag"},"allowedValues":[]}},"policyRule":{"if":{"not":{"field":"[concat(''tags.'',parameters(''tagName''))]","equals":"[parameters(''tagValue'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/Audit - a tag and it''s value","type":"Microsoft.Authorization/policyDefinitions","name":"Audit - a tag and it''s value"},{"properties":{"displayName":"Audit a tag and it''s - value","policyType":"Custom","description":"Audits if a tag and it''s value - doesn''t exist for a given resource","parameters":{"tagName":{"type":"String","metadata":{"displayName":"The - name for the tag","description":"The name for the tag."},"allowedValues":[]},"tagValue":{"type":"String","metadata":{"displayName":"The - value for the tag","description":"The value for the tag"},"allowedValues":[]}},"policyRule":{"if":{"not":{"field":"[concat(''tags.'',parameters(''tagName''))]","equals":"[parameters(''tagValue'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/Audit - a tag and its value","type":"Microsoft.Authorization/policyDefinitions","name":"Audit - a tag and its value"},{"properties":{"displayName":"Audit if extension does - not exist","policyType":"Custom","mode":"All","description":"This policy audits - if a required extension doesn''t exist.","parameters":{"publisher":{"type":"String","metadata":{"description":"The - publisher of the extension","displayName":"Extension Publisher"}},"type":{"type":"String","metadata":{"description":"The - type of the extension","displayName":"Extension Type"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","in":["MicrosoftWindowsServer"]},{"field":"Microsoft.Compute/imageOffer","in":["WindowsServer"]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"[parameters(''publisher'')]"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"[parameters(''type'')]"}]}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/audit-vm-extension","type":"Microsoft.Authorization/policyDefinitions","name":"audit-vm-extension"},{"properties":{"displayName":"CanCrudPolicyAssignment - Policy Definition $[Auto Test]","policyType":"Custom","policyRule":{"if":{"source":"action","equals":"ResourceProviderTestHost/TestResourceType/TestResourceTypeNestedOne/write"},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azsmnet6487","type":"Microsoft.Authorization/policyDefinitions","name":"azsmnet6487"},{"properties":{"displayName":"test_policy000003_new","policyType":"Custom","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Sql/servers/databases","Microsoft.Sql/managedinstances/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"sqlVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","type":"Microsoft.Authorization/policyDefinitions","name":"feedbf84-6b99-488c-acc2-71c829aa5ffc"},{"properties":{"displayName":"test_policy3ulbefgq5","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed - locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"},{"properties":{"displayName":"makharchtest","policyType":"Custom","mode":"All","description":"policy","metadata":{"category":""},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources.","strongType":"location"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/b36f6195-0fc5-4a41-bbce-875248400f5f","type":"Microsoft.Authorization/policyDefinitions","name":"b36f6195-0fc5-4a41-bbce-875248400f5f"},{"properties":{"displayName":"NSG - Rules exists test","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"allof":[{"field":"type","equals":"Microsoft.Network/networkSecurityGroups"},{"not":{"field":"Microsoft.Network/networkSecurityGroups/securityRules[*].protocol","notLike":"*"}}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/bb6a78ae-8737-41e0-9c41-cc777c8c00a0","type":"Microsoft.Authorization/policyDefinitions","name":"bb6a78ae-8737-41e0-9c41-cc777c8c00a0"},{"properties":{"displayName":"Audit - allowed locations","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources.","strongType":"location"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c0f586f1-abe5-4801-8588-7332e49e60c9","type":"Microsoft.Authorization/policyDefinitions","name":"c0f586f1-abe5-4801-8588-7332e49e60c9"},{"properties":{"displayName":"akhe - resource group auditIfNotExists","policyType":"Custom","mode":"All","metadata":{"category":""},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Authorization/locks","existenceCondition":{"field":"name","equals":"testlock"}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c7b9982d-2f50-4730-935f-5c241982a441","type":"Microsoft.Authorization/policyDefinitions","name":"c7b9982d-2f50-4730-935f-5c241982a441"},{"properties":{"displayName":"jilim - allowed resource types","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{"allowedTypes":{"type":"Array","metadata":{"displayName":"Allowed - resource types","description":"The list of allowed resource types","strongType":"resourceTypes"}}},"policyRule":{"if":{"not":{"field":"type","in":"[parameters(''allowedTypes'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c872f951-1c5d-4c61-89dd-aee2350a11ba","type":"Microsoft.Authorization/policyDefinitions","name":"c872f951-1c5d-4c61-89dd-aee2350a11ba"},{"properties":{"displayName":"Audit - location","policyType":"Custom","mode":"All","parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources."}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474","type":"Microsoft.Authorization/policyDefinitions","name":"c8b79b49-a579-4045-984e-1b249ab8b474"},{"properties":{"displayName":"camarvin - empty string","policyType":"Custom","mode":"all","description":"Ensure resource - names meet the like condition for a pattern.","metadata":{},"parameters":{"namePattern":{"type":"String","metadata":{"displayName":"namePattern","description":"Pattern - to use for names. Can include wildcard (*)."},"allowedValues":["","one","two"],"defaultValue":""}},"policyRule":{"if":{"not":{"field":"name","equals":"[parameters(''namePattern'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/camarvin-test-empty-assign","type":"Microsoft.Authorization/policyDefinitions","name":"camarvin-test-empty-assign"},{"properties":{"displayName":"elpere - append ''test'' tag","policyType":"Custom","mode":"all","metadata":{},"parameters":{},"policyRule":{"if":{"field":"name","equals":"elpereKv"},"then":{"effect":"append","details":[{"field":"tags.test","value":"1"}]}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ced59ff0-9061-49dd-94de-093b33a640cf","type":"Microsoft.Authorization/policyDefinitions","name":"ced59ff0-9061-49dd-94de-093b33a640cf"},{"properties":{"displayName":"elpere - deny on ''test'' tag","policyType":"Custom","mode":"all","metadata":{},"parameters":{},"policyRule":{"if":{"field":"tags.test","equals":"1"},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ced59ff0-9061-49dd-94de-093b33a640d7","type":"Microsoft.Authorization/policyDefinitions","name":"ced59ff0-9061-49dd-94de-093b33a640d7"},{"properties":{"displayName":"Resource - name contains resource group name","policyType":"Custom","mode":"Indexed","description":"Require - resources to contain the resource group''s name","policyRule":{"if":{"field":"name","notContains":"[resourceGroup().name]"},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/contain-resource-group-name","type":"Microsoft.Authorization/policyDefinitions","name":"contain-resource-group-name"},{"properties":{"displayName":"akhe-incident-86226837-v3","policyType":"Custom","mode":"all","description":"third - attempt to repro this incident. ","metadata":{"category":"akhe"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Sql/servers/firewallRules"}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d03e03ca-6424-4e28-8842-5796dc0b5002","type":"Microsoft.Authorization/policyDefinitions","name":"d03e03ca-6424-4e28-8842-5796dc0b5002"},{"properties":{"displayName":"akhe-incident-86230190-deployIfNotExists","policyType":"Custom","mode":"all","description":"deploys - a delete lock for a resource ","metadata":{"category":"akhe"},"parameters":{},"policyRule":{"if":{"not":{"field":"type","equals":"Microsoft.Authorization/locks"}},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Authorization/locks","roleDefinitionIds":["/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635"],"existenceCondition":{"field":"Microsoft.Authorization/locks/level","in":["CanNotDelete"]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{},"variables":{},"resources":[{"type":"Microsoft.Authorization/locks","apiVersion":"2015-01-01","name":"DeleteLock","properties":{"level":"CanNotDelete","notes":"prevent - deletion"}}],"outputs":{}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d03e03ca-6424-4e28-8842-5796dc0b5632","type":"Microsoft.Authorization/policyDefinitions","name":"d03e03ca-6424-4e28-8842-5796dc0b5632"},{"properties":{"displayName":"Enforce - KeyVault diagnostic log storage (elpere)","policyType":"Custom","mode":"all","description":"Ensures - that AuditEvents are collected from all Key Vaults in the subscription and - stored in a specific storage account for 30 days.","metadata":{"category":"Key - Vault"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"},"roleDefinitionIds":["/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","variables":{"storageName":"elperetest"},"resources":[{"type":"Microsoft.KeyVault/vaults/providers/diagnosticSettings","name":"[concat(parameters(''vaultName''),''/Microsoft.Insights/setbypolicy'')]","apiVersion":"2017-05-01-preview","location":"[parameters(''location'')]","properties":{"storageAccountId":"[resourceid(''elpere'', - ''Microsoft.Storage/storageAccounts'', variables(''storageName''))]","logs":[{"category":"AuditEvent","enabled":true,"retentionPolicy":{"enabled":true,"days":30}}]}}],"parameters":{"vaultName":{"type":"string"},"location":{"type":"string"}}},"parameters":{"vaultName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d0d9349d-843c-443a-9f27-5ce84f08c37e","type":"Microsoft.Authorization/policyDefinitions","name":"d0d9349d-843c-443a-9f27-5ce84f08c37e"},{"properties":{"displayName":"elpere - deny test","policyType":"Custom","mode":"all","description":"","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"field":"name","equals":"elpereKv"},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d1c0e77c-53b4-4c4d-a1f5-c535a370b0c5","type":"Microsoft.Authorization/policyDefinitions","name":"d1c0e77c-53b4-4c4d-a1f5-c535a370b0c5"},{"properties":{"displayName":"Access - KV as part of remidiation deployment test (elpere)","policyType":"Custom","mode":"all","description":"","metadata":{"category":"Key - Vault"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"hello"},"deployment":{"properties":{"mode":"Incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json","contentVersion":"1.0.0.0","resources":[],"parameters":{"testSecret":{"type":"string"}},"outputs":{"testSecretOutput":{"type":"string","value":"[parameters(''testSecret'')]"}}},"parameters":{"testSecret":{"reference":{"keyVault":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.KeyVault/vaults/elpereKv"},"secretName":"test"}}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d35ce9be-f51b-4d3e-bc7f-dde2936381b0","type":"Microsoft.Authorization/policyDefinitions","name":"d35ce9be-f51b-4d3e-bc7f-dde2936381b0"},{"properties":{"displayName":"Deploy - security rule with restricted source IPs (NSG level)","policyType":"Custom","mode":"All","description":"Overwrites - security rules with IP restrictions at the NSG level","metadata":{"category":"Port - Lockdown"},"parameters":{"destinationPortRanges":{"type":"Array","metadata":{"displayName":"Destination - port ranges","description":"Destination port ranges requiring IP restrictions. - Ranges may overlap."}},"sourceAddressPrefixes":{"type":"Array","metadata":{"displayName":"IP - restriction prefixes","description":"The IP ranges incoming traffic will be - restricted to. I.e. 192.4.0.0/8;192.5.0.0/8"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkSecurityGroups"},{"anyOf":[{"not":{"field":"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange","notIn":"[parameters(''destinationPortRanges'')]"}},{"not":{"field":"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]","notIn":"[parameters(''destinationPortRanges'')]"}}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Network/networkSecurityGroups/securityRules","existenceCondition":{"allOf":[{"anyOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange","in":"[parameters(''destinationPortRanges'')]"},{"not":{"field":"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]","notIn":"[parameters(''destinationPortRanges'')]"}}]},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/access","equals":"Allow"},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/direction","equals":"Inbound"},{"anyOf":[{"allOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]","exists":"true"},{"not":{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]","notLike":"*"}},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]","notIn":["*","Internet"]}]},{"allOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix","exists":"true"},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix","notEquals":""},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix","notIn":["*","Internet"]}]}]}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"nsgName":{"type":"string"},"location":{"type":"string"},"destinationPortRanges":{"type":"array"},"sourceAddressPrefixes":{"type":"array"}},"variables":{"getNsgDeploymentName":"[concat(''getNSGContent-'', - parameters(''nsgName''))]","collectorDeploymentName":"[concat(''collectRules-'', - parameters(''nsgName''))]","overwriteNsgDeploymentName":"[concat(''overwriteNsg-'', - parameters(''nsgName''))]","nsgResourceId":"[resourceId(subscription().subscriptionId, - resourceGroup().name, ''Microsoft.Network/networkSecurityGroups'', parameters(''nsgName''))]"},"resources":[{"apiVersion":"2018-02-01","type":"Microsoft.Resources/deployments","name":"[variables(''getNsgDeploymentName'')]","properties":{"mode":"Incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","resources":[],"outputs":{"nsgProperties":{"type":"object","value":"[reference(variables(''nsgResourceId''), - ''2018-03-01'', ''Full'')]"}}}}},{"apiVersion":"2018-02-01","type":"Microsoft.Resources/deployments","name":"[variables(''collectorDeploymentName'')]","properties":{"mode":"Incremental","templateLink":{"uri":"https://portlockdown.blob.core.windows.net/portlockdown-templates/SecurityRule_NSGLevel_collectRules_template.json","contentVersion":"1.0.0.0"},"parameters":{"nsgProperties":{"value":"[reference(variables(''getNsgDeploymentName'')).outputs.nsgProperties.value]"},"nsgName":{"value":"[parameters(''nsgName'')]"},"location":{"value":"[parameters(''location'')]"},"portRangesToRestrict":{"value":"[parameters(''destinationPortRanges'')]"},"sourceAddressPrefixes":{"value":"[parameters(''sourceAddressPrefixes'')]"}}}},{"apiVersion":"2018-02-01","type":"Microsoft.Resources/deployments","name":"[variables(''overwriteNsgDeploymentName'')]","properties":{"mode":"Incremental","templateLink":{"uri":"https://portlockdown.blob.core.windows.net/portlockdown-templates/SecurityRule_NSGLevel_overwriteNSG_template.json","contentVersion":"1.0.0.0"},"parameters":{"originalNsgProperties":{"value":"[reference(variables(''getNsgDeploymentName'')).outputs.nsgProperties.value]"},"updatedSecurityRules":{"value":"[reference(variables(''collectorDeploymentName'')).outputs.updatedSecurityRules.value]"},"nsgName":{"value":"[parameters(''nsgName'')]"},"location":{"value":"[parameters(''location'')]"}}}}]},"parameters":{"nsgName":{"value":"[field(''name'')]"},"sourceAddressPrefixes":{"value":"[parameters(''sourceAddressPrefixes'')]"},"destinationPortRanges":{"value":"[parameters(''destinationPortRanges'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d7b13c30-e6aa-47e1-b50a-8e33f152d086","type":"Microsoft.Authorization/policyDefinitions","name":"d7b13c30-e6aa-47e1-b50a-8e33f152d086"},{"properties":{"displayName":"Audit - storage account SKUs","policyType":"Custom","mode":"All","metadata":{"category":"Demo - 323"},"parameters":{"listOfAllowedSKUs":{"type":"Array","metadata":{"displayName":"Audited - skus","description":"The list of skus.","strongType":"storageSkus"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/dbe1e663-7265-4cf4-96b5-7435b21e90ee","type":"Microsoft.Authorization/policyDefinitions","name":"dbe1e663-7265-4cf4-96b5-7435b21e90ee"},{"properties":{"displayName":"Audit - virtual machines SKUs","policyType":"Custom","mode":"All","metadata":{"category":"Demo - 323"},"parameters":{"listOfAllowedSKUs":{"type":"Array","metadata":{"displayName":"List - Of Allowed SKUs","description":"The list of allowed locations for resources.","strongType":"vmSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"field":"Microsoft.Compute/virtualMachines/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/dbe1e663-7265-4cf4-96b5-7435b21e9170","type":"Microsoft.Authorization/policyDefinitions","name":"dbe1e663-7265-4cf4-96b5-7435b21e9170"},{"properties":{"displayName":"[elpere] - deployIfNotExists Runners test","policyType":"Custom","mode":"all","metadata":{},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Network/networkSecurityGroups"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Network/networkSecurityGroups/securityRules","name":"deployIfNotExistsTestsRule","deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"nsgName":{"type":"string"}},"resources":[{"apiVersion":"2018-08-01","type":"Microsoft.Network/networkSecurityGroups/securityRules","name":"[concat(parameters(''nsgName''), - ''/deployIfNotExistsTestsRule'')]","properties":{"protocol":"Tcp","sourcePortRange":"*","destinationPortRange":"*","sourceAddressPrefix":"*","destinationAddressPrefix":"*","access":"Deny","priority":2000,"direction":"Outbound"}}]},"parameters":{"nsgName":{"value":"[field(''name'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/dbfa9fc0-5202-4001-8759-1aa2387f825b","type":"Microsoft.Authorization/policyDefinitions","name":"dbfa9fc0-5202-4001-8759-1aa2387f825b"},{"properties":{"displayName":"allowedOS","policyType":"Custom","mode":"All","metadata":{"category":"test_sandipsh"},"parameters":{"listOfAllowedWindows":{"type":"Array","metadata":{"displayName":"Allowed - Windows VMs","description":"The list of allowed VMs for Windows."}},"listOfAllowedUbuntus":{"type":"Array","metadata":{"displayName":"Allowed - Ubuntu VMs","description":"The list of allowed VMs for Ubuntu."}}},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Compute/disks","Microsoft.Compute/virtualMachines","Microsoft.Compute/VirtualMachineScaleSets"]},{"not":{"allOf":[{"field":"Microsoft.Compute/imagePublisher","in":["Canonical"]},{"field":"Microsoft.Compute/imageOffer","in":["UbuntuServer"]},{"field":"Microsoft.Compute/imageSku","in":"[parameters(''listOfAllowedUbuntus'')]"},{"field":"Microsoft.Compute/imageVersion","in":["latest"]}]}},{"not":{"allOf":[{"field":"Microsoft.Compute/imagePublisher","in":["MicrosoftWindowsServer"]},{"field":"Microsoft.Compute/imageOffer","in":["WindowsServer"]},{"field":"Microsoft.Compute/imageSku","in":"[parameters(''listOfAllowedWindows'')]"},{"field":"Microsoft.Compute/imageVersion","in":["latest"]}]}}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e2bdec61-8c05-4ad6-b8bf-cd1b0a87c091","type":"Microsoft.Authorization/policyDefinitions","name":"e2bdec61-8c05-4ad6-b8bf-cd1b0a87c091"},{"properties":{"displayName":"jilim - recovery services backup policies","policyType":"Custom","mode":"all","metadata":{"category":"Test"},"parameters":{"policies":{"type":"Array","metadata":{"displayName":"Allowed - Recovery Services backup policies","description":"The list of allowed Recovery - Services backup policies.","strongType":"Microsoft.RecoveryServices/vaults/backupPolicies"}},"policy":{"type":"String","metadata":{"displayName":"Allowed - Recovery Services backup policy","description":"Allowed Recovery Services - backup policy.","strongType":"Microsoft.RecoveryServices/vaults/backupPolicies"}}},"policyRule":{"if":{"allOf":[{"not":{"field":"location","in":"[parameters(''policies'')]"}},{"not":{"field":"location","equals":"[parameters(''policy'')]"}}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e3f9a624-b17d-4dc8-9649-65814d3241bb","type":"Microsoft.Authorization/policyDefinitions","name":"e3f9a624-b17d-4dc8-9649-65814d3241bb"},{"properties":{"displayName":"defaultValue: - all parameters","policyType":"Custom","mode":"All","metadata":{"category":"defaultValue"},"parameters":{"locations":{"type":"Array","metadata":{"displayName":"Strong - type (no scope, array)","description":"The list of locations for resources.","strongType":"location"},"defaultValue":["eastus","westus"]},"location":{"type":"String","metadata":{"displayName":"Strong - type (no scope, string)","description":"The location for resources.","strongType":"location"},"defaultValue":"eastus"},"resourceGroups":{"type":"Array","metadata":{"displayName":"Strong - type (array)","description":"The list of resource groups.","strongType":"existingResourceGroups"},"defaultValue":["camarvin"]},"resourceGroup":{"type":"String","metadata":{"displayName":"Strong - type (string)","description":"The resource group.","strongType":"existingResourceGroups"},"defaultValue":"camarvin"},"tags":{"type":"Array","metadata":{"displayName":"Non - strong type (array)","description":"The list of tags."},"defaultValue":[]},"tag":{"type":"String","metadata":{"displayName":"Non - strong type (string)","description":"The tag."},"defaultValue":""},"allowedLocations":{"type":"Array","metadata":{"displayName":"Strong - type (no scope, array, av)","description":"The list of allowed locations for - resources.","strongType":"location"},"allowedValues":["eastus","westus","southus"],"defaultValue":["eastus"]},"allowedLocation":{"type":"String","metadata":{"displayName":"Strong - type (no scope, string, av)","description":"The allowed location for resources.","strongType":"location"},"allowedValues":["eastus","westus","southus"],"defaultValue":"eastus"},"allowedStorageSKUs":{"type":"Array","metadata":{"displayName":"Strong - type (array, av)","description":"The list of allowed storage SKUs for resources.","strongType":"storageSkus"},"allowedValues":["Standard_LRS","Standard_ZRS","Standard_GRS"],"defaultValue":["Standard_LRS","Standard_ZRS","Standard_GRS"]},"allowedStorageSKU":{"type":"String","metadata":{"displayName":"Strong - type (string, av)","description":"The allowed storage SKU for resources.","strongType":"storageSkus"},"allowedValues":["Standard_LRS","Standard_ZRS","Standard_GRS"],"defaultValue":"Standard_LRS"},"allowedTags":{"type":"Array","metadata":{"displayName":"Non - strong type (array, av)","description":"The list of allowed tags."},"allowedValues":["FirstName","LastName","Age"],"defaultValue":["FirstName","LastName","Age"]},"allowedTag":{"type":"String","metadata":{"displayName":"Non - strong type (string, av)","description":"The allowed tag."},"allowedValues":["FirstName","LastName","Age"],"defaultValue":"FirstName"}},"policyRule":{"if":{"allOf":[{"field":"location","in":"[parameters(''locations'')]"},{"field":"location","equals":"[parameters(''location'')]"},{"field":"location","in":"[parameters(''resourceGroups'')]"},{"field":"location","equals":"[parameters(''resourceGroup'')]"},{"field":"location","in":"[parameters(''tags'')]"},{"field":"location","equals":"[parameters(''tag'')]"},{"field":"location","in":"[parameters(''allowedLocations'')]"},{"field":"location","equals":"[parameters(''allowedLocation'')]"},{"field":"location","in":"[parameters(''allowedStorageSkus'')]"},{"field":"location","Equals":"[parameters(''allowedStorageSku'')]"},{"field":"location","in":"[parameters(''allowedTags'')]"},{"field":"location","NotEquals":"[parameters(''allowedTag'')]"}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ea1688b3-022e-4add-af39-2fe60689a3b0","type":"Microsoft.Authorization/policyDefinitions","name":"ea1688b3-022e-4add-af39-2fe60689a3b0"},{"properties":{"displayName":"Deny - \"Allow All\" NSG rules","policyType":"Custom","mode":"All","description":"Denies - the creation of sourceAddressPrefix=\"*\", destinationPortRange=\"*\" NSG - security rules","metadata":{"category":"Port Lockdown"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkSecurityGroups/securityRules"},{"field":"name","notEquals":"PortLockdown_AllowAll"},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/priority","notEquals":"4000"},{"allOf":[{"anyOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange","equals":"*"},{"not":{"field":"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]","notEquals":"*"}}]},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/access","equals":"Allow"},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/direction","equals":"Inbound"},{"anyOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix","in":["*","Internet"]},{"not":{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]","notIn":["*","Internet"]}}]}]}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ebcd21e9-b89f-4a22-8654-dd3a4d8b9321","type":"Microsoft.Authorization/policyDefinitions","name":"ebcd21e9-b89f-4a22-8654-dd3a4d8b9321"},{"properties":{"displayName":"Audit - allowed locations","policyType":"Custom","description":"This policy enables - you to audit your location.","parameters":{"listOfAllowedLocations":{"type":"Array","metadata":{"description":"The - list of locations that can be specified when deploying resources.","strongType":"location","displayName":"Allowed - locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''listOfAllowedLocations'')]"}},"then":{"effect":"Audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/LocationAuditDefinition","type":"Microsoft.Authorization/policyDefinitions","name":"LocationAuditDefinition"},{"properties":{"policyType":"Custom","parameters":{},"policyRule":{"if":{"field":"location","equals":"northeurope"},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","type":"Microsoft.Authorization/policyDefinitions","name":"policy2"},{"properties":{"policyType":"Custom","mode":"All","description":"test - policy","parameters":{"resourceType":{"type":"String","metadata":{"displayName":"Resource - Type","description":"The target resource type."}},"alertNamePrefix":{"type":"String","metadata":{"displayName":"Alert - name prefix","description":"A prefix to be used for the metrics alert."}},"alertDescription":{"type":"String","metadata":{"displayName":"Alert - description.","description":"The description of alert."}},"alertSeverity":{"type":"String","metadata":{"displayName":"alertSeverity","description":"Severity - of alert {0,1,2,3,4}"},"allowedValues":["0","1","2","3","4"]},"isEnabled":{"type":"String","metadata":{"displayName":"isEnabled","description":"Specifies - whether the alert is enabled."},"allowedValues":["true","false"]},"metricName":{"type":"String","metadata":{"displayName":"Metric - name","description":"The metric name."}},"operator":{"type":"String","metadata":{"displayName":"Operator","description":"The - operator comparing the current value with the threshold value."}},"threshold":{"type":"String","metadata":{"displayName":"Threshold","description":"The - threshold value at which the alert is activated."}},"timeAggregation":{"type":"String","metadata":{"displayName":"TimeAggregation","description":"How - the data that is collected should be combined over time."}},"windowSize":{"type":"String","metadata":{"displayName":"Window - size","description":"Period of time used to monitor alert activity based on - the threshold. Must be between five minutes and one day. ISO 8601 duration - format."}},"evaluationFrequency":{"type":"String","metadata":{"displayName":"Evaluation - Frequency","description":"How often the metric alert is evaluated represented - in ISO 8601 duration format"}},"actionGroupId":{"type":"String","metadata":{"displayName":"ActionGroupId","description":"The - ID of the action group that is triggered when the alert is activated or deactivated"}}},"policyRule":{"if":{"field":"type","equals":"[parameters(''resourceType'')]"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Insights/metricAlerts","existenceCondition":{"field":"name","equals":"[concat(parameters(''alertNamePrefix''), - ''-'', resourcegroup().name, ''-'', field(''name''))]"},"existenceScope":"subscription","deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"alertNamePrefix":{"type":"string","minLength":1,"metadata":{"description":"A - prefix to be used for the metrics alert."}},"alertDescription":{"type":"string","defaultValue":"This - is a metric alert","metadata":{"description":"Description of alert"}},"alertSeverity":{"type":"string","defaultValue":"3","allowedValues":["0","1","2","3","4"],"metadata":{"description":"Severity - of alert {0,1,2,3,4}"}},"isEnabled":{"type":"string","defaultValue":"true","metadata":{"description":"Specifies - whether the alert is enabled"}},"metricName":{"type":"string","minLength":1,"metadata":{"description":"Name - of the metric used in the comparison to activate the alert."}},"operator":{"type":"string","defaultValue":"GreaterThan","allowedValues":["Equals","NotEquals","GreaterThan","GreaterThanOrEqual","LessThan","LessThanOrEqual"],"metadata":{"description":"Operator - comparing the current value with the threshold value."}},"threshold":{"type":"string","defaultValue":"0","metadata":{"description":"The - threshold value at which the alert is activated."}},"timeAggregation":{"type":"string","defaultValue":"Average","allowedValues":["Average","Minimum","Maximum","Total"],"metadata":{"description":"How - the data that is collected should be combined over time."}},"windowSize":{"type":"string","defaultValue":"PT5M","metadata":{"description":"Period - of time used to monitor alert activity based on the threshold. Must be between - five minutes and one day. ISO 8601 duration format."}},"evaluationFrequency":{"type":"string","defaultValue":"PT1M","metadata":{"description":"how - often the metric alert is evaluated represented in ISO 8601 duration format"}},"actionGroupId":{"type":"string","defaultValue":"","metadata":{"description":"The - ID of the action group that is triggered when the alert is activated or deactivated"}},"resourceType":{"type":"string","metadata":{"description":"The - resource type of target resource."}},"targetResourceName":{"type":"string","metadata":{"description":"The - target resource name."}}},"variables":{"targetResourceType":"[parameters(''resourceType'')]","resourceIdentifier":"[resourceId(variables(''targetResourceType''), - parameters(''targetResourceName''))]","alertName":"[concat(parameters(''alertNamePrefix''), - ''-'', resourcegroup().name, ''-'', parameters(''targetResourceName''))]"},"resources":[{"name":"[variables(''alertName'')]","type":"Microsoft.Insights/metricAlerts","location":"global","apiVersion":"2018-03-01","tags":{},"properties":{"description":"[parameters(''alertDescription'')]","severity":"[parameters(''alertSeverity'')]","enabled":"[parameters(''isEnabled'')]","scopes":["[variables(''resourceIdentifier'')]"],"evaluationFrequency":"[parameters(''evaluationFrequency'')]","windowSize":"[parameters(''windowSize'')]","criteria":{"odata.type":"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria","allOf":[{"name":"1st - criterion","metricName":"[parameters(''metricName'')]","dimensions":[],"operator":"[parameters(''operator'')]","threshold":"[parameters(''threshold'')]","timeAggregation":"[parameters(''timeAggregation'')]"}]},"actions":[{"actionGroupId":"[parameters(''actionGroupId'')]"}]}}]},"parameters":{"alertNamePrefix":{"value":"[parameters(''alertNamePrefix'')]"},"alertDescription":{"value":"[parameters(''alertDescription'')]"},"alertSeverity":{"value":"[parameters(''alertSeverity'')]"},"isEnabled":{"value":"[parameters(''isEnabled'')]"},"metricName":{"value":"[parameters(''metricName'')]"},"operator":{"value":"[parameters(''operator'')]"},"threshold":{"value":"[parameters(''threshold'')]"},"timeAggregation":{"value":"[parameters(''timeAggregation'')]"},"windowSize":{"value":"[parameters(''windowSize'')]"},"evaluationFrequency":{"value":"[parameters(''evaluationFrequency'')]"},"actionGroupId":{"value":"[parameters(''actionGroupId'')]"},"resourceType":{"value":"[parameters(''resourceType'')]"},"targetResourceName":{"value":"[field(''name'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/testSandipsh.draft","type":"Microsoft.Authorization/policyDefinitions","name":"testSandipsh.draft"},{"properties":{"displayName":"testtest","policyType":"Custom","description":"testtest","parameters":{"tagName":{"type":"String","metadata":{"displayName":"The - name for the tag","description":"The name for the tag."},"allowedValues":[]},"tagValue":{"type":"String","metadata":{"displayName":"The - value for the tag","description":"The value for the tag"},"allowedValues":[]}},"policyRule":{"if":{"not":{"field":"[concat(''tags.'',parameters(''tagName''))]","equals":"[parameters(''tagValue'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/testtest","type":"Microsoft.Authorization/policyDefinitions","name":"testtest"}]}'} + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy5rxcsbgyu","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy5rxcsbgyu"},{"properties":{"displayName":"test_policyvrud2j572","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy6rmvrx2ug","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy6rmvrx2ug"},{"properties":{"displayName":"test_policyeezgnn3tf","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy72fpbk6om","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy72fpbk6om"},{"properties":{"displayName":"test_policylzld56g3c","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy75lhjp2qz","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy75lhjp2qz"},{"properties":{"displayName":"test_policy4leaozaze","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyafjaspbln","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyafjaspbln"},{"properties":{"displayName":"test_policytz5xijuco","policyType":"Custom","description":"desc_for_test_policy_123","parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","displayName":"Allowed + locations","strongType":"location"}}},"policyRule":{"if":{"not":{"in":"[parameters(''allowedLocations'')]","field":"location"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyaip6dvuui","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyaip6dvuui"},{"properties":{"displayName":"test_policyk2ipvteje","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policycc24wg2ai","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policycc24wg2ai"},{"properties":{"displayName":"test_policynek2j6dvx","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyebyt2or2s","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyebyt2or2s"},{"properties":{"displayName":"test_policyo57mbgttt","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyf4gvztvgz","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyf4gvztvgz"},{"properties":{"displayName":"test_policyry7ktdqpn","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyfneqctrjx","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyfneqctrjx"},{"properties":{"displayName":"test_policypq5w4fcp5","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyhavmopeay","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyhavmopeay"},{"properties":{"displayName":"test_policyzhxn622hb","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyhb6kmyq63","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyhb6kmyq63"},{"properties":{"displayName":"test_policyzbi2xb6y7","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyismcbfzwf","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyismcbfzwf"},{"properties":{"displayName":"test_policyyulsilxiw","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyjp2hqpyxg","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyjp2hqpyxg"},{"properties":{"displayName":"test_policym7v6bzkep","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyl5e3igsku","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyl5e3igsku"},{"properties":{"displayName":"test_policyr5ivz4uoy","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policylw4dif6k4","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policylw4dif6k4"},{"properties":{"displayName":"test_policyp2yhkolhg","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policymxx4vzibo","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policymxx4vzibo"},{"properties":{"displayName":"test_policyt252aa3in","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyose3kehj3","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyose3kehj3"},{"properties":{"displayName":"test_policyg5g7wrd63","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyqcexugiyb","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyqcexugiyb"},{"properties":{"displayName":"test_policy5u5ook2zf","policyType":"Custom","description":"desc_for_test_policy_123","parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyrs5zxfokx","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyrs5zxfokx"},{"properties":{"displayName":"test_policyepxuvmnrs","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyrtseayuym","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyrtseayuym"},{"properties":{"displayName":"test_policyeglfwi2os","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyrzih7n7ws","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyrzih7n7ws"},{"properties":{"displayName":"test_policyeop2lxcb7","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policytaxuus2zo","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policytaxuus2zo"},{"properties":{"displayName":"test_policymichd2ukj","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policytrkoh7vio","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policytrkoh7vio"},{"properties":{"displayName":"test_policymhqqjyizg","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyunv6j3gfp","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyunv6j3gfp"},{"properties":{"displayName":"test_policyf2qzg3ba4","policyType":"Custom","description":"desc_for_test_policy_123_new","parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","displayName":"Allowed + locations","strongType":"location"}}},"policyRule":{"if":{"not":{"in":"[parameters(''allowedLocations'')]","field":"location"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyv3qavzpbx","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyv3qavzpbx"},{"properties":{"displayName":"test_policy5koxubsg5","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyv53qgvql6","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyv53qgvql6"},{"properties":{"displayName":"test_policy7t2i6ysv7","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyvpb2ircbl","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyvpb2ircbl"},{"properties":{"displayName":"test_policyif4bjggk7","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyyuuoin4oc","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyyuuoin4oc"},{"properties":{"displayName":"test_policy000003_new","policyType":"Custom","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed + locations","description":"The list of locations that can be specified when + deploying resources","strongType":"location"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"}]}'} headers: cache-control: [no-cache] - content-length: ['299928'] + content-length: ['237817'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:40:58 GMT'] + date: ['Tue, 27 Nov 2018 04:14:46 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -1148,20 +907,21 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002?api-version=2018-03-01 response: - body: {string: '{"properties":{"displayName":"test_policy000003_new","policyType":"Custom","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The - list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed - locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"}'} + body: {string: '{"properties":{"displayName":"test_policy000003_new","policyType":"Custom","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed + locations","description":"The list of locations that can be specified when + deploying resources","strongType":"location"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"}'} headers: cache-control: [no-cache] content-length: ['710'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:41:00 GMT'] + date: ['Tue, 27 Nov 2018 04:14:47 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -1177,20 +937,21 @@ interactions: CommandName: [policy assignment create] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [--policy -n --display-name -g --params] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002?api-version=2018-03-01 response: - body: {string: '{"properties":{"displayName":"test_policy000003_new","policyType":"Custom","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The - list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed - locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"}'} + body: {string: '{"properties":{"displayName":"test_policy000003_new","policyType":"Custom","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed + locations","description":"The list of locations that can be specified when + deploying resources","strongType":"location"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"}'} headers: cache-control: [no-cache] content-length: ['710'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:41:00 GMT'] + date: ['Tue, 27 Nov 2018 04:14:48 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -1203,7 +964,7 @@ interactions: "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002", "scope": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001", "parameters": {"allowedLocations": {"value": ["australiaeast", "eastus", "japaneast", - "westus"]}}}, "sku": {"name": "A0", "tier": "Free"}}\\\''\''''' + "westus"]}}}, "sku": {"tier": "Free", "name": "A0"}}\\\''\''''' headers: Accept: [application/json] Accept-Encoding: ['gzip, deflate'] @@ -1211,8 +972,9 @@ interactions: Connection: [keep-alive] Content-Length: ['508'] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [--policy -n --display-name -g --params] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: PUT uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000004?api-version=2018-03-01 @@ -1222,7 +984,7 @@ interactions: cache-control: [no-cache] content-length: ['834'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:41:01 GMT'] + date: ['Tue, 27 Nov 2018 04:14:49 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -1237,19 +999,20 @@ interactions: CommandName: [network vnet create] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 + ParameterSetName: [-g -n --subnet-name] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 msrest_azure/0.4.34 resourcemanagementclient/2.0.0 Azure-SDK-For-Python - AZURECLI/2.0.48] + AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_policy000001?api-version=2018-05-01 response: - body: {string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001","name":"cli_test_policy000001","location":"westus","tags":{"product":"azurecli","cause":"automation","date":"2018-10-22T19:40:54Z"},"properties":{"provisioningState":"Succeeded"}}'} + body: {string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001","name":"cli_test_policy000001","location":"westus","tags":{"date":"2018-11-27T04:14:39Z","cause":"automation","product":"azurecli"},"properties":{"provisioningState":"Succeeded"}}'} headers: cache-control: [no-cache] content-length: ['384'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:41:07 GMT'] + date: ['Tue, 27 Nov 2018 04:14:50 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -1257,9 +1020,9 @@ interactions: x-content-type-options: [nosniff] status: {code: 200, message: OK} - request: - body: 'b''{"location": "westus", "tags": {}, "properties": {"addressSpace": {"addressPrefixes": + body: 'b''{"location": "westus", "properties": {"addressSpace": {"addressPrefixes": ["10.0.0.0/16"]}, "dhcpOptions": {}, "subnets": [{"properties": {"addressPrefix": - "10.0.0.0/24"}, "name": "azurecli-test-policy-subnet000007"}]}}''' + "10.0.0.0/24"}, "name": "azurecli-test-policy-subnet000007"}]}, "tags": {}}''' headers: Accept: [application/json] Accept-Encoding: ['gzip, deflate'] @@ -1267,34 +1030,35 @@ interactions: Connection: [keep-alive] Content-Length: ['238'] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 networkmanagementclient/2.2.1 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-g -n --subnet-name] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 networkmanagementclient/2.3.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: PUT uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Network/virtualNetworks/azurecli-test-policy-vnet000006?api-version=2018-08-01 response: body: {string: "{\r\n \"name\": \"azurecli-test-policy-vnet000006\",\r\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Network/virtualNetworks/azurecli-test-policy-vnet000006\",\r\n - \ \"etag\": \"W/\\\"aa22b495-9ddd-4ba8-81c0-14ab46735cf2\\\"\",\r\n \"type\": + \ \"etag\": \"W/\\\"4c1ad18d-f26d-4a55-9443-7e3ae7ee57ad\\\"\",\r\n \"type\": \"Microsoft.Network/virtualNetworks\",\r\n \"location\": \"westus\",\r\n \ \"tags\": {},\r\n \"properties\": {\r\n \"provisioningState\": \"Updating\",\r\n - \ \"resourceGuid\": \"64f6af17-06ef-402b-99fb-98a9dd24fbbf\",\r\n \"addressSpace\": + \ \"resourceGuid\": \"60eeafb6-0587-4869-8d1c-c151b3f13e69\",\r\n \"addressSpace\": {\r\n \"addressPrefixes\": [\r\n \"10.0.0.0/16\"\r\n ]\r\n \ },\r\n \"dhcpOptions\": {\r\n \"dnsServers\": []\r\n },\r\n \ \"subnets\": [\r\n {\r\n \"name\": \"azurecli-test-policy-subnet000007\",\r\n \ \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Network/virtualNetworks/azurecli-test-policy-vnet000006/subnets/azurecli-test-policy-subnet000007\",\r\n - \ \"etag\": \"W/\\\"aa22b495-9ddd-4ba8-81c0-14ab46735cf2\\\"\",\r\n + \ \"etag\": \"W/\\\"4c1ad18d-f26d-4a55-9443-7e3ae7ee57ad\\\"\",\r\n \ \"properties\": {\r\n \"provisioningState\": \"Updating\",\r\n \ \"addressPrefix\": \"10.0.0.0/24\",\r\n \"delegations\": []\r\n },\r\n \"type\": \"Microsoft.Network/virtualNetworks/subnets\"\r\n \ }\r\n ],\r\n \"virtualNetworkPeerings\": [],\r\n \"enableDdosProtection\": false,\r\n \"enableVmProtection\": false\r\n }\r\n}"} headers: - azure-asyncoperation: ['https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Network/locations/westus/operations/099e3ab8-bd39-4b5c-ae78-cf456f764490?api-version=2018-08-01'] + azure-asyncoperation: ['https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Network/locations/westus/operations/16deea8c-3a32-4db1-baf5-475be7ee0c26?api-version=2018-08-01'] cache-control: [no-cache] content-length: ['1493'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:41:09 GMT'] + date: ['Tue, 27 Nov 2018 04:14:52 GMT'] expires: ['-1'] pragma: [no-cache] server: [Microsoft-HTTPAPI/2.0, Microsoft-HTTPAPI/2.0] @@ -1309,17 +1073,18 @@ interactions: Accept-Encoding: ['gzip, deflate'] CommandName: [network vnet create] Connection: [keep-alive] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 networkmanagementclient/2.2.1 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-g -n --subnet-name] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 networkmanagementclient/2.3.0 Azure-SDK-For-Python AZURECLI/2.0.52] method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Network/locations/westus/operations/099e3ab8-bd39-4b5c-ae78-cf456f764490?api-version=2018-08-01 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Network/locations/westus/operations/16deea8c-3a32-4db1-baf5-475be7ee0c26?api-version=2018-08-01 response: body: {string: "{\r\n \"status\": \"InProgress\"\r\n}"} headers: cache-control: [no-cache] content-length: ['30'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:41:12 GMT'] + date: ['Tue, 27 Nov 2018 04:14:55 GMT'] expires: ['-1'] pragma: [no-cache] server: [Microsoft-HTTPAPI/2.0, Microsoft-HTTPAPI/2.0] @@ -1335,17 +1100,18 @@ interactions: Accept-Encoding: ['gzip, deflate'] CommandName: [network vnet create] Connection: [keep-alive] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 networkmanagementclient/2.2.1 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-g -n --subnet-name] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 networkmanagementclient/2.3.0 Azure-SDK-For-Python AZURECLI/2.0.52] method: GET - uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Network/locations/westus/operations/099e3ab8-bd39-4b5c-ae78-cf456f764490?api-version=2018-08-01 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Network/locations/westus/operations/16deea8c-3a32-4db1-baf5-475be7ee0c26?api-version=2018-08-01 response: body: {string: "{\r\n \"status\": \"Succeeded\"\r\n}"} headers: cache-control: [no-cache] content-length: ['29'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:41:23 GMT'] + date: ['Tue, 27 Nov 2018 04:15:05 GMT'] expires: ['-1'] pragma: [no-cache] server: [Microsoft-HTTPAPI/2.0, Microsoft-HTTPAPI/2.0] @@ -1361,22 +1127,23 @@ interactions: Accept-Encoding: ['gzip, deflate'] CommandName: [network vnet create] Connection: [keep-alive] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 networkmanagementclient/2.2.1 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-g -n --subnet-name] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 networkmanagementclient/2.3.0 Azure-SDK-For-Python AZURECLI/2.0.52] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Network/virtualNetworks/azurecli-test-policy-vnet000006?api-version=2018-08-01 response: body: {string: "{\r\n \"name\": \"azurecli-test-policy-vnet000006\",\r\n \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Network/virtualNetworks/azurecli-test-policy-vnet000006\",\r\n - \ \"etag\": \"W/\\\"7dbff510-fb6e-436e-899f-0d432ce8e7dc\\\"\",\r\n \"type\": + \ \"etag\": \"W/\\\"05dfdcd9-11fe-4acc-8ae5-99bb2b1bea2b\\\"\",\r\n \"type\": \"Microsoft.Network/virtualNetworks\",\r\n \"location\": \"westus\",\r\n \ \"tags\": {},\r\n \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n - \ \"resourceGuid\": \"64f6af17-06ef-402b-99fb-98a9dd24fbbf\",\r\n \"addressSpace\": + \ \"resourceGuid\": \"60eeafb6-0587-4869-8d1c-c151b3f13e69\",\r\n \"addressSpace\": {\r\n \"addressPrefixes\": [\r\n \"10.0.0.0/16\"\r\n ]\r\n \ },\r\n \"dhcpOptions\": {\r\n \"dnsServers\": []\r\n },\r\n \ \"subnets\": [\r\n {\r\n \"name\": \"azurecli-test-policy-subnet000007\",\r\n \ \"id\": \"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Network/virtualNetworks/azurecli-test-policy-vnet000006/subnets/azurecli-test-policy-subnet000007\",\r\n - \ \"etag\": \"W/\\\"7dbff510-fb6e-436e-899f-0d432ce8e7dc\\\"\",\r\n + \ \"etag\": \"W/\\\"05dfdcd9-11fe-4acc-8ae5-99bb2b1bea2b\\\"\",\r\n \ \"properties\": {\r\n \"provisioningState\": \"Succeeded\",\r\n \ \"addressPrefix\": \"10.0.0.0/24\",\r\n \"delegations\": []\r\n },\r\n \"type\": \"Microsoft.Network/virtualNetworks/subnets\"\r\n @@ -1386,8 +1153,8 @@ interactions: cache-control: [no-cache] content-length: ['1495'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:41:24 GMT'] - etag: [W/"7dbff510-fb6e-436e-899f-0d432ce8e7dc"] + date: ['Tue, 27 Nov 2018 04:15:07 GMT'] + etag: [W/"05dfdcd9-11fe-4acc-8ae5-99bb2b1bea2b"] expires: ['-1'] pragma: [no-cache] server: [Microsoft-HTTPAPI/2.0, Microsoft-HTTPAPI/2.0] @@ -1404,20 +1171,21 @@ interactions: CommandName: [policy assignment create] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [--policy -n --display-name -g --not-scopes --params --sku] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002?api-version=2018-03-01 response: - body: {string: '{"properties":{"displayName":"test_policy000003_new","policyType":"Custom","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The - list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed - locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"}'} + body: {string: '{"properties":{"displayName":"test_policy000003_new","policyType":"Custom","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed + locations","description":"The list of locations that can be specified when + deploying resources","strongType":"location"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"}'} headers: cache-control: [no-cache] content-length: ['710'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:41:24 GMT'] + date: ['Tue, 27 Nov 2018 04:15:07 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -1426,12 +1194,12 @@ interactions: x-content-type-options: [nosniff] status: {code: 200, message: OK} - request: - body: 'b''b\''b\\\''{"properties": {"displayName": "test_assignment000005", "policyDefinitionId": - "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002", + body: 'b''b\''b\\\''{"properties": {"displayName": "test_assignment000005", "notScopes": + ["/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Network/virtualNetworks"], + "policyDefinitionId": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002", "scope": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001", - "notScopes": ["/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Network/virtualNetworks"], "parameters": {"allowedLocations": {"value": ["australiaeast", "eastus", "japaneast", - "westus"]}}}, "sku": {"name": "A1", "tier": "Standard"}}\\\''\''''' + "westus"]}}}, "sku": {"tier": "Standard", "name": "A1"}}\\\''\''''' headers: Accept: [application/json] Accept-Encoding: ['gzip, deflate'] @@ -1439,8 +1207,9 @@ interactions: Connection: [keep-alive] Content-Length: ['717'] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [--policy -n --display-name -g --not-scopes --params --sku] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: PUT uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000004?api-version=2018-03-01 @@ -1450,7 +1219,7 @@ interactions: cache-control: [no-cache] content-length: ['1041'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:41:24 GMT'] + date: ['Tue, 27 Nov 2018 04:15:08 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -1465,8 +1234,9 @@ interactions: CommandName: [policy assignment create] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [--policy -n --display-name -g] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d?api-version=2018-03-01 @@ -1477,7 +1247,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:41:25 GMT'] + date: ['Tue, 27 Nov 2018 04:15:08 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -1491,8 +1261,9 @@ interactions: CommandName: [policy assignment create] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [--policy -n --display-name -g] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d?api-version=2018-03-01 @@ -1504,7 +1275,7 @@ interactions: cache-control: [no-cache] content-length: ['897'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:41:25 GMT'] + date: ['Tue, 27 Nov 2018 04:15:09 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -1516,7 +1287,7 @@ interactions: body: 'b''b\''{"properties": {"displayName": "test_assignment000005", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d", "scope": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001"}, - "sku": {"name": "A0", "tier": "Free"}}\''''' + "sku": {"tier": "Free", "name": "A0"}}\''''' headers: Accept: [application/json] Accept-Encoding: ['gzip, deflate'] @@ -1524,8 +1295,9 @@ interactions: Connection: [keep-alive] Content-Length: ['364'] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [--policy -n --display-name -g] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: PUT uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment2000008?api-version=2018-03-01 @@ -1535,7 +1307,7 @@ interactions: cache-control: [no-cache] content-length: ['697'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:41:27 GMT'] + date: ['Tue, 27 Nov 2018 04:15:10 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -1551,8 +1323,9 @@ interactions: Connection: [keep-alive] Content-Length: ['0'] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n -g] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: DELETE uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment2000008?api-version=2018-03-01 @@ -1562,7 +1335,7 @@ interactions: cache-control: [no-cache] content-length: ['697'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:41:28 GMT'] + date: ['Tue, 27 Nov 2018 04:15:11 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -1579,135 +1352,18 @@ interactions: CommandName: [policy assignment list] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments?api-version=2018-03-01 response: - body: {string: '{"value":[{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"chegg: - Remediation powershell test policy","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/9934be7a-0e18-454d-a738-a1d9bcb0c202","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Chris - Eggert","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/2deae24764b447c29af7c309","type":"Microsoft.Authorization/policyAssignments","name":"2deae24764b447c29af7c309"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Attempt - service bus","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/163c640e-681c-445f-92ba-cd434bd8c11c","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Camille - Marvin","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/e5c4e1c88be34db1bc8b2046","type":"Microsoft.Authorization/policyAssignments","name":"e5c4e1c88be34db1bc8b2046"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"ASC - Default (subscription: d0610b27-9663-4c05-89f8-5b4be01e86a5)","policyDefinitionId":"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","parameters":{"diagnosticsLogsInServiceFabricMonitoringEffect":{"value":"AuditIfNotExists"},"systemUpdatesMonitoringEffect":{"value":"AuditIfNotExists"},"systemConfigurationsMonitoringEffect":{"value":"AuditIfNotExists"},"endpointProtectionMonitoringEffect":{"value":"AuditIfNotExists"},"diskEncryptionMonitoringEffect":{"value":"AuditIfNotExists"},"networkSecurityGroupsMonitoringEffect":{"value":"AuditIfNotExists"},"webApplicationFirewallMonitoringEffect":{"value":"AuditIfNotExists"},"sqlAuditingMonitoringEffect":{"value":"AuditIfNotExists"},"sqlEncryptionMonitoringEffect":{"value":"AuditIfNotExists"},"nextGenerationFirewallMonitoringEffect":{"value":"AuditIfNotExists"},"vulnerabilityAssesmentMonitoringEffect":{"value":"AuditIfNotExists"},"storageEncryptionMonitoringEffect":{"value":"Audit"},"jitNetworkAccessMonitoringEffect":{"value":"AuditIfNotExists"},"adaptiveApplicationControlsMonitoringEffect":{"value":"AuditIfNotExists"}},"description":"This - policy assignment was automatically created by Azure Security Center","metadata":{"assignedBy":"Security - Center"}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn","type":"Microsoft.Authorization/policyAssignments","name":"SecurityCenterBuiltIn"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"storage_httpsTrafficOnly","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/023217dd-81bb-461f-93ea-8799caac50c7","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Sandip - Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1/providers/Microsoft.Authorization/policyAssignments/896b553d68384e2a9d8a2f67","type":"Microsoft.Authorization/policyAssignments","name":"896b553d68384e2a9d8a2f67"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"testImageId","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/70dc1e8d-61c9-4089-8bf5-895b227c1298","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Sandip - Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1/providers/Microsoft.Authorization/policyAssignments/a12728ff6d5f4f1f8555f05a","type":"Microsoft.Authorization/policyAssignments","name":"a12728ff6d5f4f1f8555f05a"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Allowed - Location Indexed - eastasia","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/Allowed-Locations-Indexed","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1","notScopes":[],"parameters":{"allowedLocations":{"value":["centralus"]}},"description":"test - 1","metadata":{"assignedBy":"Sandip Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1/providers/Microsoft.Authorization/policyAssignments/a63772a0504c4466a7558f76","type":"Microsoft.Authorization/policyAssignments","name":"a63772a0504c4466a7558f76"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"Do_not_Delete_Assignment","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4a0425e4-97bf-4ad0-ab36-145b94083c60","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1","notScopes":[],"parameters":{"allowedLocations":{"value":["EUS, - WEU"]}},"description":"this is used for testing purpose, do not delete it.","metadata":{"assignedBy":"Sandip - Shahane"}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1/providers/Microsoft.Authorization/policyAssignments/b7a1ca2596524e3ab19597f2","type":"Microsoft.Authorization/policyAssignments","name":"b7a1ca2596524e3ab19597f2"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Not - allowed resource types","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1","notScopes":[],"parameters":{"listOfResourceTypesNotAllowed":{"value":["Microsoft.Storage/storageAccounts"]}},"description":"test - ","metadata":{"assignedBy":"Sandip Shahane","parameterScopes":{"listOfResourceTypesNotAllowed":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1/providers/Microsoft.Authorization/policyAssignments/c0e2b84ed8224fe684fb0487","type":"Microsoft.Authorization/policyAssignments","name":"c0e2b84ed8224fe684fb0487"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"test_sandipsh123","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/db6c5074-a529-4cc8-8882-43f10ef42002","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Sandip - Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1/providers/Microsoft.Authorization/policyAssignments/fafa9611e2ad4da19e8af8b9","type":"Microsoft.Authorization/policyAssignments","name":"fafa9611e2ad4da19e8af8b9"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"testblah3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1/providers/Microsoft.Authorization/policyAssignments/testblah3","type":"Microsoft.Authorization/policyAssignments","name":"testblah3"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"inherit - all tags","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/1e3c9312-c011-40a3-ac40-3bf3ddc24120","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/camarvin","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Camille - Marvin","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/camarvin/providers/Microsoft.Authorization/policyAssignments/6fb4cdaa7959425791446915","type":"Microsoft.Authorization/policyAssignments","name":"6fb4cdaa7959425791446915"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"camarvin - oms vm linux parameterized effect (with manually modified MI)","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/263f13f4-6b88-4788-bead-34beedde70ce","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/camarvin","notScopes":[],"parameters":{"logAnalytics":{"value":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/jilimpolicytest/providers/microsoft.operationalinsights/workspaces/jilimpolicyws"},"effect":{"value":"deployIfNotExists"}},"description":"Has - a manually modified Managed Identity with correct permissions\n\nSteps to - add permissions:\n1. Powershell: Get-AzureRmADServicePrincipal -ObjectId 055b8b93-56ec-43d6-8ba0-ede402de7fa0\n2: - Copy the \"DisplayName\" \n\n3. In azure portal: subscriptions => IAM => Add - => Search for \"DisplayName\" \n4. Add \"Log Analytics Contributor\"","metadata":{"assignedBy":"Camille - Marvin","parameterScopes":{"logAnalytics":"/subscriptions/00000000-0000-0000-0000-000000000000","effect":"/subscriptions/00000000-0000-0000-0000-000000000000"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/camarvin/providers/Microsoft.Authorization/policyAssignments/7a29f3e24c224adaa05ace42","type":"Microsoft.Authorization/policyAssignments","name":"7a29f3e24c224adaa05ace42"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"9_11_18 - security center","policyDefinitionId":"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/camarvin","notScopes":[],"parameters":{"systemUpdatesMonitoringEffect":{"value":"AuditIfNotExists"},"systemConfigurationsMonitoringEffect":{"value":"AuditIfNotExists"},"endpointProtectionMonitoringEffect":{"value":"AuditIfNotExists"},"diskEncryptionMonitoringEffect":{"value":"AuditIfNotExists"},"networkSecurityGroupsMonitoringEffect":{"value":"AuditIfNotExists"},"webApplicationFirewallMonitoringEffect":{"value":"AuditIfNotExists"},"nextGenerationFirewallMonitoringEffect":{"value":"AuditIfNotExists"},"vulnerabilityAssesmentMonitoringEffect":{"value":"AuditIfNotExists"},"storageEncryptionMonitoringEffect":{"value":"Audit"},"jitNetworkAccessMonitoringEffect":{"value":"AuditIfNotExists"},"adaptiveApplicationControlsMonitoringEffect":{"value":"AuditIfNotExists"},"sqlAuditingMonitoringEffect":{"value":"AuditIfNotExists"},"sqlEncryptionMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInAppServiceMonitoringEffect":{"value":"Audit"},"encryptionOfAutomationAccountMonitoringEffect":{"value":"Audit"},"diagnosticsLogsInBatchAccountMonitoringEffect":{"value":"AuditIfNotExists"},"metricAlertsInBatchAccountMonitoringEffect":{"value":"AuditIfNotExists"},"classicComputeVMsMonitoringEffect":{"value":"Audit"},"classicStorageAccountsMonitoringEffect":{"value":"Audit"},"diagnosticsLogsInDataLakeAnalyticsMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInDataLakeStoreMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInEventHubMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInKeyVaultMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInLogicAppsMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInRedisCacheMonitoringEffect":{"value":"Audit"},"diagnosticsLogsInSearchServiceMonitoringEffect":{"value":"AuditIfNotExists"},"aadAuthenticationInServiceFabricMonitoringEffect":{"value":"Audit"},"clusterProtectionLevelInServiceFabricMonitoringEffect":{"value":"Audit"},"diagnosticsLogsInServiceBusMonitoringEffect":{"value":"AuditIfNotExists"},"namespaceAuthorizationRulesInServiceBusMonitoringEffect":{"value":"Audit"},"aadAuthenticationInSqlServerMonitoringEffect":{"value":"AuditIfNotExists"},"secureTransferToStorageAccountMonitoringEffect":{"value":"Audit"},"diagnosticsLogsInStreamAnalyticsMonitoringEffect":{"value":"AuditIfNotExists"},"useRbacRulesMonitoringEffect":{"value":"Audit"},"disableUnrestrictedNetworkToStorageAccountMonitoringEffect":{"value":"Audit"},"accessRulesInEventHubNamespaceMonitoringEffect":{"value":"Audit"},"accessRulesInEventHubMonitoringEffect":{"value":"AuditIfNotExists"}},"metadata":{"assignedBy":"Camille - Marvin","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/camarvin/providers/Microsoft.Authorization/policyAssignments/7fc35fcaccba4ce6a1dab6b3","type":"Microsoft.Authorization/policyAssignments","name":"7fc35fcaccba4ce6a1dab6b3"},{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/camarvin-test-empty-assign","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/camarvin","parameters":{"namePattern":{"value":""}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/camarvin/providers/Microsoft.Authorization/policyAssignments/camarvin-empty","type":"Microsoft.Authorization/policyAssignments","name":"camarvin-empty"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"Allowed - resource types","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/Test","notScopes":[],"parameters":{"listOfResourceTypesAllowed":{"value":["Microsoft.AzureActiveDirectory/operations","Microsoft.AzureStack/registrations/customerSubscriptions","Microsoft.Batch/locations/quotas","Microsoft.BatchAI/fileservers","Microsoft.BatchAI/locations/operationstatuses","Microsoft.BatchAI/locations/usages","Microsoft.BatchAI/operations","Microsoft.Billing/BillingPeriods","Microsoft.Cdn/operationresults/profileresults/endpointresults/customdomainresults","Microsoft.Cdn/operations","Microsoft.Cdn/profiles/endpoints","Microsoft.ClassicNetwork/reservedIps","Microsoft.ClassicNetwork/virtualNetworks/remoteVirtualNetworkPeeringProxies","Microsoft.ClassicNetwork/virtualNetworks/virtualNetworkPeerings","Microsoft.Compute/locations/publishers","Microsoft.Compute/operations","Microsoft.ContainerRegistry/registries/regenerateCredentials","Microsoft.ContainerRegistry/registries/webhooks","Microsoft.ContainerRegistry/registries/webhooks/getCallbackConfig","Microsoft.DBforPostgreSQL/checkNameAvailability","Microsoft.DBforPostgreSQL/locations","Microsoft.DBforPostgreSQL/locations/azureAsyncOperation","Microsoft.DataMigration/locations/checkNameAvailability","Microsoft.DataMigration/locations/operationStatuses","Microsoft.DataMigration/services","Microsoft.DynamicsLcs/operations","Microsoft.EventGrid/extensionTopics","Microsoft.Network/dnszones"]}},"description":"This - policy ensures that only approves resource types can be deployed.","metadata":{"assignedBy":"Liz - Kim","parameterScopes":{"listOfResourceTypesAllowed":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/Test"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/Test/providers/Microsoft.Authorization/policyAssignments/5d78e6eb576241ee898e7450","type":"Microsoft.Authorization/policyAssignments","name":"5d78e6eb576241ee898e7450"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Policy - tracked resources SDK tests","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/71289c53-22e7-4f31-a6dd-780b532380c6","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere-sdk-tests","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere-sdk-tests/providers/Microsoft.Authorization/policyAssignments/18c66454099644de94931534","type":"Microsoft.Authorization/policyAssignments","name":"18c66454099644de94931534"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"robgatest","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/robgasatest","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Robert - Gao","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/robgasatest/providers/Microsoft.Authorization/policyAssignments/c7509a25e71345a69af498de","type":"Microsoft.Authorization/policyAssignments","name":"c7509a25e71345a69af498de"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"Audit - allowed locations","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c0f586f1-abe5-4801-8588-7332e49e60c9","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest","notScopes":[],"parameters":{"allowedLocations":{"value":["koreacentral","koreasouth"]}},"metadata":{"assignedBy":"Jin - Soon Lim","parameterScopes":{"allowedLocations":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest/providers/Microsoft.Authorization/policyAssignments/39ecf6a6f4c84656a087acb9","type":"Microsoft.Authorization/policyAssignments","name":"39ecf6a6f4c84656a087acb9"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"jilim - Allowed resource types group","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest","notScopes":[],"parameters":{"listOfResourceTypesAllowed":{"value":["stackify.retrace/services","Microsoft.DataLakeStore/accounts","Microsoft.DataLakeStore/accounts/firewallRules"]}},"description":"3","metadata":{"assignedBy":"Jin - Soon Lim","parameterScopes":{"listOfResourceTypesAllowed":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest/providers/Microsoft.Authorization/policyAssignments/46a9fc53b1f8417b9a260977","type":"Microsoft.Authorization/policyAssignments","name":"46a9fc53b1f8417b9a260977"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"jilim-incident-86226837-fix","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/15358dd8-671e-4c96-be33-2b668791418f","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Jin - Soon Lim","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest/providers/Microsoft.Authorization/policyAssignments/a130362e761140cfb54de097","type":"Microsoft.Authorization/policyAssignments","name":"a130362e761140cfb54de097"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"test_assignment000005","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001","notScopes":["/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Network/virtualNetworks"],"parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000004","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000004"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"rohitbh: - Initiative containing some definitions with deployIfNotExists effect","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/471eddb2-9421-4b81-8a25-3a0b849544dd","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rohitbhtest","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Rohit - Bhardwaj","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rohitbhtest/providers/Microsoft.Authorization/policyAssignments/a4798059d8b545ca9d3a9bf4","type":"Microsoft.Authorization/policyAssignments","name":"a4798059d8b545ca9d3a9bf4"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"RobgaDataFactoryTest","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3ffb9f8c-fdaa-41b0-ad4b-b0f55e2860c9","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/robgaTestEUS","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Robert - Gao","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/robgaTestEUS/providers/Microsoft.Authorization/policyAssignments/14c147c3c5e64680ba18065f","type":"Microsoft.Authorization/policyAssignments","name":"14c147c3c5e64680ba18065f"},{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/ea7ac87c-b242-4ed1-b49f-ca12d59175e7","parameters":{"listOfAllowedSKUs":{"value":["Standard_LRS"]}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/ea7ac87c-b242-4ed1-b49f-ca12d59175e7/providers/Microsoft.Authorization/policyAssignments/storageAccountSku","type":"Microsoft.Authorization/policyAssignments","name":"storageAccountSku"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"ICM - 83686598","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4c03a3e3-e038-4a55-a6a6-abf8e7bb9175","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/10c375d4213549ca943b5507","type":"Microsoft.Authorization/policyAssignments","name":"10c375d4213549ca943b5507"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Enforce - KeyVault diagnostic log storage (elpere)","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d0d9349d-843c-443a-9f27-5ce84f08c37e","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","description":"aaza"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/147a06ff85c644e1a06bb389","type":"Microsoft.Authorization/policyAssignments","name":"147a06ff85c644e1a06bb389"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"elpere - deny on ''test'' tag","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ced59ff0-9061-49dd-94de-093b33a640d7","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/22865d87f97b4dfe89a81509","type":"Microsoft.Authorization/policyAssignments","name":"22865d87f97b4dfe89a81509"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"docdb_aliases_test","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/1f5360b7-fe59-43f7-8af5-825df420d09c","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/2eae45fa1fcd4da1ab3a076a","type":"Microsoft.Authorization/policyAssignments","name":"2eae45fa1fcd4da1ab3a076a"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"storage - ip rules append 2","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/2b2317a7-ab02-47b5-8159-eb7e6227709f","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/3614109c79cb40b5b6aee5be","type":"Microsoft.Authorization/policyAssignments","name":"3614109c79cb40b5b6aee5be"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"elpere - deny test","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d1c0e77c-53b4-4c4d-a1f5-c535a370b0c5","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/44b5ca6aeab545c3aab8e23b","type":"Microsoft.Authorization/policyAssignments","name":"44b5ca6aeab545c3aab8e23b"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"deployifnotexist - template alias tests - redis","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5a8a68e8-ae1c-420a-9639-a94ebeb3c0c8","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/45b097d59dd441908f7a3f1f","type":"Microsoft.Authorization/policyAssignments","name":"45b097d59dd441908f7a3f1f"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"ICM - 83577342 deny proxy resource location","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/77429b44-aac1-4417-a53e-6900c07e11ac","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/5fc81fe96c7148a2a6677065","type":"Microsoft.Authorization/policyAssignments","name":"5fc81fe96c7148a2a6677065"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"NSG - Rules exists test","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/bb6a78ae-8737-41e0-9c41-cc777c8c00a0","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/69541cb19f7448f9b016f351","type":"Microsoft.Authorization/policyAssignments","name":"69541cb19f7448f9b016f351"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Policy - tracked resources SDK tests","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/71289c53-22e7-4f31-a6dd-780b532380c6","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","notScopes":[],"parameters":{},"description":"asdasd","metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/abb5adbb7b394308957c1a77","type":"Microsoft.Authorization/policyAssignments","name":"abb5adbb7b394308957c1a77"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"cosmosdb - new aliases test","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/37501145-d01b-4bc8-92d0-c795a19fd164","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/d6e82e15ff484a3bad53adbf","type":"Microsoft.Authorization/policyAssignments","name":"d6e82e15ff484a3bad53adbf"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"[elpere] - deployIfNotExists Runners test","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/dbfa9fc0-5202-4001-8759-1aa2387f825b","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/e68b39995d0e4bb8807f71ae","type":"Microsoft.Authorization/policyAssignments","name":"e68b39995d0e4bb8807f71ae"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Access - KV as part of remidiation deployment test (elpere)","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d35ce9be-f51b-4d3e-bc7f-dde2936381b0","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/e9cfe872284b49aeba2f45b7","type":"Microsoft.Authorization/policyAssignments","name":"e9cfe872284b49aeba2f45b7"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"[elpere] - DeployInNotExistsRunnersWithoutIdentity","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/dbfa9fc0-5202-4001-8759-1aa2387f825b","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/elpereDeployInNotExistsRunnersWithoutIdentity","type":"Microsoft.Authorization/policyAssignments","name":"elpereDeployInNotExistsRunnersWithoutIdentity"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"allowedOS","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e2bdec61-8c05-4ad6-b8bf-cd1b0a87c091","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipshrg3","notScopes":[],"parameters":{"listOfAllowedWindows":{"value":["2016-Datacenter"]},"listOfAllowedUbuntus":{"value":["16.04 - Lts"]}},"description":"a","metadata":{"assignedBy":"Sandip Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipshrg3/providers/Microsoft.Authorization/policyAssignments/ce50243878b84aee93c86e73","type":"Microsoft.Authorization/policyAssignments","name":"ce50243878b84aee93c86e73"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Enforce - tag and its value test","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","notScopes":[],"parameters":{"tagName":{"value":"2018-07-25T00:53:12Z"},"tagValue":{"value":"2018-07-25T00:53:12.3067173Z - "}},"metadata":{"assignedBy":"Narine Mossikyan","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh/providers/Microsoft.Authorization/policyAssignments/400aff512a774d8782cbfb08","type":"Microsoft.Authorization/policyAssignments","name":"400aff512a774d8782cbfb08"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"narinem - - 2 defaultValue: all parameters","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ea1688b3-022e-4add-af39-2fe60689a3b0","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","notScopes":[],"parameters":{"locations":{"value":["eastus","westus"]},"location":{"value":"eastus"},"resourceGroups":{"value":["camarvin"]},"resourceGroup":{"value":"camarvin"},"tags":{"value":["London","New - York"]},"allowedLocations":{"value":["eastus"]},"allowedLocation":{"value":"eastus"},"allowedStorageSKUs":{"value":["Standard_LRS","Standard_ZRS","Standard_GRS"]},"allowedStorageSKU":{"value":"Standard_LRS"},"allowedTags":{"value":["FirstName","LastName","Age"]},"allowedTag":{"value":"FirstName"}},"metadata":{"assignedBy":"Narine - Mossikyan","parameterScopes":{"locations":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","location":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","resourceGroups":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","resourceGroup":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","allowedLocations":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","allowedLocation":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","allowedStorageSKUs":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","allowedStorageSKU":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh/providers/Microsoft.Authorization/policyAssignments/46b2dd438ab547eaa10e2bc3","type":"Microsoft.Authorization/policyAssignments","name":"46b2dd438ab547eaa10e2bc3"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"narinem - - Enforce tag and its value","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","notScopes":[],"parameters":{"tagName":{"value":"name"},"tagValue":{"value":"value"}},"metadata":{"assignedBy":"Narine - Mossikyan","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh/providers/Microsoft.Authorization/policyAssignments/77fec4647f8442e3b7ce96db","type":"Microsoft.Authorization/policyAssignments","name":"77fec4647f8442e3b7ce96db"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"narinem - - defaultValue: all parameters with overwrites","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ea1688b3-022e-4add-af39-2fe60689a3b0","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","notScopes":[],"parameters":{"locations":{"value":["eastus","westus","eastus2","centralus"]},"location":{"value":"eastus"},"resourceGroups":{"value":["camarvin"]},"resourceGroup":{"value":"camarvin"},"allowedLocations":{"value":["eastus"]},"allowedLocation":{"value":"eastus"},"allowedStorageSKUs":{"value":["Standard_LRS","Standard_ZRS","Standard_GRS"]},"allowedStorageSKU":{"value":"Standard_LRS"},"allowedTags":{"value":["FirstName","LastName","Age"]},"allowedTag":{"value":"FirstName"}},"metadata":{"assignedBy":"Narine - Mossikyan","parameterScopes":{"locations":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","location":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","resourceGroups":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","resourceGroup":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","allowedLocations":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","allowedLocation":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","allowedStorageSKUs":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","allowedStorageSKU":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh/providers/Microsoft.Authorization/policyAssignments/78a2dfec07014d659619515d","type":"Microsoft.Authorization/policyAssignments","name":"78a2dfec07014d659619515d"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Enforce - tag and its value","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","notScopes":[],"parameters":{"tagName":{"value":"er"},"tagValue":{"value":"wete"}},"metadata":{"assignedBy":"Narine - Mossikyan","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh/providers/Microsoft.Authorization/policyAssignments/beb85152cea0475ba4942c26","type":"Microsoft.Authorization/policyAssignments","name":"beb85152cea0475ba4942c26"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"akhe-incident-86230190-deployIfNotExists","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d03e03ca-6424-4e28-8842-5796dc0b5632","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86230190","notScopes":[],"parameters":{},"description":"adding - this to help custmomer for incident 86230190","metadata":{"assignedBy":"Akif - Heren","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86230190/providers/Microsoft.Authorization/policyAssignments/2b3657d96b224ee3a708d815","type":"Microsoft.Authorization/policyAssignments","name":"2b3657d96b224ee3a708d815"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"akhe-incident-86230190-v2","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/83daa8ee-7c9a-470c-81a8-5a99ac09d134","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86230190","notScopes":[],"parameters":{},"description":"audits - if a resource doesn''t have a lock","metadata":{"assignedBy":"Akif Heren","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86230190/providers/Microsoft.Authorization/policyAssignments/4c15b85c96404165be04889e","type":"Microsoft.Authorization/policyAssignments","name":"4c15b85c96404165be04889e"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"akhe-incident-86230190","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca8d6","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86230190","notScopes":[],"parameters":{},"description":"reproing - incident 86230190","metadata":{"assignedBy":"Akif Heren","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86230190/providers/Microsoft.Authorization/policyAssignments/d2101b18c58142acafa06f07","type":"Microsoft.Authorization/policyAssignments","name":"d2101b18c58142acafa06f07"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Apply - tag and its default value conflicting1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh","notScopes":[],"parameters":{"tagName":{"value":"tagName"},"tagValue":{"value":"t2"}},"metadata":{"assignedBy":"Sandip - Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh/providers/Microsoft.Authorization/policyAssignments/1227b506064144338d0fd256","type":"Microsoft.Authorization/policyAssignments","name":"1227b506064144338d0fd256"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"testSandipsh - metric alert policy3","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/123c6354-fc96-4f54-984e-8d49d06a80a3","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh","notScopes":[],"parameters":{"resourceType":{"value":"Microsoft.Storage/storageAccounts1"},"alertNamePrefix":{"value":"testSandipsh3"},"alertDescription":{"value":"This - is test 3 policy assignment"},"alertSeverity":{"value":"4"},"isEnabled":{"value":"true"},"metricName":{"value":"Transactions"},"operator":{"value":"GreaterThan"},"threshold":{"value":"1"},"timeAggregation":{"value":"Total"},"windowSize":{"value":"PT5M"},"evaluationFrequency":{"value":"PT1M"},"actionGroupId":{"value":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/default-activitylogalerts/providers/microsoft.insights/actiongroups/sandipsh"}},"description":"This - is a test assignment created using \"testSandipsh metric alert policy3\" policy - definition.","metadata":{"assignedBy":"Sandip Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh/providers/Microsoft.Authorization/policyAssignments/123a95223c214e4eaf7b88d9","type":"Microsoft.Authorization/policyAssignments","name":"123a95223c214e4eaf7b88d9"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"detect - ''allow All'' NSG rule","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4c915617-16f0-4c62-b021-e66d5409d11d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Liz - Kim","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh/providers/Microsoft.Authorization/policyAssignments/4710061986c740bb92427daf","type":"Microsoft.Authorization/policyAssignments","name":"4710061986c740bb92427daf"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"tags","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/875cf75e-49c3-47f8-ab8d-89ba3d2311a0","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Sandip - Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh/providers/Microsoft.Authorization/policyAssignments/57f3f848f38346ea8614463f","type":"Microsoft.Authorization/policyAssignments","name":"57f3f848f38346ea8614463f"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Audit - existence of a tag2","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/24813039-7534-408a-9842-eb99f45721b1","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh","notScopes":[],"parameters":{"tagName":{"value":"env"}},"metadata":{"assignedBy":"Sandip - Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh/providers/Microsoft.Authorization/policyAssignments/8b3c4695be824259a66370e1","type":"Microsoft.Authorization/policyAssignments","name":"8b3c4695be824259a66370e1"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"[Preview]: - Apply Diagnostic Settings for Network Security Groups","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh","notScopes":[],"parameters":{"storagePrefix":{"value":"testSandipsh"},"rgName":{"value":"testSandipsh"}},"metadata":{"assignedBy":"Sandip - Shahane","parameterScopes":{"rgName":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh/providers/Microsoft.Authorization/policyAssignments/b72ec05b04624c87b35e5d97","type":"Microsoft.Authorization/policyAssignments","name":"b72ec05b04624c87b35e5d97"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"storage_httpsTrafficOnly_testSandipshRG","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/023217dd-81bb-461f-93ea-8799caac50c7","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Sandip - Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh/providers/Microsoft.Authorization/policyAssignments/bc650b603c02494bb890837e","type":"Microsoft.Authorization/policyAssignments","name":"bc650b603c02494bb890837e"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"testSandipsh - metric alert policy Assignment1","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/6f2c6354-fc96-4f54-984e-8d49d06a80a3","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh","notScopes":[],"parameters":{"resourceType":{"value":"Microsoft.Storage/storageAccounts1"},"alertNamePrefix":{"value":"testSandipshPrefix"},"alertDescription":{"value":"this - is dummy alert"},"alertSeverity":{"value":"4"},"isEnabled":{"value":"true"},"metricName":{"value":"Transactions"},"operator":{"value":"GreaterThan"},"threshold":{"value":"1"},"timeAggregation":{"value":"Total"},"windowSize":{"value":"PT5M"},"evaluationFrequency":{"value":"PT1M"},"actionGroupId":{"value":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/default-activitylogalerts/providers/microsoft.insights/actiongroups/sandipsh"}},"metadata":{"assignedBy":"Sandip - Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh/providers/Microsoft.Authorization/policyAssignments/e2737c4f650a4c569ad6df20","type":"Microsoft.Authorization/policyAssignments","name":"e2737c4f650a4c569ad6df20"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Apply - tag and its default value conflicting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh","notScopes":[],"parameters":{"tagName":{"value":"tagName"},"tagValue":{"value":"tag1"}},"metadata":{"assignedBy":"Sandip - Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh/providers/Microsoft.Authorization/policyAssignments/f45d12be72f4471f84f6b47f","type":"Microsoft.Authorization/policyAssignments","name":"f45d12be72f4471f84f6b47f"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"testSandipsh.Assignment.draft","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/testSandipsh.draft","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh","notScopes":[],"parameters":{"resourceType":{"value":"Microsoft.Storage/storageAccounts"},"alertNamePrefix":{"value":"testSandipsh.draft"},"alertDescription":{"value":"This - is test draft policy assignment"},"alertSeverity":{"value":"4"},"isEnabled":{"value":"true"},"metricName":{"value":"Transactions"},"operator":{"value":"GreaterThan"},"threshold":{"value":"1"},"timeAggregation":{"value":"Total"},"windowSize":{"value":"PT5M"},"evaluationFrequency":{"value":"PT1M"},"actionGroupId":{"value":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/default-activitylogalerts/providers/microsoft.insights/actiongroups/sandipsh"}},"description":"test - assignment","metadata":{"assignedBy":"Sandip Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh/providers/Microsoft.Authorization/policyAssignments/testSandipsh.Assignment.draft","type":"Microsoft.Authorization/policyAssignments","name":"testSandipsh.Assignment.draft"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"joelpo-Audit - VMs that do not use managed disks","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/joelpogroup","notScopes":[],"parameters":{},"description":"test_rg_assignment","metadata":{"assignedBy":"Joel - Pothering","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/joelpogroup/providers/Microsoft.Authorization/policyAssignments/7df9280324ba4f41a41ce08a","type":"Microsoft.Authorization/policyAssignments","name":"7df9280324ba4f41a41ce08a"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Test - storage alias","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5fa69139-9a49-464e-90b5-0d243a469138","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/camarvin-asr","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Camille - Marvin","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/camarvin-asr/providers/Microsoft.Authorization/policyAssignments/a164f0ceb98d474685ecf9ab","type":"Microsoft.Authorization/policyAssignments","name":"a164f0ceb98d474685ecf9ab"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"jilim - allowed set","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/762007ec-c5ba-41ae-a52d-db0834bea096","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest2","notScopes":[],"parameters":{"LISTOFALLOWEDSKUS_1":{"value":["Basic_A0"]},"LISTOFRESOURCETYPESNOTALLOWED_1":{"value":["Microsoft.Network/networkSecurityGroups","Aspera.Transfers/listCommunicationPreference"]}},"metadata":{"assignedBy":"Jin - Soon Lim","parameterScopes":{"LISTOFALLOWEDSKUS_1":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest2","LISTOFRESOURCETYPESNOTALLOWED_1":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest2"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest2/providers/Microsoft.Authorization/policyAssignments/8828df941b124d42841bfe69","type":"Microsoft.Authorization/policyAssignments","name":"8828df941b124d42841bfe69"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"jilimpolicytest2 - Allowed locations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest2","notScopes":[],"parameters":{"listOfAllowedLocations":{"value":["japanwest","japaneast"]}},"metadata":{"assignedBy":"Jin - Soon Lim","parameterScopes":{"listOfAllowedLocations":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest2"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest2/providers/Microsoft.Authorization/policyAssignments/e9860612d8ec4a469f59af06","type":"Microsoft.Authorization/policyAssignments","name":"e9860612d8ec4a469f59af06"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"akhe-incident-86226837-v2","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/0e0d567a-6089-46fc-b12c-ca5af1287abe","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86226837","notScopes":[],"parameters":{},"description":"second - attempt to repro the incident ","metadata":{"assignedBy":"Akif Heren","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86226837/providers/Microsoft.Authorization/policyAssignments/3f1e5705173546d59712ba1f","type":"Microsoft.Authorization/policyAssignments","name":"3f1e5705173546d59712ba1f"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"jilim-incident-86226837-fix","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/15358dd8-671e-4c96-be33-2b668791418f","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86226837","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Akif - Heren","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86226837/providers/Microsoft.Authorization/policyAssignments/49f23c95c52242f5b9762c0d","type":"Microsoft.Authorization/policyAssignments","name":"49f23c95c52242f5b9762c0d"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"akhe-incident-86226837","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca376","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86226837","notScopes":[],"parameters":{},"description":"reproing - incident 86226837","metadata":{"assignedBy":"Akif Heren","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86226837/providers/Microsoft.Authorization/policyAssignments/631306c13e2f42b3abc414b7","type":"Microsoft.Authorization/policyAssignments","name":"631306c13e2f42b3abc414b7"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"akhe-incident-86318519","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca600","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86226837","notScopes":[],"parameters":{},"description":"reproing - incident 86318519","metadata":{"assignedBy":"Akif Heren","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86226837/providers/Microsoft.Authorization/policyAssignments/e1e4cc3cbdfb435b9268cd4b","type":"Microsoft.Authorization/policyAssignments","name":"e1e4cc3cbdfb435b9268cd4b"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"akhe-incident-86226837-v3","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d03e03ca-6424-4e28-8842-5796dc0b5002","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86226837","notScopes":[],"parameters":{},"description":"3rd","metadata":{"assignedBy":"Akif - Heren","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86226837/providers/Microsoft.Authorization/policyAssignments/e992cf28e75942d3a66e894d","type":"Microsoft.Authorization/policyAssignments","name":"e992cf28e75942d3a66e894d"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"akhe-incident-85944710-combined","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/290b38e4-eff9-434b-b4d3-3ddd6084180f","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-85944710","notScopes":[],"parameters":{"locationNames":{"value":["westus","westus2","West - US"]}},"description":"combined policy.","metadata":{"assignedBy":"Akif Heren","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-85944710/providers/Microsoft.Authorization/policyAssignments/e67bd210931a420a87f41ad5","type":"Microsoft.Authorization/policyAssignments","name":"e67bd210931a420a87f41ad5"}]}'} + body: {string: '{"value":[{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"test_assignment000005","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001","notScopes":["/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Network/virtualNetworks"],"parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000004","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000004"}]}'} headers: cache-control: [no-cache] - content-length: ['58146'] + content-length: ['1053'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:41:28 GMT'] + date: ['Tue, 27 Nov 2018 04:15:12 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -1723,135 +1379,19 @@ interactions: CommandName: [policy assignment list] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [--disable-scope-strict-match] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments?api-version=2018-03-01 response: - body: {string: '{"value":[{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"chegg: - Remediation powershell test policy","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/9934be7a-0e18-454d-a738-a1d9bcb0c202","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Chris - Eggert","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/2deae24764b447c29af7c309","type":"Microsoft.Authorization/policyAssignments","name":"2deae24764b447c29af7c309"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Attempt - service bus","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/163c640e-681c-445f-92ba-cd434bd8c11c","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Camille - Marvin","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/e5c4e1c88be34db1bc8b2046","type":"Microsoft.Authorization/policyAssignments","name":"e5c4e1c88be34db1bc8b2046"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"ASC - Default (subscription: d0610b27-9663-4c05-89f8-5b4be01e86a5)","policyDefinitionId":"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","parameters":{"diagnosticsLogsInServiceFabricMonitoringEffect":{"value":"AuditIfNotExists"},"systemUpdatesMonitoringEffect":{"value":"AuditIfNotExists"},"systemConfigurationsMonitoringEffect":{"value":"AuditIfNotExists"},"endpointProtectionMonitoringEffect":{"value":"AuditIfNotExists"},"diskEncryptionMonitoringEffect":{"value":"AuditIfNotExists"},"networkSecurityGroupsMonitoringEffect":{"value":"AuditIfNotExists"},"webApplicationFirewallMonitoringEffect":{"value":"AuditIfNotExists"},"sqlAuditingMonitoringEffect":{"value":"AuditIfNotExists"},"sqlEncryptionMonitoringEffect":{"value":"AuditIfNotExists"},"nextGenerationFirewallMonitoringEffect":{"value":"AuditIfNotExists"},"vulnerabilityAssesmentMonitoringEffect":{"value":"AuditIfNotExists"},"storageEncryptionMonitoringEffect":{"value":"Audit"},"jitNetworkAccessMonitoringEffect":{"value":"AuditIfNotExists"},"adaptiveApplicationControlsMonitoringEffect":{"value":"AuditIfNotExists"}},"description":"This - policy assignment was automatically created by Azure Security Center","metadata":{"assignedBy":"Security - Center"}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn","type":"Microsoft.Authorization/policyAssignments","name":"SecurityCenterBuiltIn"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"storage_httpsTrafficOnly","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/023217dd-81bb-461f-93ea-8799caac50c7","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Sandip - Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1/providers/Microsoft.Authorization/policyAssignments/896b553d68384e2a9d8a2f67","type":"Microsoft.Authorization/policyAssignments","name":"896b553d68384e2a9d8a2f67"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"testImageId","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/70dc1e8d-61c9-4089-8bf5-895b227c1298","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Sandip - Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1/providers/Microsoft.Authorization/policyAssignments/a12728ff6d5f4f1f8555f05a","type":"Microsoft.Authorization/policyAssignments","name":"a12728ff6d5f4f1f8555f05a"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Allowed - Location Indexed - eastasia","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/Allowed-Locations-Indexed","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1","notScopes":[],"parameters":{"allowedLocations":{"value":["centralus"]}},"description":"test - 1","metadata":{"assignedBy":"Sandip Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1/providers/Microsoft.Authorization/policyAssignments/a63772a0504c4466a7558f76","type":"Microsoft.Authorization/policyAssignments","name":"a63772a0504c4466a7558f76"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"Do_not_Delete_Assignment","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4a0425e4-97bf-4ad0-ab36-145b94083c60","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1","notScopes":[],"parameters":{"allowedLocations":{"value":["EUS, - WEU"]}},"description":"this is used for testing purpose, do not delete it.","metadata":{"assignedBy":"Sandip - Shahane"}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1/providers/Microsoft.Authorization/policyAssignments/b7a1ca2596524e3ab19597f2","type":"Microsoft.Authorization/policyAssignments","name":"b7a1ca2596524e3ab19597f2"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Not - allowed resource types","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1","notScopes":[],"parameters":{"listOfResourceTypesNotAllowed":{"value":["Microsoft.Storage/storageAccounts"]}},"description":"test - ","metadata":{"assignedBy":"Sandip Shahane","parameterScopes":{"listOfResourceTypesNotAllowed":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1/providers/Microsoft.Authorization/policyAssignments/c0e2b84ed8224fe684fb0487","type":"Microsoft.Authorization/policyAssignments","name":"c0e2b84ed8224fe684fb0487"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"test_sandipsh123","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/db6c5074-a529-4cc8-8882-43f10ef42002","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Sandip - Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1/providers/Microsoft.Authorization/policyAssignments/fafa9611e2ad4da19e8af8b9","type":"Microsoft.Authorization/policyAssignments","name":"fafa9611e2ad4da19e8af8b9"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"testblah3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1/providers/Microsoft.Authorization/policyAssignments/testblah3","type":"Microsoft.Authorization/policyAssignments","name":"testblah3"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"inherit - all tags","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/1e3c9312-c011-40a3-ac40-3bf3ddc24120","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/camarvin","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Camille - Marvin","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/camarvin/providers/Microsoft.Authorization/policyAssignments/6fb4cdaa7959425791446915","type":"Microsoft.Authorization/policyAssignments","name":"6fb4cdaa7959425791446915"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"camarvin - oms vm linux parameterized effect (with manually modified MI)","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/263f13f4-6b88-4788-bead-34beedde70ce","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/camarvin","notScopes":[],"parameters":{"logAnalytics":{"value":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/jilimpolicytest/providers/microsoft.operationalinsights/workspaces/jilimpolicyws"},"effect":{"value":"deployIfNotExists"}},"description":"Has - a manually modified Managed Identity with correct permissions\n\nSteps to - add permissions:\n1. Powershell: Get-AzureRmADServicePrincipal -ObjectId 055b8b93-56ec-43d6-8ba0-ede402de7fa0\n2: - Copy the \"DisplayName\" \n\n3. In azure portal: subscriptions => IAM => Add - => Search for \"DisplayName\" \n4. Add \"Log Analytics Contributor\"","metadata":{"assignedBy":"Camille - Marvin","parameterScopes":{"logAnalytics":"/subscriptions/00000000-0000-0000-0000-000000000000","effect":"/subscriptions/00000000-0000-0000-0000-000000000000"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/camarvin/providers/Microsoft.Authorization/policyAssignments/7a29f3e24c224adaa05ace42","type":"Microsoft.Authorization/policyAssignments","name":"7a29f3e24c224adaa05ace42"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"9_11_18 - security center","policyDefinitionId":"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/camarvin","notScopes":[],"parameters":{"systemUpdatesMonitoringEffect":{"value":"AuditIfNotExists"},"systemConfigurationsMonitoringEffect":{"value":"AuditIfNotExists"},"endpointProtectionMonitoringEffect":{"value":"AuditIfNotExists"},"diskEncryptionMonitoringEffect":{"value":"AuditIfNotExists"},"networkSecurityGroupsMonitoringEffect":{"value":"AuditIfNotExists"},"webApplicationFirewallMonitoringEffect":{"value":"AuditIfNotExists"},"nextGenerationFirewallMonitoringEffect":{"value":"AuditIfNotExists"},"vulnerabilityAssesmentMonitoringEffect":{"value":"AuditIfNotExists"},"storageEncryptionMonitoringEffect":{"value":"Audit"},"jitNetworkAccessMonitoringEffect":{"value":"AuditIfNotExists"},"adaptiveApplicationControlsMonitoringEffect":{"value":"AuditIfNotExists"},"sqlAuditingMonitoringEffect":{"value":"AuditIfNotExists"},"sqlEncryptionMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInAppServiceMonitoringEffect":{"value":"Audit"},"encryptionOfAutomationAccountMonitoringEffect":{"value":"Audit"},"diagnosticsLogsInBatchAccountMonitoringEffect":{"value":"AuditIfNotExists"},"metricAlertsInBatchAccountMonitoringEffect":{"value":"AuditIfNotExists"},"classicComputeVMsMonitoringEffect":{"value":"Audit"},"classicStorageAccountsMonitoringEffect":{"value":"Audit"},"diagnosticsLogsInDataLakeAnalyticsMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInDataLakeStoreMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInEventHubMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInKeyVaultMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInLogicAppsMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInRedisCacheMonitoringEffect":{"value":"Audit"},"diagnosticsLogsInSearchServiceMonitoringEffect":{"value":"AuditIfNotExists"},"aadAuthenticationInServiceFabricMonitoringEffect":{"value":"Audit"},"clusterProtectionLevelInServiceFabricMonitoringEffect":{"value":"Audit"},"diagnosticsLogsInServiceBusMonitoringEffect":{"value":"AuditIfNotExists"},"namespaceAuthorizationRulesInServiceBusMonitoringEffect":{"value":"Audit"},"aadAuthenticationInSqlServerMonitoringEffect":{"value":"AuditIfNotExists"},"secureTransferToStorageAccountMonitoringEffect":{"value":"Audit"},"diagnosticsLogsInStreamAnalyticsMonitoringEffect":{"value":"AuditIfNotExists"},"useRbacRulesMonitoringEffect":{"value":"Audit"},"disableUnrestrictedNetworkToStorageAccountMonitoringEffect":{"value":"Audit"},"accessRulesInEventHubNamespaceMonitoringEffect":{"value":"Audit"},"accessRulesInEventHubMonitoringEffect":{"value":"AuditIfNotExists"}},"metadata":{"assignedBy":"Camille - Marvin","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/camarvin/providers/Microsoft.Authorization/policyAssignments/7fc35fcaccba4ce6a1dab6b3","type":"Microsoft.Authorization/policyAssignments","name":"7fc35fcaccba4ce6a1dab6b3"},{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/camarvin-test-empty-assign","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/camarvin","parameters":{"namePattern":{"value":""}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/camarvin/providers/Microsoft.Authorization/policyAssignments/camarvin-empty","type":"Microsoft.Authorization/policyAssignments","name":"camarvin-empty"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"Allowed - resource types","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/Test","notScopes":[],"parameters":{"listOfResourceTypesAllowed":{"value":["Microsoft.AzureActiveDirectory/operations","Microsoft.AzureStack/registrations/customerSubscriptions","Microsoft.Batch/locations/quotas","Microsoft.BatchAI/fileservers","Microsoft.BatchAI/locations/operationstatuses","Microsoft.BatchAI/locations/usages","Microsoft.BatchAI/operations","Microsoft.Billing/BillingPeriods","Microsoft.Cdn/operationresults/profileresults/endpointresults/customdomainresults","Microsoft.Cdn/operations","Microsoft.Cdn/profiles/endpoints","Microsoft.ClassicNetwork/reservedIps","Microsoft.ClassicNetwork/virtualNetworks/remoteVirtualNetworkPeeringProxies","Microsoft.ClassicNetwork/virtualNetworks/virtualNetworkPeerings","Microsoft.Compute/locations/publishers","Microsoft.Compute/operations","Microsoft.ContainerRegistry/registries/regenerateCredentials","Microsoft.ContainerRegistry/registries/webhooks","Microsoft.ContainerRegistry/registries/webhooks/getCallbackConfig","Microsoft.DBforPostgreSQL/checkNameAvailability","Microsoft.DBforPostgreSQL/locations","Microsoft.DBforPostgreSQL/locations/azureAsyncOperation","Microsoft.DataMigration/locations/checkNameAvailability","Microsoft.DataMigration/locations/operationStatuses","Microsoft.DataMigration/services","Microsoft.DynamicsLcs/operations","Microsoft.EventGrid/extensionTopics","Microsoft.Network/dnszones"]}},"description":"This - policy ensures that only approves resource types can be deployed.","metadata":{"assignedBy":"Liz - Kim","parameterScopes":{"listOfResourceTypesAllowed":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/Test"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/Test/providers/Microsoft.Authorization/policyAssignments/5d78e6eb576241ee898e7450","type":"Microsoft.Authorization/policyAssignments","name":"5d78e6eb576241ee898e7450"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Policy - tracked resources SDK tests","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/71289c53-22e7-4f31-a6dd-780b532380c6","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere-sdk-tests","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere-sdk-tests/providers/Microsoft.Authorization/policyAssignments/18c66454099644de94931534","type":"Microsoft.Authorization/policyAssignments","name":"18c66454099644de94931534"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"robgatest","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/robgasatest","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Robert - Gao","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/robgasatest/providers/Microsoft.Authorization/policyAssignments/c7509a25e71345a69af498de","type":"Microsoft.Authorization/policyAssignments","name":"c7509a25e71345a69af498de"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"Audit - allowed locations","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c0f586f1-abe5-4801-8588-7332e49e60c9","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest","notScopes":[],"parameters":{"allowedLocations":{"value":["koreacentral","koreasouth"]}},"metadata":{"assignedBy":"Jin - Soon Lim","parameterScopes":{"allowedLocations":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest/providers/Microsoft.Authorization/policyAssignments/39ecf6a6f4c84656a087acb9","type":"Microsoft.Authorization/policyAssignments","name":"39ecf6a6f4c84656a087acb9"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"jilim - Allowed resource types group","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest","notScopes":[],"parameters":{"listOfResourceTypesAllowed":{"value":["stackify.retrace/services","Microsoft.DataLakeStore/accounts","Microsoft.DataLakeStore/accounts/firewallRules"]}},"description":"3","metadata":{"assignedBy":"Jin - Soon Lim","parameterScopes":{"listOfResourceTypesAllowed":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest/providers/Microsoft.Authorization/policyAssignments/46a9fc53b1f8417b9a260977","type":"Microsoft.Authorization/policyAssignments","name":"46a9fc53b1f8417b9a260977"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"jilim-incident-86226837-fix","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/15358dd8-671e-4c96-be33-2b668791418f","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Jin - Soon Lim","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest/providers/Microsoft.Authorization/policyAssignments/a130362e761140cfb54de097","type":"Microsoft.Authorization/policyAssignments","name":"a130362e761140cfb54de097"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"test_assignment000005","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001","notScopes":["/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Network/virtualNetworks"],"parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000004","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000004"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"rohitbh: - Initiative containing some definitions with deployIfNotExists effect","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/471eddb2-9421-4b81-8a25-3a0b849544dd","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rohitbhtest","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Rohit - Bhardwaj","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rohitbhtest/providers/Microsoft.Authorization/policyAssignments/a4798059d8b545ca9d3a9bf4","type":"Microsoft.Authorization/policyAssignments","name":"a4798059d8b545ca9d3a9bf4"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"RobgaDataFactoryTest","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3ffb9f8c-fdaa-41b0-ad4b-b0f55e2860c9","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/robgaTestEUS","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Robert - Gao","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/robgaTestEUS/providers/Microsoft.Authorization/policyAssignments/14c147c3c5e64680ba18065f","type":"Microsoft.Authorization/policyAssignments","name":"14c147c3c5e64680ba18065f"},{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/ea7ac87c-b242-4ed1-b49f-ca12d59175e7","parameters":{"listOfAllowedSKUs":{"value":["Standard_LRS"]}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/ea7ac87c-b242-4ed1-b49f-ca12d59175e7/providers/Microsoft.Authorization/policyAssignments/storageAccountSku","type":"Microsoft.Authorization/policyAssignments","name":"storageAccountSku"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"ICM - 83686598","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4c03a3e3-e038-4a55-a6a6-abf8e7bb9175","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/10c375d4213549ca943b5507","type":"Microsoft.Authorization/policyAssignments","name":"10c375d4213549ca943b5507"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Enforce - KeyVault diagnostic log storage (elpere)","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d0d9349d-843c-443a-9f27-5ce84f08c37e","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","description":"aaza"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/147a06ff85c644e1a06bb389","type":"Microsoft.Authorization/policyAssignments","name":"147a06ff85c644e1a06bb389"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"elpere - deny on ''test'' tag","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ced59ff0-9061-49dd-94de-093b33a640d7","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/22865d87f97b4dfe89a81509","type":"Microsoft.Authorization/policyAssignments","name":"22865d87f97b4dfe89a81509"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"docdb_aliases_test","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/1f5360b7-fe59-43f7-8af5-825df420d09c","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/2eae45fa1fcd4da1ab3a076a","type":"Microsoft.Authorization/policyAssignments","name":"2eae45fa1fcd4da1ab3a076a"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"storage - ip rules append 2","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/2b2317a7-ab02-47b5-8159-eb7e6227709f","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/3614109c79cb40b5b6aee5be","type":"Microsoft.Authorization/policyAssignments","name":"3614109c79cb40b5b6aee5be"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"elpere - deny test","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d1c0e77c-53b4-4c4d-a1f5-c535a370b0c5","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/44b5ca6aeab545c3aab8e23b","type":"Microsoft.Authorization/policyAssignments","name":"44b5ca6aeab545c3aab8e23b"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"deployifnotexist - template alias tests - redis","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5a8a68e8-ae1c-420a-9639-a94ebeb3c0c8","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/45b097d59dd441908f7a3f1f","type":"Microsoft.Authorization/policyAssignments","name":"45b097d59dd441908f7a3f1f"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"ICM - 83577342 deny proxy resource location","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/77429b44-aac1-4417-a53e-6900c07e11ac","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/5fc81fe96c7148a2a6677065","type":"Microsoft.Authorization/policyAssignments","name":"5fc81fe96c7148a2a6677065"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"NSG - Rules exists test","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/bb6a78ae-8737-41e0-9c41-cc777c8c00a0","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/69541cb19f7448f9b016f351","type":"Microsoft.Authorization/policyAssignments","name":"69541cb19f7448f9b016f351"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Policy - tracked resources SDK tests","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/71289c53-22e7-4f31-a6dd-780b532380c6","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","notScopes":[],"parameters":{},"description":"asdasd","metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/abb5adbb7b394308957c1a77","type":"Microsoft.Authorization/policyAssignments","name":"abb5adbb7b394308957c1a77"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"cosmosdb - new aliases test","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/37501145-d01b-4bc8-92d0-c795a19fd164","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/d6e82e15ff484a3bad53adbf","type":"Microsoft.Authorization/policyAssignments","name":"d6e82e15ff484a3bad53adbf"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"[elpere] - deployIfNotExists Runners test","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/dbfa9fc0-5202-4001-8759-1aa2387f825b","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/e68b39995d0e4bb8807f71ae","type":"Microsoft.Authorization/policyAssignments","name":"e68b39995d0e4bb8807f71ae"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Access - KV as part of remidiation deployment test (elpere)","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d35ce9be-f51b-4d3e-bc7f-dde2936381b0","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/e9cfe872284b49aeba2f45b7","type":"Microsoft.Authorization/policyAssignments","name":"e9cfe872284b49aeba2f45b7"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"[elpere] - DeployInNotExistsRunnersWithoutIdentity","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/dbfa9fc0-5202-4001-8759-1aa2387f825b","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/elpereDeployInNotExistsRunnersWithoutIdentity","type":"Microsoft.Authorization/policyAssignments","name":"elpereDeployInNotExistsRunnersWithoutIdentity"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"allowedOS","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e2bdec61-8c05-4ad6-b8bf-cd1b0a87c091","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipshrg3","notScopes":[],"parameters":{"listOfAllowedWindows":{"value":["2016-Datacenter"]},"listOfAllowedUbuntus":{"value":["16.04 - Lts"]}},"description":"a","metadata":{"assignedBy":"Sandip Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipshrg3/providers/Microsoft.Authorization/policyAssignments/ce50243878b84aee93c86e73","type":"Microsoft.Authorization/policyAssignments","name":"ce50243878b84aee93c86e73"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Enforce - tag and its value test","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","notScopes":[],"parameters":{"tagName":{"value":"2018-07-25T00:53:12Z"},"tagValue":{"value":"2018-07-25T00:53:12.3067173Z - "}},"metadata":{"assignedBy":"Narine Mossikyan","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh/providers/Microsoft.Authorization/policyAssignments/400aff512a774d8782cbfb08","type":"Microsoft.Authorization/policyAssignments","name":"400aff512a774d8782cbfb08"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"narinem - - 2 defaultValue: all parameters","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ea1688b3-022e-4add-af39-2fe60689a3b0","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","notScopes":[],"parameters":{"locations":{"value":["eastus","westus"]},"location":{"value":"eastus"},"resourceGroups":{"value":["camarvin"]},"resourceGroup":{"value":"camarvin"},"tags":{"value":["London","New - York"]},"allowedLocations":{"value":["eastus"]},"allowedLocation":{"value":"eastus"},"allowedStorageSKUs":{"value":["Standard_LRS","Standard_ZRS","Standard_GRS"]},"allowedStorageSKU":{"value":"Standard_LRS"},"allowedTags":{"value":["FirstName","LastName","Age"]},"allowedTag":{"value":"FirstName"}},"metadata":{"assignedBy":"Narine - Mossikyan","parameterScopes":{"locations":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","location":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","resourceGroups":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","resourceGroup":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","allowedLocations":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","allowedLocation":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","allowedStorageSKUs":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","allowedStorageSKU":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh/providers/Microsoft.Authorization/policyAssignments/46b2dd438ab547eaa10e2bc3","type":"Microsoft.Authorization/policyAssignments","name":"46b2dd438ab547eaa10e2bc3"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"narinem - - Enforce tag and its value","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","notScopes":[],"parameters":{"tagName":{"value":"name"},"tagValue":{"value":"value"}},"metadata":{"assignedBy":"Narine - Mossikyan","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh/providers/Microsoft.Authorization/policyAssignments/77fec4647f8442e3b7ce96db","type":"Microsoft.Authorization/policyAssignments","name":"77fec4647f8442e3b7ce96db"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"narinem - - defaultValue: all parameters with overwrites","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ea1688b3-022e-4add-af39-2fe60689a3b0","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","notScopes":[],"parameters":{"locations":{"value":["eastus","westus","eastus2","centralus"]},"location":{"value":"eastus"},"resourceGroups":{"value":["camarvin"]},"resourceGroup":{"value":"camarvin"},"allowedLocations":{"value":["eastus"]},"allowedLocation":{"value":"eastus"},"allowedStorageSKUs":{"value":["Standard_LRS","Standard_ZRS","Standard_GRS"]},"allowedStorageSKU":{"value":"Standard_LRS"},"allowedTags":{"value":["FirstName","LastName","Age"]},"allowedTag":{"value":"FirstName"}},"metadata":{"assignedBy":"Narine - Mossikyan","parameterScopes":{"locations":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","location":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","resourceGroups":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","resourceGroup":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","allowedLocations":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","allowedLocation":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","allowedStorageSKUs":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","allowedStorageSKU":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh/providers/Microsoft.Authorization/policyAssignments/78a2dfec07014d659619515d","type":"Microsoft.Authorization/policyAssignments","name":"78a2dfec07014d659619515d"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Enforce - tag and its value","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","notScopes":[],"parameters":{"tagName":{"value":"er"},"tagValue":{"value":"wete"}},"metadata":{"assignedBy":"Narine - Mossikyan","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh/providers/Microsoft.Authorization/policyAssignments/beb85152cea0475ba4942c26","type":"Microsoft.Authorization/policyAssignments","name":"beb85152cea0475ba4942c26"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"akhe-incident-86230190-deployIfNotExists","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d03e03ca-6424-4e28-8842-5796dc0b5632","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86230190","notScopes":[],"parameters":{},"description":"adding - this to help custmomer for incident 86230190","metadata":{"assignedBy":"Akif - Heren","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86230190/providers/Microsoft.Authorization/policyAssignments/2b3657d96b224ee3a708d815","type":"Microsoft.Authorization/policyAssignments","name":"2b3657d96b224ee3a708d815"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"akhe-incident-86230190-v2","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/83daa8ee-7c9a-470c-81a8-5a99ac09d134","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86230190","notScopes":[],"parameters":{},"description":"audits - if a resource doesn''t have a lock","metadata":{"assignedBy":"Akif Heren","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86230190/providers/Microsoft.Authorization/policyAssignments/4c15b85c96404165be04889e","type":"Microsoft.Authorization/policyAssignments","name":"4c15b85c96404165be04889e"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"akhe-incident-86230190","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca8d6","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86230190","notScopes":[],"parameters":{},"description":"reproing - incident 86230190","metadata":{"assignedBy":"Akif Heren","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86230190/providers/Microsoft.Authorization/policyAssignments/d2101b18c58142acafa06f07","type":"Microsoft.Authorization/policyAssignments","name":"d2101b18c58142acafa06f07"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Apply - tag and its default value conflicting1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh","notScopes":[],"parameters":{"tagName":{"value":"tagName"},"tagValue":{"value":"t2"}},"metadata":{"assignedBy":"Sandip - Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh/providers/Microsoft.Authorization/policyAssignments/1227b506064144338d0fd256","type":"Microsoft.Authorization/policyAssignments","name":"1227b506064144338d0fd256"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"testSandipsh - metric alert policy3","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/123c6354-fc96-4f54-984e-8d49d06a80a3","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh","notScopes":[],"parameters":{"resourceType":{"value":"Microsoft.Storage/storageAccounts1"},"alertNamePrefix":{"value":"testSandipsh3"},"alertDescription":{"value":"This - is test 3 policy assignment"},"alertSeverity":{"value":"4"},"isEnabled":{"value":"true"},"metricName":{"value":"Transactions"},"operator":{"value":"GreaterThan"},"threshold":{"value":"1"},"timeAggregation":{"value":"Total"},"windowSize":{"value":"PT5M"},"evaluationFrequency":{"value":"PT1M"},"actionGroupId":{"value":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/default-activitylogalerts/providers/microsoft.insights/actiongroups/sandipsh"}},"description":"This - is a test assignment created using \"testSandipsh metric alert policy3\" policy - definition.","metadata":{"assignedBy":"Sandip Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh/providers/Microsoft.Authorization/policyAssignments/123a95223c214e4eaf7b88d9","type":"Microsoft.Authorization/policyAssignments","name":"123a95223c214e4eaf7b88d9"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"detect - ''allow All'' NSG rule","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4c915617-16f0-4c62-b021-e66d5409d11d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Liz - Kim","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh/providers/Microsoft.Authorization/policyAssignments/4710061986c740bb92427daf","type":"Microsoft.Authorization/policyAssignments","name":"4710061986c740bb92427daf"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"tags","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/875cf75e-49c3-47f8-ab8d-89ba3d2311a0","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Sandip - Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh/providers/Microsoft.Authorization/policyAssignments/57f3f848f38346ea8614463f","type":"Microsoft.Authorization/policyAssignments","name":"57f3f848f38346ea8614463f"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Audit - existence of a tag2","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/24813039-7534-408a-9842-eb99f45721b1","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh","notScopes":[],"parameters":{"tagName":{"value":"env"}},"metadata":{"assignedBy":"Sandip - Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh/providers/Microsoft.Authorization/policyAssignments/8b3c4695be824259a66370e1","type":"Microsoft.Authorization/policyAssignments","name":"8b3c4695be824259a66370e1"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"[Preview]: - Apply Diagnostic Settings for Network Security Groups","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh","notScopes":[],"parameters":{"storagePrefix":{"value":"testSandipsh"},"rgName":{"value":"testSandipsh"}},"metadata":{"assignedBy":"Sandip - Shahane","parameterScopes":{"rgName":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh/providers/Microsoft.Authorization/policyAssignments/b72ec05b04624c87b35e5d97","type":"Microsoft.Authorization/policyAssignments","name":"b72ec05b04624c87b35e5d97"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"storage_httpsTrafficOnly_testSandipshRG","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/023217dd-81bb-461f-93ea-8799caac50c7","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Sandip - Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh/providers/Microsoft.Authorization/policyAssignments/bc650b603c02494bb890837e","type":"Microsoft.Authorization/policyAssignments","name":"bc650b603c02494bb890837e"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"testSandipsh - metric alert policy Assignment1","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/6f2c6354-fc96-4f54-984e-8d49d06a80a3","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh","notScopes":[],"parameters":{"resourceType":{"value":"Microsoft.Storage/storageAccounts1"},"alertNamePrefix":{"value":"testSandipshPrefix"},"alertDescription":{"value":"this - is dummy alert"},"alertSeverity":{"value":"4"},"isEnabled":{"value":"true"},"metricName":{"value":"Transactions"},"operator":{"value":"GreaterThan"},"threshold":{"value":"1"},"timeAggregation":{"value":"Total"},"windowSize":{"value":"PT5M"},"evaluationFrequency":{"value":"PT1M"},"actionGroupId":{"value":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/default-activitylogalerts/providers/microsoft.insights/actiongroups/sandipsh"}},"metadata":{"assignedBy":"Sandip - Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh/providers/Microsoft.Authorization/policyAssignments/e2737c4f650a4c569ad6df20","type":"Microsoft.Authorization/policyAssignments","name":"e2737c4f650a4c569ad6df20"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Apply - tag and its default value conflicting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh","notScopes":[],"parameters":{"tagName":{"value":"tagName"},"tagValue":{"value":"tag1"}},"metadata":{"assignedBy":"Sandip - Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh/providers/Microsoft.Authorization/policyAssignments/f45d12be72f4471f84f6b47f","type":"Microsoft.Authorization/policyAssignments","name":"f45d12be72f4471f84f6b47f"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"testSandipsh.Assignment.draft","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/testSandipsh.draft","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh","notScopes":[],"parameters":{"resourceType":{"value":"Microsoft.Storage/storageAccounts"},"alertNamePrefix":{"value":"testSandipsh.draft"},"alertDescription":{"value":"This - is test draft policy assignment"},"alertSeverity":{"value":"4"},"isEnabled":{"value":"true"},"metricName":{"value":"Transactions"},"operator":{"value":"GreaterThan"},"threshold":{"value":"1"},"timeAggregation":{"value":"Total"},"windowSize":{"value":"PT5M"},"evaluationFrequency":{"value":"PT1M"},"actionGroupId":{"value":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/default-activitylogalerts/providers/microsoft.insights/actiongroups/sandipsh"}},"description":"test - assignment","metadata":{"assignedBy":"Sandip Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh/providers/Microsoft.Authorization/policyAssignments/testSandipsh.Assignment.draft","type":"Microsoft.Authorization/policyAssignments","name":"testSandipsh.Assignment.draft"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"joelpo-Audit - VMs that do not use managed disks","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/joelpogroup","notScopes":[],"parameters":{},"description":"test_rg_assignment","metadata":{"assignedBy":"Joel - Pothering","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/joelpogroup/providers/Microsoft.Authorization/policyAssignments/7df9280324ba4f41a41ce08a","type":"Microsoft.Authorization/policyAssignments","name":"7df9280324ba4f41a41ce08a"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Test - storage alias","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5fa69139-9a49-464e-90b5-0d243a469138","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/camarvin-asr","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Camille - Marvin","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/camarvin-asr/providers/Microsoft.Authorization/policyAssignments/a164f0ceb98d474685ecf9ab","type":"Microsoft.Authorization/policyAssignments","name":"a164f0ceb98d474685ecf9ab"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"jilim - allowed set","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/762007ec-c5ba-41ae-a52d-db0834bea096","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest2","notScopes":[],"parameters":{"LISTOFALLOWEDSKUS_1":{"value":["Basic_A0"]},"LISTOFRESOURCETYPESNOTALLOWED_1":{"value":["Microsoft.Network/networkSecurityGroups","Aspera.Transfers/listCommunicationPreference"]}},"metadata":{"assignedBy":"Jin - Soon Lim","parameterScopes":{"LISTOFALLOWEDSKUS_1":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest2","LISTOFRESOURCETYPESNOTALLOWED_1":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest2"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest2/providers/Microsoft.Authorization/policyAssignments/8828df941b124d42841bfe69","type":"Microsoft.Authorization/policyAssignments","name":"8828df941b124d42841bfe69"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"jilimpolicytest2 - Allowed locations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest2","notScopes":[],"parameters":{"listOfAllowedLocations":{"value":["japanwest","japaneast"]}},"metadata":{"assignedBy":"Jin - Soon Lim","parameterScopes":{"listOfAllowedLocations":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest2"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest2/providers/Microsoft.Authorization/policyAssignments/e9860612d8ec4a469f59af06","type":"Microsoft.Authorization/policyAssignments","name":"e9860612d8ec4a469f59af06"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"akhe-incident-86226837-v2","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/0e0d567a-6089-46fc-b12c-ca5af1287abe","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86226837","notScopes":[],"parameters":{},"description":"second - attempt to repro the incident ","metadata":{"assignedBy":"Akif Heren","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86226837/providers/Microsoft.Authorization/policyAssignments/3f1e5705173546d59712ba1f","type":"Microsoft.Authorization/policyAssignments","name":"3f1e5705173546d59712ba1f"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"jilim-incident-86226837-fix","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/15358dd8-671e-4c96-be33-2b668791418f","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86226837","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Akif - Heren","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86226837/providers/Microsoft.Authorization/policyAssignments/49f23c95c52242f5b9762c0d","type":"Microsoft.Authorization/policyAssignments","name":"49f23c95c52242f5b9762c0d"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"akhe-incident-86226837","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca376","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86226837","notScopes":[],"parameters":{},"description":"reproing - incident 86226837","metadata":{"assignedBy":"Akif Heren","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86226837/providers/Microsoft.Authorization/policyAssignments/631306c13e2f42b3abc414b7","type":"Microsoft.Authorization/policyAssignments","name":"631306c13e2f42b3abc414b7"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"akhe-incident-86318519","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca600","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86226837","notScopes":[],"parameters":{},"description":"reproing - incident 86318519","metadata":{"assignedBy":"Akif Heren","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86226837/providers/Microsoft.Authorization/policyAssignments/e1e4cc3cbdfb435b9268cd4b","type":"Microsoft.Authorization/policyAssignments","name":"e1e4cc3cbdfb435b9268cd4b"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"akhe-incident-86226837-v3","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d03e03ca-6424-4e28-8842-5796dc0b5002","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86226837","notScopes":[],"parameters":{},"description":"3rd","metadata":{"assignedBy":"Akif - Heren","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86226837/providers/Microsoft.Authorization/policyAssignments/e992cf28e75942d3a66e894d","type":"Microsoft.Authorization/policyAssignments","name":"e992cf28e75942d3a66e894d"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"akhe-incident-85944710-combined","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/290b38e4-eff9-434b-b4d3-3ddd6084180f","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-85944710","notScopes":[],"parameters":{"locationNames":{"value":["westus","westus2","West - US"]}},"description":"combined policy.","metadata":{"assignedBy":"Akif Heren","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-85944710/providers/Microsoft.Authorization/policyAssignments/e67bd210931a420a87f41ad5","type":"Microsoft.Authorization/policyAssignments","name":"e67bd210931a420a87f41ad5"}]}'} + body: {string: '{"value":[{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"test_assignment000005","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001","notScopes":["/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Network/virtualNetworks"],"parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000004","type":"Microsoft.Authorization/policyAssignments","name":"azurecli-test-policy-assignment000004"}]}'} headers: cache-control: [no-cache] - content-length: ['58146'] + content-length: ['1053'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:41:29 GMT'] + date: ['Tue, 27 Nov 2018 04:15:13 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -1868,8 +1408,9 @@ interactions: Connection: [keep-alive] Content-Length: ['0'] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n -g] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: DELETE uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000004?api-version=2018-03-01 @@ -1879,7 +1420,7 @@ interactions: cache-control: [no-cache] content-length: ['1041'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:41:30 GMT'] + date: ['Tue, 27 Nov 2018 04:15:14 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -1896,135 +1437,19 @@ interactions: CommandName: [policy assignment list] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [--disable-scope-strict-match] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments?api-version=2018-03-01 response: - body: {string: '{"value":[{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"chegg: - Remediation powershell test policy","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/9934be7a-0e18-454d-a738-a1d9bcb0c202","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Chris - Eggert","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/2deae24764b447c29af7c309","type":"Microsoft.Authorization/policyAssignments","name":"2deae24764b447c29af7c309"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Attempt - service bus","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/163c640e-681c-445f-92ba-cd434bd8c11c","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Camille - Marvin","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/e5c4e1c88be34db1bc8b2046","type":"Microsoft.Authorization/policyAssignments","name":"e5c4e1c88be34db1bc8b2046"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"ASC - Default (subscription: d0610b27-9663-4c05-89f8-5b4be01e86a5)","policyDefinitionId":"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","parameters":{"diagnosticsLogsInServiceFabricMonitoringEffect":{"value":"AuditIfNotExists"},"systemUpdatesMonitoringEffect":{"value":"AuditIfNotExists"},"systemConfigurationsMonitoringEffect":{"value":"AuditIfNotExists"},"endpointProtectionMonitoringEffect":{"value":"AuditIfNotExists"},"diskEncryptionMonitoringEffect":{"value":"AuditIfNotExists"},"networkSecurityGroupsMonitoringEffect":{"value":"AuditIfNotExists"},"webApplicationFirewallMonitoringEffect":{"value":"AuditIfNotExists"},"sqlAuditingMonitoringEffect":{"value":"AuditIfNotExists"},"sqlEncryptionMonitoringEffect":{"value":"AuditIfNotExists"},"nextGenerationFirewallMonitoringEffect":{"value":"AuditIfNotExists"},"vulnerabilityAssesmentMonitoringEffect":{"value":"AuditIfNotExists"},"storageEncryptionMonitoringEffect":{"value":"Audit"},"jitNetworkAccessMonitoringEffect":{"value":"AuditIfNotExists"},"adaptiveApplicationControlsMonitoringEffect":{"value":"AuditIfNotExists"}},"description":"This - policy assignment was automatically created by Azure Security Center","metadata":{"assignedBy":"Security - Center"}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn","type":"Microsoft.Authorization/policyAssignments","name":"SecurityCenterBuiltIn"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"storage_httpsTrafficOnly","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/023217dd-81bb-461f-93ea-8799caac50c7","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Sandip - Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1/providers/Microsoft.Authorization/policyAssignments/896b553d68384e2a9d8a2f67","type":"Microsoft.Authorization/policyAssignments","name":"896b553d68384e2a9d8a2f67"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"testImageId","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/70dc1e8d-61c9-4089-8bf5-895b227c1298","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Sandip - Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1/providers/Microsoft.Authorization/policyAssignments/a12728ff6d5f4f1f8555f05a","type":"Microsoft.Authorization/policyAssignments","name":"a12728ff6d5f4f1f8555f05a"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Allowed - Location Indexed - eastasia","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/Allowed-Locations-Indexed","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1","notScopes":[],"parameters":{"allowedLocations":{"value":["centralus"]}},"description":"test - 1","metadata":{"assignedBy":"Sandip Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1/providers/Microsoft.Authorization/policyAssignments/a63772a0504c4466a7558f76","type":"Microsoft.Authorization/policyAssignments","name":"a63772a0504c4466a7558f76"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"Do_not_Delete_Assignment","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4a0425e4-97bf-4ad0-ab36-145b94083c60","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1","notScopes":[],"parameters":{"allowedLocations":{"value":["EUS, - WEU"]}},"description":"this is used for testing purpose, do not delete it.","metadata":{"assignedBy":"Sandip - Shahane"}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1/providers/Microsoft.Authorization/policyAssignments/b7a1ca2596524e3ab19597f2","type":"Microsoft.Authorization/policyAssignments","name":"b7a1ca2596524e3ab19597f2"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Not - allowed resource types","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1","notScopes":[],"parameters":{"listOfResourceTypesNotAllowed":{"value":["Microsoft.Storage/storageAccounts"]}},"description":"test - ","metadata":{"assignedBy":"Sandip Shahane","parameterScopes":{"listOfResourceTypesNotAllowed":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1/providers/Microsoft.Authorization/policyAssignments/c0e2b84ed8224fe684fb0487","type":"Microsoft.Authorization/policyAssignments","name":"c0e2b84ed8224fe684fb0487"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"test_sandipsh123","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/db6c5074-a529-4cc8-8882-43f10ef42002","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Sandip - Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1/providers/Microsoft.Authorization/policyAssignments/fafa9611e2ad4da19e8af8b9","type":"Microsoft.Authorization/policyAssignments","name":"fafa9611e2ad4da19e8af8b9"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"testblah3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1/providers/Microsoft.Authorization/policyAssignments/testblah3","type":"Microsoft.Authorization/policyAssignments","name":"testblah3"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"inherit - all tags","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/1e3c9312-c011-40a3-ac40-3bf3ddc24120","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/camarvin","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Camille - Marvin","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/camarvin/providers/Microsoft.Authorization/policyAssignments/6fb4cdaa7959425791446915","type":"Microsoft.Authorization/policyAssignments","name":"6fb4cdaa7959425791446915"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"camarvin - oms vm linux parameterized effect (with manually modified MI)","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/263f13f4-6b88-4788-bead-34beedde70ce","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/camarvin","notScopes":[],"parameters":{"logAnalytics":{"value":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/jilimpolicytest/providers/microsoft.operationalinsights/workspaces/jilimpolicyws"},"effect":{"value":"deployIfNotExists"}},"description":"Has - a manually modified Managed Identity with correct permissions\n\nSteps to - add permissions:\n1. Powershell: Get-AzureRmADServicePrincipal -ObjectId 055b8b93-56ec-43d6-8ba0-ede402de7fa0\n2: - Copy the \"DisplayName\" \n\n3. In azure portal: subscriptions => IAM => Add - => Search for \"DisplayName\" \n4. Add \"Log Analytics Contributor\"","metadata":{"assignedBy":"Camille - Marvin","parameterScopes":{"logAnalytics":"/subscriptions/00000000-0000-0000-0000-000000000000","effect":"/subscriptions/00000000-0000-0000-0000-000000000000"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/camarvin/providers/Microsoft.Authorization/policyAssignments/7a29f3e24c224adaa05ace42","type":"Microsoft.Authorization/policyAssignments","name":"7a29f3e24c224adaa05ace42"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"9_11_18 - security center","policyDefinitionId":"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/camarvin","notScopes":[],"parameters":{"systemUpdatesMonitoringEffect":{"value":"AuditIfNotExists"},"systemConfigurationsMonitoringEffect":{"value":"AuditIfNotExists"},"endpointProtectionMonitoringEffect":{"value":"AuditIfNotExists"},"diskEncryptionMonitoringEffect":{"value":"AuditIfNotExists"},"networkSecurityGroupsMonitoringEffect":{"value":"AuditIfNotExists"},"webApplicationFirewallMonitoringEffect":{"value":"AuditIfNotExists"},"nextGenerationFirewallMonitoringEffect":{"value":"AuditIfNotExists"},"vulnerabilityAssesmentMonitoringEffect":{"value":"AuditIfNotExists"},"storageEncryptionMonitoringEffect":{"value":"Audit"},"jitNetworkAccessMonitoringEffect":{"value":"AuditIfNotExists"},"adaptiveApplicationControlsMonitoringEffect":{"value":"AuditIfNotExists"},"sqlAuditingMonitoringEffect":{"value":"AuditIfNotExists"},"sqlEncryptionMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInAppServiceMonitoringEffect":{"value":"Audit"},"encryptionOfAutomationAccountMonitoringEffect":{"value":"Audit"},"diagnosticsLogsInBatchAccountMonitoringEffect":{"value":"AuditIfNotExists"},"metricAlertsInBatchAccountMonitoringEffect":{"value":"AuditIfNotExists"},"classicComputeVMsMonitoringEffect":{"value":"Audit"},"classicStorageAccountsMonitoringEffect":{"value":"Audit"},"diagnosticsLogsInDataLakeAnalyticsMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInDataLakeStoreMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInEventHubMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInKeyVaultMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInLogicAppsMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInRedisCacheMonitoringEffect":{"value":"Audit"},"diagnosticsLogsInSearchServiceMonitoringEffect":{"value":"AuditIfNotExists"},"aadAuthenticationInServiceFabricMonitoringEffect":{"value":"Audit"},"clusterProtectionLevelInServiceFabricMonitoringEffect":{"value":"Audit"},"diagnosticsLogsInServiceBusMonitoringEffect":{"value":"AuditIfNotExists"},"namespaceAuthorizationRulesInServiceBusMonitoringEffect":{"value":"Audit"},"aadAuthenticationInSqlServerMonitoringEffect":{"value":"AuditIfNotExists"},"secureTransferToStorageAccountMonitoringEffect":{"value":"Audit"},"diagnosticsLogsInStreamAnalyticsMonitoringEffect":{"value":"AuditIfNotExists"},"useRbacRulesMonitoringEffect":{"value":"Audit"},"disableUnrestrictedNetworkToStorageAccountMonitoringEffect":{"value":"Audit"},"accessRulesInEventHubNamespaceMonitoringEffect":{"value":"Audit"},"accessRulesInEventHubMonitoringEffect":{"value":"AuditIfNotExists"}},"metadata":{"assignedBy":"Camille - Marvin","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/camarvin/providers/Microsoft.Authorization/policyAssignments/7fc35fcaccba4ce6a1dab6b3","type":"Microsoft.Authorization/policyAssignments","name":"7fc35fcaccba4ce6a1dab6b3"},{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/camarvin-test-empty-assign","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/camarvin","parameters":{"namePattern":{"value":""}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/camarvin/providers/Microsoft.Authorization/policyAssignments/camarvin-empty","type":"Microsoft.Authorization/policyAssignments","name":"camarvin-empty"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"Allowed - resource types","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/Test","notScopes":[],"parameters":{"listOfResourceTypesAllowed":{"value":["Microsoft.AzureActiveDirectory/operations","Microsoft.AzureStack/registrations/customerSubscriptions","Microsoft.Batch/locations/quotas","Microsoft.BatchAI/fileservers","Microsoft.BatchAI/locations/operationstatuses","Microsoft.BatchAI/locations/usages","Microsoft.BatchAI/operations","Microsoft.Billing/BillingPeriods","Microsoft.Cdn/operationresults/profileresults/endpointresults/customdomainresults","Microsoft.Cdn/operations","Microsoft.Cdn/profiles/endpoints","Microsoft.ClassicNetwork/reservedIps","Microsoft.ClassicNetwork/virtualNetworks/remoteVirtualNetworkPeeringProxies","Microsoft.ClassicNetwork/virtualNetworks/virtualNetworkPeerings","Microsoft.Compute/locations/publishers","Microsoft.Compute/operations","Microsoft.ContainerRegistry/registries/regenerateCredentials","Microsoft.ContainerRegistry/registries/webhooks","Microsoft.ContainerRegistry/registries/webhooks/getCallbackConfig","Microsoft.DBforPostgreSQL/checkNameAvailability","Microsoft.DBforPostgreSQL/locations","Microsoft.DBforPostgreSQL/locations/azureAsyncOperation","Microsoft.DataMigration/locations/checkNameAvailability","Microsoft.DataMigration/locations/operationStatuses","Microsoft.DataMigration/services","Microsoft.DynamicsLcs/operations","Microsoft.EventGrid/extensionTopics","Microsoft.Network/dnszones"]}},"description":"This - policy ensures that only approves resource types can be deployed.","metadata":{"assignedBy":"Liz - Kim","parameterScopes":{"listOfResourceTypesAllowed":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/Test"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/Test/providers/Microsoft.Authorization/policyAssignments/5d78e6eb576241ee898e7450","type":"Microsoft.Authorization/policyAssignments","name":"5d78e6eb576241ee898e7450"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Policy - tracked resources SDK tests","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/71289c53-22e7-4f31-a6dd-780b532380c6","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere-sdk-tests","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere-sdk-tests/providers/Microsoft.Authorization/policyAssignments/18c66454099644de94931534","type":"Microsoft.Authorization/policyAssignments","name":"18c66454099644de94931534"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"robgatest","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/robgasatest","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Robert - Gao","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/robgasatest/providers/Microsoft.Authorization/policyAssignments/c7509a25e71345a69af498de","type":"Microsoft.Authorization/policyAssignments","name":"c7509a25e71345a69af498de"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"Audit - allowed locations","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c0f586f1-abe5-4801-8588-7332e49e60c9","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest","notScopes":[],"parameters":{"allowedLocations":{"value":["koreacentral","koreasouth"]}},"metadata":{"assignedBy":"Jin - Soon Lim","parameterScopes":{"allowedLocations":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest/providers/Microsoft.Authorization/policyAssignments/39ecf6a6f4c84656a087acb9","type":"Microsoft.Authorization/policyAssignments","name":"39ecf6a6f4c84656a087acb9"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"jilim - Allowed resource types group","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest","notScopes":[],"parameters":{"listOfResourceTypesAllowed":{"value":["stackify.retrace/services","Microsoft.DataLakeStore/accounts","Microsoft.DataLakeStore/accounts/firewallRules"]}},"description":"3","metadata":{"assignedBy":"Jin - Soon Lim","parameterScopes":{"listOfResourceTypesAllowed":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest/providers/Microsoft.Authorization/policyAssignments/46a9fc53b1f8417b9a260977","type":"Microsoft.Authorization/policyAssignments","name":"46a9fc53b1f8417b9a260977"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"jilim-incident-86226837-fix","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/15358dd8-671e-4c96-be33-2b668791418f","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Jin - Soon Lim","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest/providers/Microsoft.Authorization/policyAssignments/a130362e761140cfb54de097","type":"Microsoft.Authorization/policyAssignments","name":"a130362e761140cfb54de097"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"rohitbh: - Initiative containing some definitions with deployIfNotExists effect","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/471eddb2-9421-4b81-8a25-3a0b849544dd","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rohitbhtest","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Rohit - Bhardwaj","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rohitbhtest/providers/Microsoft.Authorization/policyAssignments/a4798059d8b545ca9d3a9bf4","type":"Microsoft.Authorization/policyAssignments","name":"a4798059d8b545ca9d3a9bf4"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"RobgaDataFactoryTest","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3ffb9f8c-fdaa-41b0-ad4b-b0f55e2860c9","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/robgaTestEUS","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Robert - Gao","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/robgaTestEUS/providers/Microsoft.Authorization/policyAssignments/14c147c3c5e64680ba18065f","type":"Microsoft.Authorization/policyAssignments","name":"14c147c3c5e64680ba18065f"},{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/ea7ac87c-b242-4ed1-b49f-ca12d59175e7","parameters":{"listOfAllowedSKUs":{"value":["Standard_LRS"]}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/ea7ac87c-b242-4ed1-b49f-ca12d59175e7/providers/Microsoft.Authorization/policyAssignments/storageAccountSku","type":"Microsoft.Authorization/policyAssignments","name":"storageAccountSku"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"ICM - 83686598","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4c03a3e3-e038-4a55-a6a6-abf8e7bb9175","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/10c375d4213549ca943b5507","type":"Microsoft.Authorization/policyAssignments","name":"10c375d4213549ca943b5507"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Enforce - KeyVault diagnostic log storage (elpere)","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d0d9349d-843c-443a-9f27-5ce84f08c37e","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","description":"aaza"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/147a06ff85c644e1a06bb389","type":"Microsoft.Authorization/policyAssignments","name":"147a06ff85c644e1a06bb389"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"elpere - deny on ''test'' tag","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ced59ff0-9061-49dd-94de-093b33a640d7","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/22865d87f97b4dfe89a81509","type":"Microsoft.Authorization/policyAssignments","name":"22865d87f97b4dfe89a81509"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"docdb_aliases_test","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/1f5360b7-fe59-43f7-8af5-825df420d09c","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/2eae45fa1fcd4da1ab3a076a","type":"Microsoft.Authorization/policyAssignments","name":"2eae45fa1fcd4da1ab3a076a"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"storage - ip rules append 2","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/2b2317a7-ab02-47b5-8159-eb7e6227709f","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/3614109c79cb40b5b6aee5be","type":"Microsoft.Authorization/policyAssignments","name":"3614109c79cb40b5b6aee5be"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"elpere - deny test","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d1c0e77c-53b4-4c4d-a1f5-c535a370b0c5","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/44b5ca6aeab545c3aab8e23b","type":"Microsoft.Authorization/policyAssignments","name":"44b5ca6aeab545c3aab8e23b"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"deployifnotexist - template alias tests - redis","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5a8a68e8-ae1c-420a-9639-a94ebeb3c0c8","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/45b097d59dd441908f7a3f1f","type":"Microsoft.Authorization/policyAssignments","name":"45b097d59dd441908f7a3f1f"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"ICM - 83577342 deny proxy resource location","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/77429b44-aac1-4417-a53e-6900c07e11ac","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/5fc81fe96c7148a2a6677065","type":"Microsoft.Authorization/policyAssignments","name":"5fc81fe96c7148a2a6677065"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"NSG - Rules exists test","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/bb6a78ae-8737-41e0-9c41-cc777c8c00a0","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/69541cb19f7448f9b016f351","type":"Microsoft.Authorization/policyAssignments","name":"69541cb19f7448f9b016f351"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Policy - tracked resources SDK tests","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/71289c53-22e7-4f31-a6dd-780b532380c6","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","notScopes":[],"parameters":{},"description":"asdasd","metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/abb5adbb7b394308957c1a77","type":"Microsoft.Authorization/policyAssignments","name":"abb5adbb7b394308957c1a77"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"cosmosdb - new aliases test","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/37501145-d01b-4bc8-92d0-c795a19fd164","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/d6e82e15ff484a3bad53adbf","type":"Microsoft.Authorization/policyAssignments","name":"d6e82e15ff484a3bad53adbf"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"[elpere] - deployIfNotExists Runners test","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/dbfa9fc0-5202-4001-8759-1aa2387f825b","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/e68b39995d0e4bb8807f71ae","type":"Microsoft.Authorization/policyAssignments","name":"e68b39995d0e4bb8807f71ae"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Access - KV as part of remidiation deployment test (elpere)","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d35ce9be-f51b-4d3e-bc7f-dde2936381b0","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/e9cfe872284b49aeba2f45b7","type":"Microsoft.Authorization/policyAssignments","name":"e9cfe872284b49aeba2f45b7"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"[elpere] - DeployInNotExistsRunnersWithoutIdentity","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/dbfa9fc0-5202-4001-8759-1aa2387f825b","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/elpereDeployInNotExistsRunnersWithoutIdentity","type":"Microsoft.Authorization/policyAssignments","name":"elpereDeployInNotExistsRunnersWithoutIdentity"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"allowedOS","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e2bdec61-8c05-4ad6-b8bf-cd1b0a87c091","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipshrg3","notScopes":[],"parameters":{"listOfAllowedWindows":{"value":["2016-Datacenter"]},"listOfAllowedUbuntus":{"value":["16.04 - Lts"]}},"description":"a","metadata":{"assignedBy":"Sandip Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipshrg3/providers/Microsoft.Authorization/policyAssignments/ce50243878b84aee93c86e73","type":"Microsoft.Authorization/policyAssignments","name":"ce50243878b84aee93c86e73"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Enforce - tag and its value test","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","notScopes":[],"parameters":{"tagName":{"value":"2018-07-25T00:53:12Z"},"tagValue":{"value":"2018-07-25T00:53:12.3067173Z - "}},"metadata":{"assignedBy":"Narine Mossikyan","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh/providers/Microsoft.Authorization/policyAssignments/400aff512a774d8782cbfb08","type":"Microsoft.Authorization/policyAssignments","name":"400aff512a774d8782cbfb08"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"narinem - - 2 defaultValue: all parameters","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ea1688b3-022e-4add-af39-2fe60689a3b0","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","notScopes":[],"parameters":{"locations":{"value":["eastus","westus"]},"location":{"value":"eastus"},"resourceGroups":{"value":["camarvin"]},"resourceGroup":{"value":"camarvin"},"tags":{"value":["London","New - York"]},"allowedLocations":{"value":["eastus"]},"allowedLocation":{"value":"eastus"},"allowedStorageSKUs":{"value":["Standard_LRS","Standard_ZRS","Standard_GRS"]},"allowedStorageSKU":{"value":"Standard_LRS"},"allowedTags":{"value":["FirstName","LastName","Age"]},"allowedTag":{"value":"FirstName"}},"metadata":{"assignedBy":"Narine - Mossikyan","parameterScopes":{"locations":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","location":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","resourceGroups":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","resourceGroup":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","allowedLocations":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","allowedLocation":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","allowedStorageSKUs":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","allowedStorageSKU":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh/providers/Microsoft.Authorization/policyAssignments/46b2dd438ab547eaa10e2bc3","type":"Microsoft.Authorization/policyAssignments","name":"46b2dd438ab547eaa10e2bc3"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"narinem - - Enforce tag and its value","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","notScopes":[],"parameters":{"tagName":{"value":"name"},"tagValue":{"value":"value"}},"metadata":{"assignedBy":"Narine - Mossikyan","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh/providers/Microsoft.Authorization/policyAssignments/77fec4647f8442e3b7ce96db","type":"Microsoft.Authorization/policyAssignments","name":"77fec4647f8442e3b7ce96db"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"narinem - - defaultValue: all parameters with overwrites","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ea1688b3-022e-4add-af39-2fe60689a3b0","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","notScopes":[],"parameters":{"locations":{"value":["eastus","westus","eastus2","centralus"]},"location":{"value":"eastus"},"resourceGroups":{"value":["camarvin"]},"resourceGroup":{"value":"camarvin"},"allowedLocations":{"value":["eastus"]},"allowedLocation":{"value":"eastus"},"allowedStorageSKUs":{"value":["Standard_LRS","Standard_ZRS","Standard_GRS"]},"allowedStorageSKU":{"value":"Standard_LRS"},"allowedTags":{"value":["FirstName","LastName","Age"]},"allowedTag":{"value":"FirstName"}},"metadata":{"assignedBy":"Narine - Mossikyan","parameterScopes":{"locations":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","location":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","resourceGroups":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","resourceGroup":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","allowedLocations":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","allowedLocation":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","allowedStorageSKUs":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","allowedStorageSKU":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh/providers/Microsoft.Authorization/policyAssignments/78a2dfec07014d659619515d","type":"Microsoft.Authorization/policyAssignments","name":"78a2dfec07014d659619515d"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Enforce - tag and its value","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","notScopes":[],"parameters":{"tagName":{"value":"er"},"tagValue":{"value":"wete"}},"metadata":{"assignedBy":"Narine - Mossikyan","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh/providers/Microsoft.Authorization/policyAssignments/beb85152cea0475ba4942c26","type":"Microsoft.Authorization/policyAssignments","name":"beb85152cea0475ba4942c26"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"akhe-incident-86230190-deployIfNotExists","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d03e03ca-6424-4e28-8842-5796dc0b5632","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86230190","notScopes":[],"parameters":{},"description":"adding - this to help custmomer for incident 86230190","metadata":{"assignedBy":"Akif - Heren","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86230190/providers/Microsoft.Authorization/policyAssignments/2b3657d96b224ee3a708d815","type":"Microsoft.Authorization/policyAssignments","name":"2b3657d96b224ee3a708d815"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"akhe-incident-86230190-v2","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/83daa8ee-7c9a-470c-81a8-5a99ac09d134","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86230190","notScopes":[],"parameters":{},"description":"audits - if a resource doesn''t have a lock","metadata":{"assignedBy":"Akif Heren","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86230190/providers/Microsoft.Authorization/policyAssignments/4c15b85c96404165be04889e","type":"Microsoft.Authorization/policyAssignments","name":"4c15b85c96404165be04889e"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"akhe-incident-86230190","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca8d6","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86230190","notScopes":[],"parameters":{},"description":"reproing - incident 86230190","metadata":{"assignedBy":"Akif Heren","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86230190/providers/Microsoft.Authorization/policyAssignments/d2101b18c58142acafa06f07","type":"Microsoft.Authorization/policyAssignments","name":"d2101b18c58142acafa06f07"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Apply - tag and its default value conflicting1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh","notScopes":[],"parameters":{"tagName":{"value":"tagName"},"tagValue":{"value":"t2"}},"metadata":{"assignedBy":"Sandip - Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh/providers/Microsoft.Authorization/policyAssignments/1227b506064144338d0fd256","type":"Microsoft.Authorization/policyAssignments","name":"1227b506064144338d0fd256"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"testSandipsh - metric alert policy3","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/123c6354-fc96-4f54-984e-8d49d06a80a3","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh","notScopes":[],"parameters":{"resourceType":{"value":"Microsoft.Storage/storageAccounts1"},"alertNamePrefix":{"value":"testSandipsh3"},"alertDescription":{"value":"This - is test 3 policy assignment"},"alertSeverity":{"value":"4"},"isEnabled":{"value":"true"},"metricName":{"value":"Transactions"},"operator":{"value":"GreaterThan"},"threshold":{"value":"1"},"timeAggregation":{"value":"Total"},"windowSize":{"value":"PT5M"},"evaluationFrequency":{"value":"PT1M"},"actionGroupId":{"value":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/default-activitylogalerts/providers/microsoft.insights/actiongroups/sandipsh"}},"description":"This - is a test assignment created using \"testSandipsh metric alert policy3\" policy - definition.","metadata":{"assignedBy":"Sandip Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh/providers/Microsoft.Authorization/policyAssignments/123a95223c214e4eaf7b88d9","type":"Microsoft.Authorization/policyAssignments","name":"123a95223c214e4eaf7b88d9"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"detect - ''allow All'' NSG rule","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4c915617-16f0-4c62-b021-e66d5409d11d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Liz - Kim","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh/providers/Microsoft.Authorization/policyAssignments/4710061986c740bb92427daf","type":"Microsoft.Authorization/policyAssignments","name":"4710061986c740bb92427daf"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"tags","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/875cf75e-49c3-47f8-ab8d-89ba3d2311a0","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Sandip - Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh/providers/Microsoft.Authorization/policyAssignments/57f3f848f38346ea8614463f","type":"Microsoft.Authorization/policyAssignments","name":"57f3f848f38346ea8614463f"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Audit - existence of a tag2","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/24813039-7534-408a-9842-eb99f45721b1","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh","notScopes":[],"parameters":{"tagName":{"value":"env"}},"metadata":{"assignedBy":"Sandip - Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh/providers/Microsoft.Authorization/policyAssignments/8b3c4695be824259a66370e1","type":"Microsoft.Authorization/policyAssignments","name":"8b3c4695be824259a66370e1"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"[Preview]: - Apply Diagnostic Settings for Network Security Groups","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh","notScopes":[],"parameters":{"storagePrefix":{"value":"testSandipsh"},"rgName":{"value":"testSandipsh"}},"metadata":{"assignedBy":"Sandip - Shahane","parameterScopes":{"rgName":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh/providers/Microsoft.Authorization/policyAssignments/b72ec05b04624c87b35e5d97","type":"Microsoft.Authorization/policyAssignments","name":"b72ec05b04624c87b35e5d97"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"storage_httpsTrafficOnly_testSandipshRG","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/023217dd-81bb-461f-93ea-8799caac50c7","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Sandip - Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh/providers/Microsoft.Authorization/policyAssignments/bc650b603c02494bb890837e","type":"Microsoft.Authorization/policyAssignments","name":"bc650b603c02494bb890837e"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"testSandipsh - metric alert policy Assignment1","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/6f2c6354-fc96-4f54-984e-8d49d06a80a3","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh","notScopes":[],"parameters":{"resourceType":{"value":"Microsoft.Storage/storageAccounts1"},"alertNamePrefix":{"value":"testSandipshPrefix"},"alertDescription":{"value":"this - is dummy alert"},"alertSeverity":{"value":"4"},"isEnabled":{"value":"true"},"metricName":{"value":"Transactions"},"operator":{"value":"GreaterThan"},"threshold":{"value":"1"},"timeAggregation":{"value":"Total"},"windowSize":{"value":"PT5M"},"evaluationFrequency":{"value":"PT1M"},"actionGroupId":{"value":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/default-activitylogalerts/providers/microsoft.insights/actiongroups/sandipsh"}},"metadata":{"assignedBy":"Sandip - Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh/providers/Microsoft.Authorization/policyAssignments/e2737c4f650a4c569ad6df20","type":"Microsoft.Authorization/policyAssignments","name":"e2737c4f650a4c569ad6df20"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Apply - tag and its default value conflicting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh","notScopes":[],"parameters":{"tagName":{"value":"tagName"},"tagValue":{"value":"tag1"}},"metadata":{"assignedBy":"Sandip - Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh/providers/Microsoft.Authorization/policyAssignments/f45d12be72f4471f84f6b47f","type":"Microsoft.Authorization/policyAssignments","name":"f45d12be72f4471f84f6b47f"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"testSandipsh.Assignment.draft","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/testSandipsh.draft","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh","notScopes":[],"parameters":{"resourceType":{"value":"Microsoft.Storage/storageAccounts"},"alertNamePrefix":{"value":"testSandipsh.draft"},"alertDescription":{"value":"This - is test draft policy assignment"},"alertSeverity":{"value":"4"},"isEnabled":{"value":"true"},"metricName":{"value":"Transactions"},"operator":{"value":"GreaterThan"},"threshold":{"value":"1"},"timeAggregation":{"value":"Total"},"windowSize":{"value":"PT5M"},"evaluationFrequency":{"value":"PT1M"},"actionGroupId":{"value":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/default-activitylogalerts/providers/microsoft.insights/actiongroups/sandipsh"}},"description":"test - assignment","metadata":{"assignedBy":"Sandip Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh/providers/Microsoft.Authorization/policyAssignments/testSandipsh.Assignment.draft","type":"Microsoft.Authorization/policyAssignments","name":"testSandipsh.Assignment.draft"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"joelpo-Audit - VMs that do not use managed disks","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/joelpogroup","notScopes":[],"parameters":{},"description":"test_rg_assignment","metadata":{"assignedBy":"Joel - Pothering","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/joelpogroup/providers/Microsoft.Authorization/policyAssignments/7df9280324ba4f41a41ce08a","type":"Microsoft.Authorization/policyAssignments","name":"7df9280324ba4f41a41ce08a"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Test - storage alias","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5fa69139-9a49-464e-90b5-0d243a469138","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/camarvin-asr","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Camille - Marvin","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/camarvin-asr/providers/Microsoft.Authorization/policyAssignments/a164f0ceb98d474685ecf9ab","type":"Microsoft.Authorization/policyAssignments","name":"a164f0ceb98d474685ecf9ab"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"jilim - allowed set","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/762007ec-c5ba-41ae-a52d-db0834bea096","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest2","notScopes":[],"parameters":{"LISTOFALLOWEDSKUS_1":{"value":["Basic_A0"]},"LISTOFRESOURCETYPESNOTALLOWED_1":{"value":["Microsoft.Network/networkSecurityGroups","Aspera.Transfers/listCommunicationPreference"]}},"metadata":{"assignedBy":"Jin - Soon Lim","parameterScopes":{"LISTOFALLOWEDSKUS_1":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest2","LISTOFRESOURCETYPESNOTALLOWED_1":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest2"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest2/providers/Microsoft.Authorization/policyAssignments/8828df941b124d42841bfe69","type":"Microsoft.Authorization/policyAssignments","name":"8828df941b124d42841bfe69"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"jilimpolicytest2 - Allowed locations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest2","notScopes":[],"parameters":{"listOfAllowedLocations":{"value":["japanwest","japaneast"]}},"metadata":{"assignedBy":"Jin - Soon Lim","parameterScopes":{"listOfAllowedLocations":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest2"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest2/providers/Microsoft.Authorization/policyAssignments/e9860612d8ec4a469f59af06","type":"Microsoft.Authorization/policyAssignments","name":"e9860612d8ec4a469f59af06"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"akhe-incident-86226837-v2","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/0e0d567a-6089-46fc-b12c-ca5af1287abe","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86226837","notScopes":[],"parameters":{},"description":"second - attempt to repro the incident ","metadata":{"assignedBy":"Akif Heren","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86226837/providers/Microsoft.Authorization/policyAssignments/3f1e5705173546d59712ba1f","type":"Microsoft.Authorization/policyAssignments","name":"3f1e5705173546d59712ba1f"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"jilim-incident-86226837-fix","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/15358dd8-671e-4c96-be33-2b668791418f","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86226837","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Akif - Heren","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86226837/providers/Microsoft.Authorization/policyAssignments/49f23c95c52242f5b9762c0d","type":"Microsoft.Authorization/policyAssignments","name":"49f23c95c52242f5b9762c0d"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"akhe-incident-86226837","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca376","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86226837","notScopes":[],"parameters":{},"description":"reproing - incident 86226837","metadata":{"assignedBy":"Akif Heren","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86226837/providers/Microsoft.Authorization/policyAssignments/631306c13e2f42b3abc414b7","type":"Microsoft.Authorization/policyAssignments","name":"631306c13e2f42b3abc414b7"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"akhe-incident-86318519","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca600","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86226837","notScopes":[],"parameters":{},"description":"reproing - incident 86318519","metadata":{"assignedBy":"Akif Heren","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86226837/providers/Microsoft.Authorization/policyAssignments/e1e4cc3cbdfb435b9268cd4b","type":"Microsoft.Authorization/policyAssignments","name":"e1e4cc3cbdfb435b9268cd4b"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"akhe-incident-86226837-v3","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d03e03ca-6424-4e28-8842-5796dc0b5002","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86226837","notScopes":[],"parameters":{},"description":"3rd","metadata":{"assignedBy":"Akif - Heren","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86226837/providers/Microsoft.Authorization/policyAssignments/e992cf28e75942d3a66e894d","type":"Microsoft.Authorization/policyAssignments","name":"e992cf28e75942d3a66e894d"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"akhe-incident-85944710-combined","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/290b38e4-eff9-434b-b4d3-3ddd6084180f","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-85944710","notScopes":[],"parameters":{"locationNames":{"value":["westus","westus2","West - US"]}},"description":"combined policy.","metadata":{"assignedBy":"Akif Heren","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-85944710/providers/Microsoft.Authorization/policyAssignments/e67bd210931a420a87f41ad5","type":"Microsoft.Authorization/policyAssignments","name":"e67bd210931a420a87f41ad5"}]}'} + body: {string: '{"value":[]}'} headers: cache-control: [no-cache] - content-length: ['57104'] + content-length: ['12'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:41:32 GMT'] + date: ['Tue, 27 Nov 2018 04:15:14 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -2041,27 +1466,28 @@ interactions: Connection: [keep-alive] Content-Length: ['0'] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: DELETE uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002?api-version=2018-03-01 response: - body: {string: '{"properties":{"displayName":"test_policy000003_new","policyType":"Custom","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The - list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed - locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"}'} + body: {string: '{"properties":{"displayName":"test_policy000003_new","policyType":"Custom","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed + locations","description":"The list of locations that can be specified when + deploying resources","strongType":"location"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"}'} headers: cache-control: [no-cache] content-length: ['710'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:41:33 GMT'] + date: ['Tue, 27 Nov 2018 04:15:17 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] transfer-encoding: [chunked] vary: ['Accept-Encoding,Accept-Encoding'] x-content-type-options: [nosniff] - x-ms-ratelimit-remaining-subscription-deletes: ['14998'] + x-ms-ratelimit-remaining-subscription-deletes: ['14999'] status: {code: 200, message: OK} - request: body: null @@ -2071,8 +1497,8 @@ interactions: CommandName: [policy definition list] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions?api-version=2018-03-01 @@ -2084,7 +1510,9 @@ interactions: Analytics workspace","description":"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant ''Log Analytics Contributor'' permissions (or similar) to the - policy assignment''s principal ID.","strongType":"omsWorkspace"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","sles-byos"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"OmsAgentForLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"OmsAgentForLinux","vmExtensionTypeHandlerVersion":"1.7"},"resources":[{"name":"[concat(parameters(''vmName''), + policy assignment''s principal ID.","strongType":"omsWorkspace"}},"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"OmsAgentForLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"OmsAgentForLinux","vmExtensionTypeHandlerVersion":"1.7"},"resources":[{"name":"[concat(parameters(''vmName''), ''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''), ''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''), ''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled @@ -2098,7 +1526,7 @@ interactions: days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","type":"Microsoft.Authorization/policyDefinitions","name":"057ef27e-665e-4328-8ea3-04b3122bd9fb"},{"properties":{"displayName":"Audit SQL DB Level Audit Setting","policyType":"BuiltIn","mode":"All","description":"Audit DB level audit setting for SQL databases","metadata":{"category":"SQL","deprecated":true},"parameters":{"setting":{"type":"String","metadata":{"displayName":"Audit - Setting"},"allowedValues":["enabled","disabled"]}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers/databases"},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Sql/servers/databases/auditingSettings","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/auditingSettings.state","equals":"[parameters(''setting'')]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"Audit + Setting"},"allowedValues":["enabled","disabled"]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Sql/servers/databases/auditingSettings","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/auditingSettings.state","equals":"[parameters(''setting'')]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"Audit VMs that do not use managed disks","policyType":"BuiltIn","mode":"All","description":"This policy audits VMs that do not use managed disks","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/virtualMachines/osDisk.uri","exists":"True"}]},{"allOf":[{"field":"type","equals":"Microsoft.Compute/VirtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers","exists":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl","exists":"True"}]}]}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a4d"},{"properties":{"displayName":"[Preview]: Deploy Log Analytics Agent for Windows VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy @@ -2107,7 +1535,9 @@ interactions: Analytics workspace","description":"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant ''Log Analytics Contributor'' permissions (or similar) to the - policy assignment''s principal ID.","strongType":"omsWorkspace"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"MicrosoftMonitoringAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"MicrosoftMonitoringAgent","vmExtensionTypeHandlerVersion":"1.0"},"resources":[{"name":"[concat(parameters(''vmName''), + policy assignment''s principal ID.","strongType":"omsWorkspace"}},"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + values: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"MicrosoftMonitoringAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"MicrosoftMonitoringAgent","vmExtensionTypeHandlerVersion":"1.0"},"resources":[{"name":"[concat(parameters(''vmName''), ''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''), ''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''), ''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled @@ -2124,21 +1554,36 @@ interactions: that the resource location matches its resource group location","metadata":{"category":"General"},"policyRule":{"if":{"field":"location","notIn":["[resourcegroup().location]","global"]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a","type":"Microsoft.Authorization/policyDefinitions","name":"0a914e76-4921-4c19-b460-a2d36003525a"},{"properties":{"displayName":"[Preview]: Audit Dependency Agent Deployment - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the - agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","sles-byos"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.2-LTS","14.04.3-LTS","14.04.4-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","type":"Microsoft.Authorization/policyDefinitions","name":"11ac78e3-31bc-4f0c-8434-37ab963cea07"},{"properties":{"displayName":"[Preview]: + agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude_windows":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","type":"Microsoft.Authorization/policyDefinitions","name":"11ac78e3-31bc-4f0c-8434-37ab963cea07"},{"properties":{"displayName":"[Preview]: + Deploy VM extension to audit application inside Windows VMs must be present","policyType":"BuiltIn","mode":"Indexed","description":"Include + this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft + Azure Managed Service Identity, and required content to audit applications + inside Windows VMs must be present.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"installedApplication":{"type":"String","metadata":{"displayName":"Application + name (supports wildcard)","description":"Application name. Example: ''Microsoft + SQL Server 2014 (64-bit)'' or ''Microsoft SQL Server 2014*'' to match any + application starting with ''Microsoft SQL Server 2014''."}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"WhitelistedApplication","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"WhitelistedApplication"},"installedApplication":{"value":"[parameters(''installedApplication'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"installedApplication":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]bwhitelistedapp;Name","value":"[Parameters(''installedApplication'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), + ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6","type":"Microsoft.Authorization/policyDefinitions","name":"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6"},{"properties":{"displayName":"[Preview]: Deploy VM extension to audit Windows VM minimum password age 1 day","policyType":"BuiltIn","mode":"Indexed","description":"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password must be used before the user can change it.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"MinimumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"MinimumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"MinimumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"MinimumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","type":"Microsoft.Authorization/policyDefinitions","name":"16390df4-2f73-4b42-af13-c801066763df"},{"properties":{"displayName":"Audit transparent data encryption status","policyType":"BuiltIn","mode":"Indexed","description":"Audit transparent data encryption status for SQL databases","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers/databases"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"enabled"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"17k78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"[Preview]: + or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"enabled"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"17k78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"[Preview]: Deploy Dependency Agent for Windows VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined - and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentWindows"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentWindows","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''), + and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentWindows"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentWindows","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''), ''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04","type":"Microsoft.Authorization/policyDefinitions","name":"1c210e94-a481-4beb-95fa-1571b434fb04"},{"properties":{"displayName":"Audit use of classic virtual machines","policyType":"BuiltIn","mode":"All","description":"Use @@ -2175,7 +1620,7 @@ interactions: Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the least number of characters that a password for a user account may contain.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"MinimumPasswordLength","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"MinimumPasswordLength"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"MinimumPasswordLength","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"MinimumPasswordLength"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","type":"Microsoft.Authorization/policyDefinitions","name":"23020aa6-1135-4be2-bae2-149982b06eca"},{"properties":{"displayName":"[Preview]: Audit Windows VM maximum password age 70 days","policyType":"BuiltIn","mode":"Indexed","description":"This @@ -2216,13 +1661,17 @@ interactions: is disabled.","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","type":"Microsoft.Authorization/policyDefinitions","name":"2d67222d-05fd-4526-a171-2ee132ad9e83"},{"properties":{"displayName":"[Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the - agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","sles-byos"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","type":"Microsoft.Authorization/policyDefinitions","name":"32133ab0-ee4b-4b44-98d6-042180979d50"},{"properties":{"displayName":"[Preview]: + agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude_windows":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","type":"Microsoft.Authorization/policyDefinitions","name":"32133ab0-ee4b-4b44-98d6-042180979d50"},{"properties":{"displayName":"[Preview]: Deploy VM extension to audit Linux VM accounts with no passwords","policyType":"BuiltIn","mode":"Indexed","description":"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies there are no accounts without passwords.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordPolicy_msid232","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordPolicy_msid232"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordPolicy_msid232","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordPolicy_msid232"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","type":"Microsoft.Authorization/policyDefinitions","name":"3470477a-b35a-49db-aca5-1073d04524fe"},{"properties":{"displayName":"Audit unrestricted network access to storage accounts","policyType":"BuiltIn","mode":"Indexed","description":"Audit @@ -2244,7 +1693,7 @@ interactions: Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password can be used before the system requires the user to change - it.","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"MaximumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"MaximumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + it.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"MaximumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"MaximumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","type":"Microsoft.Authorization/policyDefinitions","name":"356a906e-05e5-4625-8729-90771e0ee934"},{"properties":{"displayName":"Audit enablement of encryption of Automation account variables","policyType":"BuiltIn","mode":"All","description":"It @@ -2260,7 +1709,31 @@ interactions: Resource Manager based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.classicStorage/storageAccounts"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","type":"Microsoft.Authorization/policyDefinitions","name":"37e0d2fe-28a5-43d6-a273-67d37d1f5606"},{"properties":{"displayName":"Deploy + or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.classicStorage/storageAccounts"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","type":"Microsoft.Authorization/policyDefinitions","name":"37e0d2fe-28a5-43d6-a273-67d37d1f5606"},{"properties":{"displayName":"[Preview]: + Deploy Dependency Agent for Windows VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy + Dependency Agent for Windows VM Scale Sets if the VM Image (OS) is in the + list defined and the agent is not installed. Note: if your scale set upgradePolicy + is set to Manual, you need to apply the extension to the all VMs in the set + by calling upgrade on them. In CLI this would be az vmss update-instances.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"DependencyAgentWindows"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentWindows","vmExtensionTypeHandlerVersion":"9.7"},"resources":[{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","name":"[concat(parameters(''vmName''), + ''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled + extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9","type":"Microsoft.Authorization/policyDefinitions","name":"3be22e3b-d919-47aa-805e-8985dbeb0ad9"},{"properties":{"displayName":"[Preview]: + Deploy Log Analytics Agent for Windows VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy + Log Analytics Agent for Windows VM Scale Sets if the VM Image (OS) is in the + list defined and the agent is not installed. Note: if your scale set upgradePolicy + is set to Manual, you need to apply the extension to the all VMs in the set + by calling upgrade on them. In CLI this would be az vmss update-instances.","metadata":{"category":"Monitoring"},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log + Analytics workspace","description":"Select Log Analytics workspace from dropdown + list. If this workspace is outside of the scope of the assignment you must + manually grant ''Log Analytics Contributor'' permissions (or similar) to the + policy assignment''s principal ID.","strongType":"omsWorkspace"}},"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293","/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"MicrosoftMonitoringAgent"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"MicrosoftMonitoringAgent","vmExtensionTypeHandlerVersion":"1.0"},"resources":[{"name":"[concat(parameters(''vmName''), + ''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachineScaleSets/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''), + ''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''), + ''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled + extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038","type":"Microsoft.Authorization/policyDefinitions","name":"3c1b3629-c8f8-4bf6-862c-037cb9094038"},{"properties":{"displayName":"Deploy default Log Analytics Agent for Ubuntu VMs","policyType":"BuiltIn","mode":"Indexed","description":"This policy deploys the Log Analytics Agent on Ubuntu VMs, and connects to the selected Log Analytics workspace","metadata":{"category":"Compute","deprecated":true},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log @@ -2308,7 +1781,9 @@ interactions: parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71","type":"Microsoft.Authorization/policyDefinitions","name":"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71"},{"properties":{"displayName":"[Preview]: Deploy Dependency Agent for Linux VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined - and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.2-LTS","14.04.3-LTS","14.04.4-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","sles-byos"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentLinux","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''), + and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentLinux","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''), ''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee","type":"Microsoft.Authorization/policyDefinitions","name":"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee"},{"properties":{"displayName":"[Preview]: Audit maximum number of owners for a subscription","policyType":"BuiltIn","mode":"All","description":"It @@ -2322,13 +1797,39 @@ interactions: Audit Windows VM passwords must be at least 14 characters","policyType":"BuiltIn","mode":"Indexed","description":"This security setting determines the least number of characters that a password for a user account may contain.","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","type":"Microsoft.Authorization/policyDefinitions","name":"5aebc8d1-020d-4037-89a0-02043a7524ec"},{"properties":{"displayName":"[Preview]: + Audit Log Analytics Agent Deployment in VMSS - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports + VMSS as non-compliant if the VM Image (OS) is not in the list defined and + the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude_windows":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","type":"Microsoft.Authorization/policyDefinitions","name":"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138"},{"properties":{"displayName":"[Preview]: Audit external accounts with write permissions on a subscription","policyType":"BuiltIn","mode":"All","description":"External accounts with write privileges should be removed from your subscription in order to prevent unmonitored access.","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","type":"Microsoft.Authorization/policyDefinitions","name":"5c607a2e-c700-4744-8254-d77e7c9eb5e4"},{"properties":{"displayName":"Allow + or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","type":"Microsoft.Authorization/policyDefinitions","name":"5c607a2e-c700-4744-8254-d77e7c9eb5e4"},{"properties":{"displayName":"[Preview]: + Audit application inside Windows VMs must be present","policyType":"BuiltIn","mode":"Indexed","description":"This + policy will audit instances of applications running inside Windows virtual + machines, to verify that the application exists.","metadata":{"category":"Guest + Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WhitelistedApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9","type":"Microsoft.Authorization/policyDefinitions","name":"5e393799-e3ca-4e43-a9a5-0ec4648a57d9"},{"properties":{"displayName":"Allow resource creation only in India data centers","policyType":"BuiltIn","description":"Allows resource creation in the following locations only: West India, South India, Central India","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["westindia","southindia","centralindia"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54","type":"Microsoft.Authorization/policyDefinitions","name":"5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54"},{"properties":{"displayName":"[Preview]: + Deploy Log Analytics Agent for Linux VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy + Log Analytics Agent for Linux VM Scale Sets if the VM Image (OS) is in the + list defined and the agent is not installed. Note: if your scale set upgradePolicy + is set to Manual, you need to apply the extension to the all VMs in the set + by calling upgrade on them. In CLI this would be az vmss update-instances.","metadata":{"category":"Monitoring"},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log + Analytics workspace","description":"Select Log Analytics workspace from dropdown + list. If this workspace is outside of the scope of the assignment you must + manually grant ''Log Analytics Contributor'' permissions (or similar) to the + policy assignment''s principal ID.","strongType":"omsWorkspace"}},"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293","/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"OmsAgentForLinux"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"OmsAgentForLinux","vmExtensionTypeHandlerVersion":"1.7"},"resources":[{"name":"[concat(parameters(''vmName''), + ''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachineScaleSets/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''), + ''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''), + ''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled + extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069","type":"Microsoft.Authorization/policyDefinitions","name":"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069"},{"properties":{"displayName":"[Preview]: Audit external accounts with read permissions on a subscription","policyType":"BuiltIn","mode":"All","description":"External accounts with read privileges should be removed from your subscription in order to prevent unmonitored access.","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable @@ -2366,7 +1867,7 @@ interactions: Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the number of unique new passwords that have to be associated with a user account before an old - password can be reused.","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"EnforcePasswordHistory","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"EnforcePasswordHistory"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + password can be reused.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"EnforcePasswordHistory","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"EnforcePasswordHistory"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","type":"Microsoft.Authorization/policyDefinitions","name":"726671ac-c4de-4908-8c7d-6043ae62e3b6"},{"properties":{"displayName":"Allowed storage account SKUs","policyType":"BuiltIn","description":"This policy enables @@ -2382,7 +1883,16 @@ interactions: vulnerabilities detected by Vulnerability Assessment solution and VMs without a Vulnerability Assessment solution in Azure Security Center as recommendations.","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"vulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","type":"Microsoft.Authorization/policyDefinitions","name":"760a85ff-6162-42b3-8d70-698e268f648c"},{"properties":{"displayName":"Audit + or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"vulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","type":"Microsoft.Authorization/policyDefinitions","name":"760a85ff-6162-42b3-8d70-698e268f648c"},{"properties":{"displayName":"[Preview]: + Deploy Dependency Agent for Linux VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy + Dependency Agent for Linux VM Scale Sets if the VM Image (OS) is in the list + defined and the agent is not installed. Note: if your scale set upgradePolicy + is set to Manual, you need to apply the extension to the all VMs in the set + by calling upgrade on them. In CLI this would be az vmss update-instances.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentLinux","vmExtensionTypeHandlerVersion":"9.7"},"resources":[{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","name":"[concat(parameters(''vmName''), + ''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled + extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0","type":"Microsoft.Authorization/policyDefinitions","name":"765266ab-e40e-4c61-bcb2-5a5275d0b7c0"},{"properties":{"displayName":"Audit enabling of diagnostics logs in Service Fabric and Virtual Machine Scale Sets","policyType":"BuiltIn","mode":"Indexed","description":"It is recommended to enable Logs so that activity trail can be recreated when investigations are required in the event of an incident or a compromise.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable @@ -2395,7 +1905,7 @@ interactions: Azure Managed Service Identity, and required content to check settings inside the virtual machine. If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordMustMeetComplexityRequirements","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordMustMeetComplexityRequirements"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordMustMeetComplexityRequirements","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordMustMeetComplexityRequirements"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","type":"Microsoft.Authorization/policyDefinitions","name":"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8"},{"properties":{"displayName":"Audit diagnostic setting","policyType":"BuiltIn","mode":"All","description":"Audit @@ -2409,7 +1919,7 @@ interactions: retention (days)","description":"The required diagnostic logs retention in days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","type":"Microsoft.Authorization/policyDefinitions","name":"83a214f7-d01a-484b-91a9-ed54470c9a6a"},{"properties":{"displayName":"Deploy SQL DB transparent data encryption","policyType":"BuiltIn","mode":"Indexed","description":"Enables - transparent data encryption on SQL databases","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers/databases"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"fullDbName":{"type":"string"}},"resources":[{"name":"[concat(parameters(''fullDbName''), + transparent data encryption on SQL databases","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"fullDbName":{"type":"string"}},"resources":[{"name":"[concat(parameters(''fullDbName''), ''/current'')]","type":"Microsoft.Sql/servers/databases/transparentDataEncryption","apiVersion":"2014-04-01","properties":{"status":"Enabled"}}]},"parameters":{"fullDbName":{"value":"[field(''fullName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f","type":"Microsoft.Authorization/policyDefinitions","name":"86a912f6-9a06-4e26-b447-11b16ba8659f"},{"properties":{"displayName":"[Preview]: Monitor missing system updates in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Missing security system updates on your servers will be monitored by Azure Security @@ -2426,7 +1936,7 @@ interactions: Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines whether the operating system stores passwords using reversible encryption.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"StorePasswordsUsingReversibleEncryption","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"StorePasswordsUsingReversibleEncryption"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"StorePasswordsUsingReversibleEncryption","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"StorePasswordsUsingReversibleEncryption"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","type":"Microsoft.Authorization/policyDefinitions","name":"8ff0b18b-262e-4512-857a-48ad0aeb9a78"},{"properties":{"displayName":"[Preview]: Audit accounts with write permissions who are not MFA enabled on a subscription","policyType":"BuiltIn","mode":"All","description":"Multi-Factor @@ -2518,7 +2028,7 @@ interactions: Azure Managed Service Identity, and required content to audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"AuditSecureProtocol","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AuditSecureProtocol"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"AuditSecureProtocol","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AuditSecureProtocol"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","type":"Microsoft.Authorization/policyDefinitions","name":"b2fc8f91-866d-4434-9089-5ebfe38d6fd8"},{"properties":{"displayName":"Audit enabling of diagnostic logs for Search service","policyType":"BuiltIn","mode":"Indexed","description":"Audit @@ -2577,6 +2087,13 @@ interactions: which do not satisfy the configured baseline will be monitored by Azure Security Center as recommendations","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines","Microsoft.OperationalInsights/workspaces"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"osVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","type":"Microsoft.Authorization/policyDefinitions","name":"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15"},{"properties":{"displayName":"[Preview]: + Audit Dependency Agent Deployment in VMSS - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports + VMSS as non-compliant if the VM Image (OS) is not in the list defined and + the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude_windows":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10","type":"Microsoft.Authorization/policyDefinitions","name":"e2dd799a-a932-4e9d-ac17-d473bc3c6c10"},{"properties":{"displayName":"[Preview]: Audit accounts with read permissions who are not MFA enabled on a subscription","policyType":"BuiltIn","mode":"All","description":"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with read privileges to prevent a breach of accounts or resources.","metadata":{"category":"Security @@ -2605,7 +2122,7 @@ interactions: Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies remote connections from accounts - with empty passwords is disabled.","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordPolicy_msid110","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordPolicy_msid110"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + with empty passwords is disabled.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordPolicy_msid110","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordPolicy_msid110"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","type":"Microsoft.Authorization/policyDefinitions","name":"ec49586f-4939-402d-a29e-6ff502b20592"},{"properties":{"displayName":"[Preview]: Deploy VM extension to audit Linux VM passwd file permissions","policyType":"BuiltIn","mode":"Indexed","description":"Include @@ -2614,7 +2131,7 @@ interactions: the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordPolicy_msid121","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordPolicy_msid121"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordPolicy_msid121","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordPolicy_msid121"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","type":"Microsoft.Authorization/policyDefinitions","name":"f19aa1c1-6b91-4c27-ae6a-970279f03db9"},{"properties":{"displayName":"[Preview]: Audit Log Analytics Workspace for VM - Report Mismatch","policyType":"BuiltIn","mode":"Indexed","description":"Reports @@ -2668,405 +2185,70 @@ interactions: Monitor SQL vulnerability assessment results in Azure Security Center","policyType":"BuiltIn","mode":"Indexed","description":"Monitor Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Sql/servers/databases","Microsoft.Sql/managedinstances/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"sqlVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","type":"Microsoft.Authorization/policyDefinitions","name":"feedbf84-6b99-488c-acc2-71c829aa5ffc"},{"properties":{"displayName":"storage_httpsTrafficOnly","policyType":"Custom","mode":"All","metadata":{"category":"Demo"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly","equals":"True"}}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/023217dd-81bb-461f-93ea-8799caac50c7","type":"Microsoft.Authorization/policyDefinitions","name":"023217dd-81bb-461f-93ea-8799caac50c7"},{"properties":{"displayName":"test_allowedlocation","policyType":"Custom","mode":"All","metadata":{},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources.","strongType":"location"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/05bf225f-806e-496d-802c-9d6bc548b0bc","type":"Microsoft.Authorization/policyDefinitions","name":"05bf225f-806e-496d-802c-9d6bc548b0bc"},{"properties":{"displayName":"akif - incident - 85944710","policyType":"Custom","mode":"All","description":"reproing - incident 85944710\nhttps://icm.ad.msft.net/imp/v3/incidents/details/85944710/home\n","metadata":{"category":"akhe"},"parameters":{"listOfAllowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources.","strongType":"location"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"anyOf":[{"field":"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName","notIn":"[parameters(''listOfAllowedLocations'')]"},{"field":"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName","notIn":"[parameters(''listOfAllowedLocations'')]"},{"field":"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName","notIn":"[parameters(''listOfAllowedLocations'')]"}]}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/0e0d567a-6089-46fc-b12c-ca5af12870bd","type":"Microsoft.Authorization/policyDefinitions","name":"0e0d567a-6089-46fc-b12c-ca5af12870bd"},{"properties":{"displayName":"akhe-incident-86226837-v2","policyType":"Custom","mode":"All","description":"second - attempt to repro this incident. ","metadata":{"category":"akhe"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Sql/servers/firewallRules","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/servers/firewallRules/startIpAddress","equals":"0.0.0.0"},{"field":"Microsoft.Sql/servers/firewallRules/endIpAddress","equals":"0.0.0.0"}]}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/0e0d567a-6089-46fc-b12c-ca5af1287abe","type":"Microsoft.Authorization/policyDefinitions","name":"0e0d567a-6089-46fc-b12c-ca5af1287abe"},{"properties":{"displayName":"testSandipsh - metric alert policy","policyType":"Custom","mode":"All","description":"test","metadata":{"category":"testSandipsh"},"parameters":{"resourceType":{"type":"String","metadata":{"displayName":"Resource - Type","description":"The target resource type."}},"alertNamePrefix":{"type":"String","metadata":{"displayName":"Alert - name prefix","description":"A prefix to be used for the metrics alert."}},"alertDescription":{"type":"String","metadata":{"displayName":"Alert - description.","description":"The description of alert."}},"alertSeverity":{"type":"String","metadata":{"displayName":"alertSeverity","description":"Severity - of alert {0,1,2,3,4}"},"allowedValues":["0","1","2","3","4"]},"isEnabled":{"type":"String","metadata":{"displayName":"isEnabled","description":"Specifies - whether the alert is enabled."},"allowedValues":["true","false"]},"metricName":{"type":"String","metadata":{"displayName":"Metric - name","description":"The metric name."}},"operator":{"type":"String","metadata":{"displayName":"Operator","description":"The - operator comparing the current value with the threshold value."}},"threshold":{"type":"String","metadata":{"displayName":"Threshold","description":"The - threshold value at which the alert is activated."}},"timeAggregation":{"type":"String","metadata":{"displayName":"TimeAggregation","description":"How - the data that is collected should be combined over time."}},"windowSize":{"type":"String","metadata":{"displayName":"Window - size","description":"Period of time used to monitor alert activity based on - the threshold. Must be between five minutes and one day. ISO 8601 duration - format."}},"evaluationFrequency":{"type":"String","metadata":{"displayName":"Evaluation - Frequency","description":"How often the metric alert is evaluated represented - in ISO 8601 duration format"}},"actionGroupId":{"type":"String","metadata":{"displayName":"ActionGroupId","description":"The - ID of the action group that is triggered when the alert is activated or deactivated"}}},"policyRule":{"if":{"field":"type","equals":"[parameters(''resourceType'')]"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Insights/metricAlerts","existenceCondition":{"field":"name","equals":"[concat(parameters(''alertNamePrefix''), - ''-'', resourcegroup().name, ''-'', field(''name''))]"},"existenceScope":"subscription","deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"alertNamePrefix":{"type":"string","minLength":1,"metadata":{"description":"A - prefix to be used for the metrics alert."}},"alertDescription":{"type":"string","defaultValue":"This - is a metric alert","metadata":{"description":"Description of alert"}},"alertSeverity":{"type":"string","defaultValue":"3","allowedValues":["0","1","2","3","4"],"metadata":{"description":"Severity - of alert {0,1,2,3,4}"}},"isEnabled":{"type":"string","defaultValue":"true","metadata":{"description":"Specifies - whether the alert is enabled"}},"metricName":{"type":"string","minLength":1,"metadata":{"description":"Name - of the metric used in the comparison to activate the alert."}},"operator":{"type":"string","defaultValue":"GreaterThan","allowedValues":["Equals","NotEquals","GreaterThan","GreaterThanOrEqual","LessThan","LessThanOrEqual"],"metadata":{"description":"Operator - comparing the current value with the threshold value."}},"threshold":{"type":"string","defaultValue":"0","metadata":{"description":"The - threshold value at which the alert is activated."}},"timeAggregation":{"type":"string","defaultValue":"Average","allowedValues":["Average","Minimum","Maximum","Total"],"metadata":{"description":"How - the data that is collected should be combined over time."}},"windowSize":{"type":"string","defaultValue":"PT5M","metadata":{"description":"Period - of time used to monitor alert activity based on the threshold. Must be between - five minutes and one day. ISO 8601 duration format."}},"evaluationFrequency":{"type":"string","defaultValue":"PT1M","metadata":{"description":"how - often the metric alert is evaluated represented in ISO 8601 duration format"}},"actionGroupId":{"type":"string","defaultValue":"","metadata":{"description":"The - ID of the action group that is triggered when the alert is activated or deactivated"}},"resourceType":{"type":"string","metadata":{"description":"The - resource type of target resource."}},"targetResourceName":{"type":"string","metadata":{"description":"The - target resource name."}}},"variables":{"targetResourceType":"[parameters(''resourceType'')]","resourceIdentifier":"[resourceId(variables(''targetResourceType''), - parameters(''targetResourceName''))]","alertName":"[concat(parameters(''alertNamePrefix''), - ''-'', resourcegroup().name, ''-'', parameters(''targetResourceName''))]"},"resources":[{"name":"[variables(''alertName'')]","type":"Microsoft.Insights/metricAlerts","location":"global","apiVersion":"2018-03-01","tags":{},"properties":{"description":"[parameters(''alertDescription'')]","severity":"[parameters(''alertSeverity'')]","enabled":"[parameters(''isEnabled'')]","scopes":["[variables(''resourceIdentifier'')]"],"evaluationFrequency":"[parameters(''evaluationFrequency'')]","windowSize":"[parameters(''windowSize'')]","criteria":{"odata.type":"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria","allOf":[{"name":"1st - criterion","metricName":"[parameters(''metricName'')]","dimensions":[],"operator":"[parameters(''operator'')]","threshold":"[parameters(''threshold'')]","timeAggregation":"[parameters(''timeAggregation'')]"}]},"actions":[{"actionGroupId":"[parameters(''actionGroupId'')]"}]}}]},"parameters":{"alertNamePrefix":{"value":"[parameters(''alertNamePrefix'')]"},"alertDescription":{"value":"[parameters(''alertDescription'')]"},"alertSeverity":{"value":"[parameters(''alertSeverity'')]"},"isEnabled":{"value":"[parameters(''isEnabled'')]"},"metricName":{"value":"[parameters(''metricName'')]"},"operator":{"value":"[parameters(''operator'')]"},"threshold":{"value":"[parameters(''threshold'')]"},"timeAggregation":{"value":"[parameters(''timeAggregation'')]"},"windowSize":{"value":"[parameters(''windowSize'')]"},"evaluationFrequency":{"value":"[parameters(''evaluationFrequency'')]"},"actionGroupId":{"value":"[parameters(''actionGroupId'')]"},"resourceType":{"value":"[parameters(''resourceType'')]"},"targetResourceName":{"value":"[field(''name'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/123c6354-fc96-4f54-984e-8d49d06a80a3","type":"Microsoft.Authorization/policyDefinitions","name":"123c6354-fc96-4f54-984e-8d49d06a80a3"},{"properties":{"displayName":"jilim-incident-86226837-fix","policyType":"Custom","mode":"all","description":"1 - - reproing the incident: https://icm.ad.msft.net/imp/v3/incidents/details/86226837/home","metadata":{"category":"akhe"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/firewallRules"},{"field":"Microsoft.Sql/servers/firewallRules/startIpAddress","equals":"0.0.0.0"},{"field":"Microsoft.Sql/servers/firewallRules/endIpAddress","equals":"0.0.0.0"}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/15358dd8-671e-4c96-be33-2b668791418f","type":"Microsoft.Authorization/policyDefinitions","name":"15358dd8-671e-4c96-be33-2b668791418f"},{"properties":{"displayName":"Attempt - service bus","policyType":"Custom","mode":"All","metadata":{"category":"camarvin"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Insights/logProfiles"},{"anyOf":[{"field":"Microsoft.Insights/logProfiles/serviceBusRuleId","exists":"false"}]}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/163c640e-681c-445f-92ba-cd434bd8c11c","type":"Microsoft.Authorization/policyDefinitions","name":"163c640e-681c-445f-92ba-cd434bd8c11c"},{"properties":{"displayName":"jilim - exists2","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"not":{"field":"tags.zyx","exists":"false"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/17d43473-870f-4bc8-93c6-3961fa1d91cc","type":"Microsoft.Authorization/policyDefinitions","name":"17d43473-870f-4bc8-93c6-3961fa1d91cc"},{"properties":{"displayName":"inherit - all tags","policyType":"Custom","mode":"All","metadata":{"category":"tags"},"parameters":{},"policyRule":{"if":{"field":"tags","exists":"false"},"then":{"effect":"append","details":[{"field":"tags","value":"[resourceGroup().tags]"}]}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/1e3c9312-c011-40a3-ac40-3bf3ddc24120","type":"Microsoft.Authorization/policyDefinitions","name":"1e3c9312-c011-40a3-ac40-3bf3ddc24120"},{"properties":{"displayName":"Allowed - resource group locations","policyType":"Custom","mode":"All","description":"Allowed - resource group locations","parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources.","strongType":"location"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/1f20036f-28c3-48f3-9266-05d50fe391f4","type":"Microsoft.Authorization/policyDefinitions","name":"1f20036f-28c3-48f3-9266-05d50fe391f4"},{"properties":{"displayName":"docdb_aliases_test","policyType":"Custom","mode":"All","metadata":{},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"field":"Microsoft.DocumentDB/databaseAccounts/isVirtualNetworkFilterEnabled","equals":"false"}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/1f5360b7-fe59-43f7-8af5-825df420d09c","type":"Microsoft.Authorization/policyDefinitions","name":"1f5360b7-fe59-43f7-8af5-825df420d09c"},{"properties":{"displayName":"Deploy - security rule with restricted source IPs","policyType":"Custom","mode":"All","description":"Ovewrites - security rules with IP restrictions at the securityRule level","metadata":{"category":"Port - Lockdown"},"parameters":{"destinationPortRanges":{"type":"Array","metadata":{"displayName":"Destination - port ranges","description":"Destination port ranges requiring IP restrictions. - Limit to one protocol. The most inclusive should come last. I.e. 22;22-22;22-23"}},"sourceAddressPrefixes":{"type":"Array","metadata":{"displayName":"IP - restriction prefixes","description":"The IP ranges incoming traffic will be - restricted to. I.e. 192.4.0.0/8;192.5.0.0/8"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkSecurityGroups/securityRules"},{"allOf":[{"anyOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange","in":"[parameters(''destinationPortRanges'')]"},{"not":{"field":"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]","notIn":"[parameters(''destinationPortRanges'')]"}}]},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/access","equals":"Allow"},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/direction","equals":"Inbound"},{"anyOf":[{"allOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]","exists":"true"},{"not":{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]","notLike":"*"}},{"not":{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]","notIn":["*","Internet"]}},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]","notEquals":"VirtualNetwork"}]},{"allOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix","exists":"true"},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix","notEquals":""},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix","in":["*","Internet"]},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix","notEquals":"VirtualNetwork"}]},{"allOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]","equals":""},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix","equals":""}]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Authorization/policyAssignments","name":"DoesNotExist101","deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"fullRuleName":{"type":"string"},"sourceAddressPrefixes":{"type":"array"},"destinationPortRanges":{"type":"array"},"priority":{"type":"int"}},"resources":[{"name":"[parameters(''fullRuleName'')]","type":"Microsoft.Network/networkSecurityGroups/securityRules","apiVersion":"2018-02-01","properties":{"protocol":"*","sourceAddressPrefixes":"[parameters(''sourceAddressPrefixes'')]","destinationAddressPrefix":"*","sourcePortRange":"*","destinationPortRange":"[last(parameters(''destinationPortRanges''))]","access":"Allow","direction":"Inbound","priority":"[parameters(''priority'')]"}}]},"parameters":{"fullRuleName":{"value":"[field(''fullName'')]"},"sourceAddressPrefixes":{"value":"[parameters(''sourceAddressPrefixes'')]"},"destinationPortRanges":{"value":"[parameters(''destinationPortRanges'')]"},"priority":{"value":"[field(''Microsoft.Network/networksecurityGroups/securityRules/priority'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111","type":"Microsoft.Authorization/policyDefinitions","name":"20c4afd0-8a77-4433-b8b0-4ad06e4c7111"},{"properties":{"displayName":"Deploy - NSGs on Subnets","policyType":"Custom","mode":"All","description":"Enforce - that all subnets have a Network Security Group. If a subnet does not have - one an NSG with the default Internet Exposed Endpoint restrictions will be - created and associated with it.","metadata":{"category":"Port Lockdown"},"parameters":{"nsgPrefix":{"type":"String","metadata":{"displayName":"NSG - name prefix","description":"The prefix string to apply to all automatically - created network security groups."}},"sourceAddressPrefixes":{"type":"Array","metadata":{"displayName":"IP - restriction prefixes","description":"The IP ranges incoming traffic will be - restricted to. I.e. 192.4.0.0/8;192.5.0.0/8"}},"destinationPortRanges":{"type":"Array","metadata":{"displayName":"Destination - port ranges","description":"Destination port ranges requiring IP restrictions. - Ranges must not overlap."}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},{"anyOf":[{"field":"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id","exists":"false"},{"field":"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id","equals":""}]}]},{"allOf":[{"field":"type","equals":"Microsoft.Network/virtualNetworks"},{"anyOf":[{"field":"Microsoft.Network/virtualNetworks/subnets[*].networkSecurityGroup.id","exists":"false"},{"not":{"field":"Microsoft.Network/virtualNetworks/subnets[*].networkSecurityGroup.id","notEquals":"null"}}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Authorization/policyAssignments","name":"DoesNotExist101","deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"fullResourceName":{"type":"string"},"resourceName":{"type":"string"},"location":{"type":"string"},"nsgPrefix":{"type":"string"},"sourceAddressPrefixes":{"type":"array"},"destinationPortRanges":{"type":"array"}},"variables":{"nsgName":"[concat(parameters(''nsgPrefix''), - ''-'', parameters(''location''))]","vnetName":"[split(parameters(''fullResourceName''), - ''/'')[0]]","vnetResourceId":"[resourceId(''Microsoft.Network/virtualNetworks'', - variables(''vnetName''))]","getVnetDeploymentName":"[concat(''getVnet-'', - variables(''vnetName''))]","collectSubnetsDeploymentName":"[concat(''collectSubnets-'', - variables(''vnetName''))]","overwriteVnetDeploymentName":"[concat(''overwriteVnet-'', - variables(''vnetName''))]"},"resources":[{"apiVersion":"2018-02-01","type":"Microsoft.Resources/deployments","name":"[variables(''getVnetDeploymentName'')]","properties":{"mode":"Incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","resources":[],"outputs":{"vnetProperties":{"type":"object","value":"[reference(variables(''vnetResourceId''), - ''2018-03-01'', ''Full'')]"}}}}},{"name":"[variables(''nsgName'')]","type":"Microsoft.Network/networkSecurityGroups","apiVersion":"2018-03-01","location":"[parameters(''location'')]","properties":{"securityRules":[{"name":"PortLockdown_ControlledPorts_Restrict","properties":{"description":"Allow - controlled port connections from specific IP ranges (either corpnet or SAW)","protocol":"*","sourcePortRange":"*","destinationPortRange":"","destinationPortRanges":"[parameters(''destinationPortRanges'')]","sourceAddressPrefix":"","sourceAddressPrefixes":"[parameters(''sourceAddressPrefixes'')]","destinationAddressPrefix":"*","access":"Allow","priority":3997,"direction":"Inbound"}},{"name":"PortLockdown_ControlledPorts_AllowVnet","properties":{"description":"Allow - controlled port connections from within the VNET","protocol":"*","sourcePortRange":"*","destinationPortRange":"","destinationPortRanges":"[parameters(''destinationPortRanges'')]","sourceAddressPrefix":"VirtualNetwork","destinationAddressPrefix":"*","access":"Allow","priority":3998,"direction":"Inbound"}},{"name":"PortLockdown_ControlledPorts_Deny","properties":{"description":"Deny - any controlled port connections that aren''t explicitly allowed in higher - priority rules","protocol":"*","sourcePortRange":"*","destinationPortRange":"","destinationPortRanges":"[parameters(''destinationPortRanges'')]","sourceAddressPrefix":"*","destinationAddressPrefix":"*","access":"Deny","priority":3999,"direction":"Inbound"}},{"name":"PortLockdown_AllowAll","properties":{"description":"Allow - all inbound traffic that isn''t explicitly blocked by Port Lockdown restrictions","protocol":"*","sourcePortRange":"*","destinationPortRange":"*","sourceAddressPrefix":"*","destinationAddressPrefix":"*","access":"Allow","priority":4000,"direction":"Inbound"}}]}},{"apiVersion":"2018-02-01","type":"Microsoft.Resources/deployments","name":"[variables(''collectSubnetsDeploymentName'')]","properties":{"mode":"Incremental","templateLink":{"uri":"https://portlockdown.blob.core.windows.net/portlockdown-templates/Subnet_OverwriteWithNsg_collectSubnets_template.json","contentVersion":"1.0.0.0"},"parameters":{"vnetProperties":{"value":"[reference(variables(''getVnetDeploymentName'')).outputs.vnetProperties.value]"},"nsgResourceId":{"value":"[resourceid(''Microsoft.Network/networkSecurityGroups'', - variables(''nsgName''))]"},"vnetName":{"value":"[variables(''vnetName'')]"}}}},{"dependsOn":["[variables(''nsgName'')]"],"apiVersion":"2018-02-01","type":"Microsoft.Resources/deployments","name":"[variables(''overwriteVnetDeploymentName'')]","properties":{"mode":"Incremental","templateLink":{"uri":"https://portlockdown.blob.core.windows.net/portlockdown-templates/Subnet_OverwriteWithNsg_overwriteVnet_template.json","contentVersion":"1.0.0.0"},"parameters":{"vnetProperties":{"value":"[reference(variables(''getVnetDeploymentName'')).outputs.vnetProperties.value]"},"location":{"value":"[parameters(''location'')]"},"updatedSubnets":{"value":"[reference(variables(''collectSubnetsDeploymentName'')).outputs.updatedSubnets.value]"},"vnetName":{"value":"[variables(''vnetName'')]"}}}}]},"parameters":{"fullResourceName":{"value":"[field(''fullName'')]"},"resourceName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"nsgPrefix":{"value":"[parameters(''nsgPrefix'')]"},"sourceAddressPrefixes":{"value":"[parameters(''sourceAddressPrefixes'')]"},"destinationPortRanges":{"value":"[parameters(''destinationPortRanges'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/210ed8bd-6b07-4d5e-a62c-c34f07293288","type":"Microsoft.Authorization/policyDefinitions","name":"210ed8bd-6b07-4d5e-a62c-c34f07293288"},{"properties":{"displayName":"Audit - existence of a tag2","policyType":"Custom","mode":"All","description":"Audits - that a required tag is present on resources","metadata":{},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag - Name","description":null}}},"policyRule":{"if":{"field":"tags","notcontainsKey":"[parameters(''tagName'')]"},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/24813039-7534-408a-9842-eb99f45721b1","type":"Microsoft.Authorization/policyDefinitions","name":"24813039-7534-408a-9842-eb99f45721b1"},{"properties":{"displayName":"camarvin - oms vm linux parameterized effect","policyType":"Custom","mode":"all","metadata":{},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log - Analytics workspace","description":"Select Log Analytics workspace from dropdown - list","strongType":"omsWorkspace"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Select - Log Analytics workspace from dropdown list","strongType":"omsWorkspace"},"allowedValues":["deployIfNotExists","disabled"],"defaultValue":"deployIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"OmsAgentForLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"resources":[{"name":"[concat(parameters(''vmName''),''/omsPolicy'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2017-12-01","properties":{"publisher":"Microsoft.EnterpriseCloud.Monitoring","type":"OmsAgentForLinux","typeHandlerVersion":"1.4","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''), - ''2015-03-20'').customerId]"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''), - ''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled - monitoring for Linux VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/263f13f4-6b88-4788-bead-34beedde70ce","type":"Microsoft.Authorization/policyDefinitions","name":"263f13f4-6b88-4788-bead-34beedde70ce"},{"properties":{"displayName":"akhe-incident-85944710-v2","policyType":"Custom","mode":"all","description":"2nd - attempt on this policy. ","metadata":{"category":"akhe"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources."}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"field":"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName","notIn":"[parameters(''allowedLocations'')]"}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/290b38e4-eff9-434b-b4d3-3ddd60841400","type":"Microsoft.Authorization/policyDefinitions","name":"290b38e4-eff9-434b-b4d3-3ddd60841400"},{"properties":{"displayName":"akhe-incident-85944710-combined","policyType":"Custom","mode":"all","description":"the - combined policy attempt for both cosmos db cases. ","metadata":{},"parameters":{"locationNames":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources."}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"anyOf":[{"allOf":[{"field":"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName","exists":"true"},{"not":{"field":"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName","In":"[parameters(''locationNames'')]"}}]},{"allOf":[{"field":"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName","exists":"true"},{"not":{"field":"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName","In":"[parameters(''locationNames'')]"}}]},{"allOf":[{"field":"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName","exists":"true"},{"not":{"field":"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName","In":"[parameters(''locationNames'')]"}}]},{"allOf":[{"field":"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName","exists":"true"},{"not":{"field":"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName","In":"[parameters(''locationNames'')]"}}]}]}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/290b38e4-eff9-434b-b4d3-3ddd6084180f","type":"Microsoft.Authorization/policyDefinitions","name":"290b38e4-eff9-434b-b4d3-3ddd6084180f"},{"properties":{"displayName":"storage - ip rules append 2","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"}]},"then":{"effect":"append","details":[{"field":"Microsoft.Storage/storageAccounts/networkAcls.ipRules","value":[{"value":"8.8.8.8","action":"Allow"}]}]}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/2b2317a7-ab02-47b5-8159-eb7e6227709f","type":"Microsoft.Authorization/policyDefinitions","name":"2b2317a7-ab02-47b5-8159-eb7e6227709f"},{"properties":{"displayName":"[demo] - Enforce KeyVault diagnostic log storage","policyType":"Custom","mode":"all","description":"Ensures - that AuditEvents are collected from all Key Vaults in the subscription and - stored in a specific storage account for 30 days.","metadata":{"category":"Key - Vault"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"},"roleDefinitionIds":["/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","variables":{"storageName":"[tolower(concat(''cheggkv'', - parameters(''location'')))]"},"resources":[{"type":"Microsoft.KeyVault/vaults/providers/diagnosticSettings","name":"[concat(parameters(''vaultName''),''/Microsoft.Insights/setbypolicy'')]","apiVersion":"2017-05-01-preview","location":"[parameters(''location'')]","properties":{"storageAccountId":"[resourceid(''cheggremdemo'', - ''Microsoft.Storage/storageAccounts'', variables(''storageName''))]","logs":[{"category":"AuditEvent","enabled":true,"retentionPolicy":{"enabled":true,"days":30}}]}}],"parameters":{"vaultName":{"type":"string"},"location":{"type":"string"}}},"parameters":{"vaultName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/332ce4ac-9200-4573-8c66-92b85fc82c8d","type":"Microsoft.Authorization/policyDefinitions","name":"332ce4ac-9200-4573-8c66-92b85fc82c8d"},{"properties":{"displayName":"audit_cosmosdb_enableAutomaticFailover","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"allof":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"field":"Microsoft.DocumentDB/databaseAccounts/enableAutomaticFailover","equals":"false"}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0a0","type":"Microsoft.Authorization/policyDefinitions","name":"37501145-d01b-4bc8-92d0-c795a19fd0a0"},{"properties":{"displayName":"audit_cosmosdb_defaultConsistencyLevel","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"allof":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"not":{"field":"Microsoft.DocumentDB/databaseAccounts/consistencyPolicy.defaultConsistencyLevel","equals":"lalala"}}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0b7","type":"Microsoft.Authorization/policyDefinitions","name":"37501145-d01b-4bc8-92d0-c795a19fd0b7"},{"properties":{"displayName":"audit_cosmosdb_readLocations","policyType":"Custom","mode":"All","metadata":{},"parameters":{},"policyRule":{"if":{"allof":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"not":{"allof":[{"field":"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName","equals":"lalala"}]}}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0bd","type":"Microsoft.Authorization/policyDefinitions","name":"37501145-d01b-4bc8-92d0-c795a19fd0bd"},{"properties":{"displayName":"audit_cosmosdb_writeLocations","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"allof":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"not":{"allof":[{"field":"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName","equals":"lalala"}]}}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0ce","type":"Microsoft.Authorization/policyDefinitions","name":"37501145-d01b-4bc8-92d0-c795a19fd0ce"},{"properties":{"displayName":"audit_cosmosdb_failoverPolicies","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"allof":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"not":{"allof":[{"field":"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName","equals":"lalala"}]}}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd160","type":"Microsoft.Authorization/policyDefinitions","name":"37501145-d01b-4bc8-92d0-c795a19fd160"},{"properties":{"displayName":"jilim - recovery services vaults test","policyType":"Custom","mode":"all","metadata":{"category":"Test"},"parameters":{"vault":{"type":"String","metadata":{"displayName":"Recovery - Services Vault","description":"The Recovery Services Vault.","strongType":"Microsoft.RecoveryServices/vaults"}},"vaults":{"type":"Array","metadata":{"displayName":"Recovery - Services Vaults","description":"The list of Recovery Services Vaults.","strongType":"Microsoft.RecoveryServices/vaults"}}},"policyRule":{"if":{"allOf":[{"field":"location","equals":"[parameters(''vault'')]"},{"field":"location","in":"[parameters(''vaults'')]"}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3b2c1b0f-63c5-4943-8578-6d37fbe411bb","type":"Microsoft.Authorization/policyDefinitions","name":"3b2c1b0f-63c5-4943-8578-6d37fbe411bb"},{"properties":{"displayName":"Name - should have prefix and suffix","policyType":"Custom","description":"Name should - have prefix and suffix","parameters":{"prefix":{"type":"String","metadata":{"displayName":"The - prefix","description":"The name prefix"},"allowedValues":[]},"suffix":{"type":"String","metadata":{"displayName":"The - suffix","description":"The name suffix."},"allowedValues":[]}},"policyRule":{"if":{"not":{"field":"name","like":"[concat(parameters(''prefix''), - ''*'', parameters(''suffix''))]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3e275e2e-a157-4ade-8f91-43b3ea370007","type":"Microsoft.Authorization/policyDefinitions","name":"3e275e2e-a157-4ade-8f91-43b3ea370007"},{"properties":{"displayName":"Restrict - VM skus","policyType":"Custom","mode":"All","description":"Restricts allowed - VM skus to a predefined regex","parameters":{"allowedSkuTemplate":{"type":"String","metadata":{"displayName":"Allowed - VM sku template","description":"The VM sku template. Supports wildcards via - ''*''"}}},"policyRule":{"if":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/sku.name","like":"[parameters(''allowedSkuTemplate'')]"},{"field":"type","equals":"Microsoft.Compute/virtualMachines"}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e34c8","type":"Microsoft.Authorization/policyDefinitions","name":"3e3807c1-65c9-49e0-a406-82d8ae3e34c8"},{"properties":{"displayName":"Audit - storage account SKU","policyType":"Custom","mode":"All","description":"Audits - the use of storage account SKUs that don''t meet organizational cost policy.","parameters":{"listOfAllowedSkus":{"type":"Array","metadata":{"displayName":"List - of allowed SKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/sku.name","in":"[parameters(''listOfAllowedSkus'')]"}}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e3682","type":"Microsoft.Authorization/policyDefinitions","name":"3e3807c1-65c9-49e0-a406-82d8ae3e3682"},{"properties":{"displayName":"RobgaDataFactoryTest1","policyType":"Custom","mode":"all","description":"RobgaDataFactoryTest","metadata":{},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataFactory/factories"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"field":"Microsoft.Insights/diagnosticSettings/workspaceId","equals":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/robgatestworkspace/providers/Microsoft.OperationalInsights/workspaces/robgatestworkspace"}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3ffb9f8c-fdaa-41b0-ad4b-b0f55e2860c9","type":"Microsoft.Authorization/policyDefinitions","name":"3ffb9f8c-fdaa-41b0-ad4b-b0f55e2860c9"},{"properties":{"displayName":"Enforce - autoUpgrade on VM/VMSS extensions","policyType":"Custom","mode":"All","description":"Denies - any VM or VMSS extensions that do not have autoUpgradeMinorVersion set to - true.","metadata":{},"parameters":{},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines/extensions"},{"field":"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion","notEquals":"true"}]},{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets/extensions"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion","notEquals":"true"}]}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f772","type":"Microsoft.Authorization/policyDefinitions","name":"41f9e24d-1586-455f-811a-92a2ca39f772"},{"properties":{"displayName":"Append - autoUpgrade to VM extensions","policyType":"Custom","mode":"All","description":"Automatically - enabled autoUpgradeMinorVersion on VM extensions","metadata":{},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines/extensions"},{"field":"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion","exists":"false"}]},"then":{"effect":"append","details":[{"field":"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion","value":"true"}]}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f783","type":"Microsoft.Authorization/policyDefinitions","name":"41f9e24d-1586-455f-811a-92a2ca39f783"},{"properties":{"displayName":"Append - autoUpgrade to VM scale set extensions","policyType":"Custom","mode":"All","description":"Automatically - appends autoUpgradeMinorVersion=true to VMSS extensions","metadata":{},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets/extensions"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion","exists":"false"}]},"then":{"effect":"append","details":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion","value":"true"}]}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f7a3","type":"Microsoft.Authorization/policyDefinitions","name":"41f9e24d-1586-455f-811a-92a2ca39f7a3"},{"properties":{"displayName":"MSIT - - AppService must use serverFarm","policyType":"Custom","mode":"All","metadata":{},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"anyOf":[{"field":"Microsoft.Web/sites/serverFarmId","exists":"false"},{"field":"Microsoft.Web/sites/serverFarmId","equals":""}]}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39fc12","type":"Microsoft.Authorization/policyDefinitions","name":"41f9e24d-1586-455f-811a-92a2ca39fc12"},{"properties":{"displayName":"MSIT - - AppService serverFarm must have capacity > 1","policyType":"Custom","mode":"All","metadata":{},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/serverFarms"},{"field":"Microsoft.Web/serverFarms/sku.capacity","in":["0","1"]}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39fc23","type":"Microsoft.Authorization/policyDefinitions","name":"41f9e24d-1586-455f-811a-92a2ca39fc23"},{"properties":{"displayName":"rohitbh: - Definition to be deleted.","policyType":"Custom","mode":"indexed","description":"This - policy will deploy a key vault named KV_B if a key vault named KV_A does not - exist.","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.KeyVault/vaults","existenceCondition":{"field":"name","equals":"KV_B"},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","resources":[{"apiVersion":"2016-10-01","name":"KV_A","type":"Microsoft.KeyVault/vaults","location":"eastus2","properties":{"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","sku":{"family":"A","name":"standard"},"accessPolicies":[]}}]}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/48ba81c1-0012-4796-8166-c2efb4304190","type":"Microsoft.Authorization/policyDefinitions","name":"48ba81c1-0012-4796-8166-c2efb4304190"},{"properties":{"displayName":"Do_Not_Delete","policyType":"Custom","mode":"All","description":"This - policy is used for unit tests. Please do not delete it.","parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources."}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4a0425e4-97bf-4ad0-ab36-145b94083c60","type":"Microsoft.Authorization/policyDefinitions","name":"4a0425e4-97bf-4ad0-ab36-145b94083c60"},{"properties":{"displayName":"ICM - 83686598","policyType":"Custom","mode":"All","description":"deny the creation - of storage if supportsHttpsTrafficOnly is false","metadata":{},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly","equals":"True"}}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4c03a3e3-e038-4a55-a6a6-abf8e7bb9175","type":"Microsoft.Authorization/policyDefinitions","name":"4c03a3e3-e038-4a55-a6a6-abf8e7bb9175"},{"properties":{"displayName":"detect - ''allow All'' NSG rule","policyType":"Custom","mode":"All","metadata":{},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkSecurityGroups/securityRules"},{"allOf":[{"anyOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange","equals":"*"},{"not":{"field":"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]","notEquals":"*"}}]},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/access","equals":"Allow"},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/direction","equals":"Inbound"},{"anyOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix","in":["*","Internet"]},{"not":{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]","notIn":["*","Internet"]}}]}]}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4c915617-16f0-4c62-b021-e66d5409d11d","type":"Microsoft.Authorization/policyDefinitions","name":"4c915617-16f0-4c62-b021-e66d5409d11d"},{"properties":{"displayName":"rohitbh: - Deploy Auditing on SQL servers without role definitions","policyType":"Custom","mode":"indexed","description":"This - policy ensures that Auditing is enabled on SQL Servers for enhanced security - and compliance. It will automatically create a storage account in the same - region as the SQL server to store audit records.","metadata":{"category":"rohitbh"},"parameters":{"retentionDays":{"type":"String","metadata":{"displayName":"Retention - days (optional, 180 days if unspecified)","description":"The value in days - of the retention period (0 indicates unlimited retention)"},"defaultValue":"180"},"storageAccountsResourceGroup":{"type":"String","metadata":{"displayName":"Resource - group name for storage accounts","description":"Auditing writes database events - to an audit log in your Azure Storage account (a storage account will be created - in each region where a SQL Server is created that will be shared by all servers - in that region). Important - for proper operation of Auditing do not delete - or rename the resource group or the storage accounts.","strongType":"existingResourceGroups"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"Default","existenceCondition":{"field":"Microsoft.Sql/auditingSettings.state","equals":"Enabled"},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"serverName":{"type":"string"},"auditRetentionDays":{"type":"string"},"storageAccountsResourceGroup":{"type":"string"},"location":{"type":"string"}},"variables":{"retentionDays":"[int(parameters(''auditRetentionDays''))]","subscriptionId":"[subscription().subscriptionId]","uniqueStorage":"[uniqueString(variables(''subscriptionId''), - parameters(''location''), parameters(''storageAccountsResourceGroup''))]","locationCode":"[substring(parameters(''location''), - 0, 3)]","storageName":"[tolower(concat(''sqlaudit'', variables(''locationCode''), - variables(''uniqueStorage'')))]","createStorageAccountDeploymentName":"[concat(''sqlServerAuditingStorageAccount-'', - uniqueString(variables(''locationCode''), parameters(''serverName'')))]"},"resources":[{"apiVersion":"2017-05-10","name":"[variables(''createStorageAccountDeploymentName'')]","type":"Microsoft.Resources/deployments","resourceGroup":"[parameters(''storageAccountsResourceGroup'')]","properties":{"mode":"Incremental","parameters":{"location":{"value":"[parameters(''location'')]"},"storageName":{"value":"[variables(''storageName'')]"}},"templateLink":{"uri":"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json","contentVersion":"1.0.0.0"}}},{"name":"[concat(parameters(''serverName''), - ''/Default'')]","type":"Microsoft.Sql/servers/auditingSettings","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","storageEndpoint":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountEndPoint.value]","storageAccountAccessKey":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountKey.value]","retentionDays":"[variables(''retentionDays'')]","auditActionsAndGroups":null,"storageAccountSubscriptionId":"[subscription().subscriptionId]","isStorageSecondaryKeyInUse":false}}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"auditRetentionDays":{"value":"[parameters(''retentionDays'')]"},"storageAccountsResourceGroup":{"value":"[parameters(''storageAccountsResourceGroup'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf332195","type":"Microsoft.Authorization/policyDefinitions","name":"4cf9b9fd-45d3-4126-8ba7-cc9adf332195"},{"properties":{"displayName":"rohitbh: - Deploy Auditing on SQL servers with role definitions","policyType":"Custom","mode":"indexed","description":"This - policy ensures that Auditing is enabled on SQL Servers for enhanced security - and compliance. It will automatically create a storage account in the same - region as the SQL server to store audit records.","metadata":{"category":"Test"},"parameters":{"retentionDays":{"type":"String","metadata":{"displayName":"Retention - days (optional, 180 days if unspecified)","description":"The value in days - of the retention period (0 indicates unlimited retention)"},"defaultValue":"180"},"storageAccountsResourceGroup":{"type":"String","metadata":{"displayName":"Resource - group name for storage accounts","description":"Auditing writes database events - to an audit log in your Azure Storage account (a storage account will be created - in each region where a SQL Server is created that will be shared by all servers - in that region). Important - for proper operation of Auditing do not delete - or rename the resource group or the storage accounts.","strongType":"existingResourceGroups"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"Default","existenceCondition":{"field":"Microsoft.Sql/auditingSettings.state","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3","/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"serverName":{"type":"string"},"auditRetentionDays":{"type":"string"},"storageAccountsResourceGroup":{"type":"string"},"location":{"type":"string"}},"variables":{"retentionDays":"[int(parameters(''auditRetentionDays''))]","subscriptionId":"[subscription().subscriptionId]","uniqueStorage":"[uniqueString(variables(''subscriptionId''), - parameters(''location''), parameters(''storageAccountsResourceGroup''))]","locationCode":"[substring(parameters(''location''), - 0, 3)]","storageName":"[tolower(concat(''sqlaudit'', variables(''locationCode''), - variables(''uniqueStorage'')))]","createStorageAccountDeploymentName":"[concat(''sqlServerAuditingStorageAccount-'', - uniqueString(variables(''locationCode''), parameters(''serverName'')))]"},"resources":[{"apiVersion":"2017-05-10","name":"[variables(''createStorageAccountDeploymentName'')]","type":"Microsoft.Resources/deployments","resourceGroup":"[parameters(''storageAccountsResourceGroup'')]","properties":{"mode":"Incremental","parameters":{"location":{"value":"[parameters(''location'')]"},"storageName":{"value":"[variables(''storageName'')]"}},"templateLink":{"uri":"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json","contentVersion":"1.0.0.0"}}},{"name":"[concat(parameters(''serverName''), - ''/Default'')]","type":"Microsoft.Sql/servers/auditingSettings","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","storageEndpoint":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountEndPoint.value]","storageAccountAccessKey":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountKey.value]","retentionDays":"[variables(''retentionDays'')]","auditActionsAndGroups":null,"storageAccountSubscriptionId":"[subscription().subscriptionId]","isStorageSecondaryKeyInUse":false}}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"auditRetentionDays":{"value":"[parameters(''retentionDays'')]"},"storageAccountsResourceGroup":{"value":"[parameters(''storageAccountsResourceGroup'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf332199","type":"Microsoft.Authorization/policyDefinitions","name":"4cf9b9fd-45d3-4126-8ba7-cc9adf332199"},{"properties":{"displayName":"rohitbh: - Audit VMs that do not use managed disks without role definitions","policyType":"Custom","mode":"all","description":"This - policy audits VMs that do not use managed disks","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/virtualMachines/osDisk.uri","exists":"True"}]},{"allOf":[{"field":"type","equals":"Microsoft.Compute/VirtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers","exists":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl","exists":"True"}]}]}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf33219f","type":"Microsoft.Authorization/policyDefinitions","name":"4cf9b9fd-45d3-4126-8ba7-cc9adf33219f"},{"properties":{"displayName":"rohitbh: - Audit VMs that do not use managed disks with role definitions","policyType":"Custom","mode":"all","description":"This - policy audits VMs that do not use managed disks","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/virtualMachines/osDisk.uri","exists":"True"}]},{"allOf":[{"field":"type","equals":"Microsoft.Compute/VirtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers","exists":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl","exists":"True"}]}]}]},"then":{"effect":"audit","details":{"type":"Microsoft.Sql/servers/auditingSettings","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3"]}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf3321a3","type":"Microsoft.Authorization/policyDefinitions","name":"4cf9b9fd-45d3-4126-8ba7-cc9adf3321a3"},{"properties":{"displayName":"Ensure - auto-created NSG rules exist","policyType":"Custom","mode":"All","description":"Ensures - that security rules created in auto-created PortLockdown NSGs are not tampered - with","metadata":{"category":"Port Lockdown"},"parameters":{"nsgPrefix":{"type":"String","metadata":{"displayName":"NSG - name prefix","description":"The prefix string applied to automatically created - network security groups."}},"sourceAddressPrefixes":{"type":"Array","metadata":{"displayName":"Expected - IP restriction prefixes","description":"The IP ranges incoming traffic will - be restricted to in the expected security rule. I.e. 192.4.0.0/8;192.5.0.0/8 - or *"}},"destinationPortRanges":{"type":"Array","metadata":{"displayName":"Expected - destination port ranges","description":"Destination port ranges requiring - IP restrictions in the expected security rule"}},"priority":{"type":"String","metadata":{"displayName":"Expected - priority","description":"The priority of the expected security rule."}},"access":{"type":"String","metadata":{"displayName":"Expected - access","description":"The access (allow/deny) of the expected security rule."},"allowedValues":["Allow","Deny"]},"name":{"type":"String","metadata":{"displayName":"Expected - name","description":"The name of the expected security rule."}}},"policyRule":{"if":{"allOf":[{"field":"name","equals":"[concat(parameters(''nsgPrefix''), - ''-'', field(''location''))]"},{"field":"type","equals":"Microsoft.Network/networkSecurityGroups"}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Network/networkSecurityGroups/securityRules","existenceCondition":{"allOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/priority","equals":"[parameters(''priority'')]"},{"anyOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]","in":"[parameters(''sourceAddressPrefixes'')]"},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix","in":"[parameters(''sourceAddressPrefixes'')]"}]},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]","in":"[parameters(''destinationPortRanges'')]"},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/access","equals":"[parameters(''access'')]"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"sourceAddressPrefixes":{"type":"array"},"destinationPortRanges":{"type":"array"},"name":{"type":"string"},"priority":{"type":"string"},"access":{"type":"string"},"nsgName":{"type":"string"}},"variables":{"isSinglePrefix":"[equals(count(parameters(''sourceAddressPrefixes'')), - 1)]","isSinglePortRange":"[equals(count(parameters(''destinationPortRanges'')), - 1)]"},"resources":[{"name":"[concat(parameters(''nsgName''), ''/'', parameters(''name''))]","type":"Microsoft.Network/networkSecurityGroups/securityRules","apiVersion":"2018-03-01","properties":{"description":"Rule - auto-created by Internet Exposed Endpoints protection","protocol":"*","sourcePortRange":"*","destinationPortRange":"[if(variables(''isSinglePortRange''), - first(parameters(''destinationPortRanges'')), '''')]","destinationPortRanges":"[if(not(variables(''isSinglePortRange'')), - parameters(''destinationPortRanges''), json(''[]''))]","sourceAddressPrefix":"[if(variables(''isSinglePrefix''), - first(parameters(''sourceAddressPrefixes'')), '''')]","sourceAddressPrefixes":"[if(not(variables(''isSinglePrefix'')), - parameters(''sourceAddressPrefixes''), json(''[]''))]","destinationAddressPrefix":"*","access":"[parameters(''access'')]","priority":"[int(parameters(''priority''))]","direction":"Inbound"}}]},"parameters":{"sourceAddressPrefixes":{"value":"[parameters(''sourceAddressPrefixes'')]"},"destinationPortRanges":{"value":"[parameters(''destinationPortRanges'')]"},"name":{"value":"[parameters(''name'')]"},"priority":{"value":"[parameters(''priority'')]"},"access":{"value":"[parameters(''access'')]"},"nsgName":{"value":"[field(''name'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115","type":"Microsoft.Authorization/policyDefinitions","name":"4f283ec4-25a9-46df-bbf2-806ed5a3e115"},{"properties":{"displayName":"rohitbh: - Deploy key vault KV_B if key vault KV_A does not exist.","policyType":"Custom","mode":"indexed","description":"This - policy will deploy a key vault named KV_B if a key vault named KV_A does not - exist.","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.KeyVault/vaults","existenceCondition":{"field":"name","equals":"KV_B"},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","resources":[{"apiVersion":"2016-10-01","name":"KV_A","type":"Microsoft.KeyVault/vaults","location":"eastus2","properties":{"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","sku":{"family":"A","name":"standard"},"accessPolicies":[]}}]}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/50e2972e-143c-4edf-9ef6-bee0f84212d6","type":"Microsoft.Authorization/policyDefinitions","name":"50e2972e-143c-4edf-9ef6-bee0f84212d6"},{"properties":{"displayName":"GokmenhAuditLocation","policyType":"Custom","mode":"all","description":"Audit - if not west us","metadata":{},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["eastus"]}},"then":{"effect":"Audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5948d091-78b7-4d3b-a404-cc6a0329b0c6","type":"Microsoft.Authorization/policyDefinitions","name":"5948d091-78b7-4d3b-a404-cc6a0329b0c6"},{"properties":{"displayName":"deployifnotexist - template alias tests - redis","policyType":"Custom","mode":"all","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Cache/Redis"},{"field":"Microsoft.Cache/Redis/sku.family","equals":"C"}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Resources/links","existenceCondition":{"field":"name","like":"Whatever*"},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"skuFamily":{"type":"string"},"enableNonSslPort":{"type":"string"},"nameField":{"type":"string"}},"resources":[],"outputs":{"skuFamilyOut":{"value":"[parameters(''skuFamily'')]","type":"string"},"enableNonSslPortOut":{"value":"[parameters(''enableNonSslPort'')]","type":"string"},"nameFieldOut":{"value":"[parameters(''nameField'')]","type":"string"}}},"parameters":{"skuFamily":{"value":"[field(''Microsoft.Cache/Redis/sku.family'')]"},"enableNonSslPort":{"value":"[field(''Microsoft.Cache/Redis/enableNonSslPort'')]"},"nameField":{"value":"[field(''name'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5a8a68e8-ae1c-420a-9639-a94ebeb3c0c8","type":"Microsoft.Authorization/policyDefinitions","name":"5a8a68e8-ae1c-420a-9639-a94ebeb3c0c8"},{"properties":{"displayName":"akhe-incident-86226837","policyType":"Custom","mode":"All","description":"reproing - the incident: https://icm.ad.msft.net/imp/v3/incidents/details/86226837/home","metadata":{"category":"akhe"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers"},{"field":"Microsoft.Sql/servers/firewallRules/startIpAddress","exists":"false"},{"field":"Microsoft.Sql/servers/firewallRules/endIpAddress","exists":" - false"}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca376","type":"Microsoft.Authorization/policyDefinitions","name":"5b02be71-b0a4-4942-a376-9dc88d9ca376"},{"properties":{"displayName":"akhe-incident-86318519","policyType":"Custom","mode":"all","description":"reproing - incident 86318519","metadata":{"category":"akhe"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/firewallrules"},{"field":"name","equals":"AllowAllWindowsAzureIps"}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca600","type":"Microsoft.Authorization/policyDefinitions","name":"5b02be71-b0a4-4942-a376-9dc88d9ca600"},{"properties":{"displayName":"akhe-incident-86230190","policyType":"Custom","mode":"All","description":"reproing - incident 86230190, https://icm.ad.msft.net/imp/v3/incidents/details/86230190/home\n\nAudits - if a resource doesn''t have a lock","metadata":{"category":"akhe"},"parameters":{},"policyRule":{"if":{"field":"type","exists":"true"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Authorization/locks","existenceCondition":{"field":"Microsoft.Authorization/locks/level","notIn":["ReadOnly","CanNotDelete"]}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca8d6","type":"Microsoft.Authorization/policyDefinitions","name":"5b02be71-b0a4-4942-a376-9dc88d9ca8d6"},{"properties":{"displayName":"Test - storage alias","policyType":"Custom","mode":"all","description":"Test storage - alias","metadata":{"category":"camarvin"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Storage/storageAccounts"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Authorization/policyAssignments","name":"DoesNotExist101","deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"httpsOnly":{"type":"string"},"encrypt":{"type":"string"},"accessTier":{"type":"string"},"skuName":{"type":"string"}},"resources":[],"outputs":{"skuNameOut":{"type":"string","value":"[parameters(''skuName'')]"},"accessTierOut":{"type":"string","value":"[parameters(''accessTier'')]"},"httpsOnlyOut":{"type":"String","value":"[parameters(''httpsOnly'')]"},"encryptOut":{"type":"String","value":"[parameters(''encrypt'')]"}}},"parameters":{"httpsOnly":{"value":"[field(''Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly'')]"},"encrypt":{"value":"[field(''Microsoft.Storage/storageAccounts/enableBlobEncryption'')]"},"accessTier":{"value":"[field(''Microsoft.Storage/storageAccounts/accessTier'')]"},"skuName":{"value":"[field(''Microsoft.Storage/storageAccounts/sku.name'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5fa69139-9a49-464e-90b5-0d243a469138","type":"Microsoft.Authorization/policyDefinitions","name":"5fa69139-9a49-464e-90b5-0d243a469138"},{"properties":{"displayName":"testSandipsh - metric alert policy1","policyType":"Custom","mode":"All","metadata":{"category":"testSandipsh"},"parameters":{"resourceType":{"type":"String","metadata":{"displayName":"Resource - Type","description":"The target resource type."}},"alertNamePrefix":{"type":"String","metadata":{"displayName":"Alert - name prefix","description":"A prefix to be used for the metrics alert."}},"alertDescription":{"type":"String","metadata":{"displayName":"Alert - description.","description":null}},"alertSeverity":{"type":"String","metadata":{"displayName":"alertSeverity","description":"Severity - of alert {0,1,2,3,4}"},"allowedValues":["0","1","2","3","4"],"defaultValue":"3"},"isEnabled":{"type":"String","metadata":{"displayName":"isEnabled","description":"Specifies - whether the alert is enabled."},"allowedValues":["true","false"],"defaultValue":"true"},"metricName":{"type":"String","metadata":{"displayName":"Metric - name","description":"Metric name."}},"operator":{"type":"String","metadata":{"displayName":"Operator","description":"The - metric operator."}},"threshold":{"type":"String","metadata":{"displayName":"Threshold","description":"The - threshold."}},"timeAggregation":{"type":"String","metadata":{"displayName":"TimeAggregation","description":"The - timeAggregation."}},"windowSize":{"type":"String","metadata":{"displayName":"Window - size","description":"The window size."}},"evaluationFrequency":{"type":"String","metadata":{"displayName":"Evaluation - Frequency","description":"The evaluation frequency."}},"actionGroupId":{"type":"String","metadata":{"displayName":"ActionGroupId","description":"The - action group id."}}},"policyRule":{"if":{"field":"type","equals":"[parameters(''resourceType'')]"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Insights/metricAlerts","existenceCondition":{"field":"name","like":"[concat(parameters(''alertNamePrefix''), - ''*'')]"},"existenceScope":"subscription","deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"alertNamePrefix":{"type":"string","minLength":1,"metadata":{"description":"A - prefix to be used for the metrics alert."}},"alertDescription":{"type":"string","defaultValue":"This - is a metric alert","metadata":{"description":"Description of alert"}},"alertSeverity":{"type":"string","defaultValue":"3","allowedValues":["0","1","2","3","4"],"metadata":{"description":"Severity - of alert {0,1,2,3,4}"}},"isEnabled":{"type":"string","defaultValue":"true","metadata":{"description":"Specifies - whether the alert is enabled"}},"metricName":{"type":"string","minLength":1,"metadata":{"description":"Name - of the metric used in the comparison to activate the alert."}},"operator":{"type":"string","defaultValue":"GreaterThan","allowedValues":["Equals","NotEquals","GreaterThan","GreaterThanOrEqual","LessThan","LessThanOrEqual"],"metadata":{"description":"Operator - comparing the current value with the threshold value."}},"threshold":{"type":"string","defaultValue":"0","metadata":{"description":"The - threshold value at which the alert is activated."}},"timeAggregation":{"type":"string","defaultValue":"Average","allowedValues":["Average","Minimum","Maximum","Total"],"metadata":{"description":"How - the data that is collected should be combined over time."}},"windowSize":{"type":"string","defaultValue":"PT5M","metadata":{"description":"Period - of time used to monitor alert activity based on the threshold. Must be between - five minutes and one day. ISO 8601 duration format."}},"evaluationFrequency":{"type":"string","defaultValue":"PT1M","metadata":{"description":"how - often the metric alert is evaluated represented in ISO 8601 duration format"}},"actionGroupId":{"type":"string","defaultValue":"","metadata":{"description":"The - ID of the action group that is triggered when the alert is activated or deactivated"}},"resourceType":{"type":"string","metadata":{"description":"The - resource type of target resource."}},"targetResourceName":{"type":"string","metadata":{"description":"The - target resource name."}}},"variables":{"targetResourceType":"[parameters(''resourceType'')]","resourceIdentifier":"[resourceId(variables(''targetResourceType''), - parameters(''targetResourceName''))]","alertName":"[concat(toLower(parameters(''alertNamePrefix'')), - uniqueString(resourceGroup().id))]"},"resources":[{"name":"[variables(''alertName'')]","type":"Microsoft.Insights/metricAlerts","location":"global","apiVersion":"2018-03-01","tags":{},"properties":{"description":"[parameters(''alertDescription'')]","severity":"[parameters(''alertSeverity'')]","enabled":"[parameters(''isEnabled'')]","scopes":["[variables(''resourceIdentifier'')]"],"evaluationFrequency":"[parameters(''evaluationFrequency'')]","windowSize":"[parameters(''windowSize'')]","criteria":{"odata.type":"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria","allOf":[{"name":"1st - criterion","metricName":"[parameters(''metricName'')]","dimensions":[],"operator":"[parameters(''operator'')]","threshold":"[parameters(''threshold'')]","timeAggregation":"[parameters(''timeAggregation'')]"}]},"actions":[{"actionGroupId":"[parameters(''actionGroupId'')]"}]}}]},"parameters":{"alertNamePrefix":{"value":"[parameters(''alertNamePrefix'')]"},"alertDescription":{"value":"[parameters(''alertDescription'')]"},"alertSeverity":{"value":"[parameters(''alertSeverity'')]"},"isEnabled":{"value":"[parameters(''isEnabled'')]"},"metricName":{"value":"[parameters(''metricName'')]"},"operator":{"value":"[parameters(''operator'')]"},"threshold":{"value":"[parameters(''threshold'')]"},"timeAggregation":{"value":"[parameters(''timeAggregation'')]"},"windowSize":{"value":"[parameters(''windowSize'')]"},"evaluationFrequency":{"value":"[parameters(''evaluationFrequency'')]"},"actionGroupId":{"value":"[parameters(''actionGroupId'')]"},"resourceType":{"value":"[parameters(''resourceType'')]"},"targetResourceName":{"value":"[field(''name'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/6f2c6354-fc96-4f54-984e-8d49d06a80a3","type":"Microsoft.Authorization/policyDefinitions","name":"6f2c6354-fc96-4f54-984e-8d49d06a80a3"},{"properties":{"displayName":"testImageId","policyType":"Custom","mode":"All","metadata":{"category":"css"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.Compute/VirtualMachineScaleSets"]},{"not":{"field":"Microsoft.Compute/imageId","contains":"resourceGroups/testSandipsh"}}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/70dc1e8d-61c9-4089-8bf5-895b227c1298","type":"Microsoft.Authorization/policyDefinitions","name":"70dc1e8d-61c9-4089-8bf5-895b227c1298"},{"properties":{"displayName":"Policy - tracked resources SDK tests","policyType":"Custom","mode":"all","metadata":{"category":""},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkSecurityGroups"},{"field":"name","equals":"policyTrackedResources-sdk-tests"}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Network/networkSecurityGroups/securityRules","existenceCondition":{"field":"name","notIn":["policyTrackedResources-sdk-tests-rule1","policyTrackedResources-sdk-tests-rule2"]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"nsgName":{"type":"string"}},"resources":[{"apiVersion":"2018-08-01","type":"Microsoft.Network/networkSecurityGroups/securityRules","name":"[concat(parameters(''nsgName''), - ''/policyTrackedResources-sdk-tests-rule1'')]","properties":{"description":"Test - Rule","protocol":"Tcp","sourcePortRange":"*","destinationPortRange":"*","sourceAddressPrefix":"*","destinationAddressPrefix":"*","access":"Allow","priority":2000,"direction":"Outbound"}},{"apiVersion":"2018-08-01","type":"Microsoft.Network/networkSecurityGroups/securityRules","name":"[concat(parameters(''nsgName''), - ''/policyTrackedResources-sdk-tests-rule2'')]","properties":{"description":"Test - Rule","protocol":"Tcp","sourcePortRange":"*","destinationPortRange":"*","sourceAddressPrefix":"*","destinationAddressPrefix":"*","access":"Allow","priority":2001,"direction":"Outbound"}}]},"parameters":{"nsgName":{"value":"[field(''name'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/71289c53-22e7-4f31-a6dd-780b532380c2","type":"Microsoft.Authorization/policyDefinitions","name":"71289c53-22e7-4f31-a6dd-780b532380c2"},{"properties":{"displayName":"Deny - if blob is not encrypted","policyType":"Custom","mode":"All","parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"True"}}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/74d5cf40-7293-46a4-a285-7ea971e3719a","type":"Microsoft.Authorization/policyDefinitions","name":"74d5cf40-7293-46a4-a285-7ea971e3719a"},{"properties":{"displayName":"[cstack] - Location restriction","policyType":"Custom","mode":"All","description":"Policy - to force allocations to a set of given locations","metadata":{"category":"cstack"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources.","strongType":"location"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/763dcd1d-a4a9-46a8-8bd3-357c4533a335","type":"Microsoft.Authorization/policyDefinitions","name":"763dcd1d-a4a9-46a8-8bd3-357c4533a335"},{"properties":{"displayName":"ICM - 83577342 deny proxy resource location","policyType":"Custom","mode":"All","description":"https://icm.ad.msft.net/imp/v3/incidents/details/83577342/home","metadata":{},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"location","notEquals":"eastus"},{"field":"type","equals":"Microsoft.StreamAnalytics/streamingjobs/transformations"}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/77429b44-aac1-4417-a53e-6900c07e11ac","type":"Microsoft.Authorization/policyDefinitions","name":"77429b44-aac1-4417-a53e-6900c07e11ac"},{"properties":{"displayName":"akhe-incident-86230190-v2","policyType":"Custom","mode":"all","description":"reproing - incident 86230190, https://icm.ad.msft.net/imp/v3/incidents/details/86230190/home\n\nAudits - if a resource doesn''t have a lock v2","metadata":{"category":"akhe"},"parameters":{},"policyRule":{"if":{"not":{"field":"type","equals":"Microsoft.Authorization/locks"}},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Authorization/locks","existenceCondition":{"field":"Microsoft.Authorization/locks/level","in":["ReadOnly","CanNotDelete"]}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/83daa8ee-7c9a-470c-81a8-5a99ac09d134","type":"Microsoft.Authorization/policyDefinitions","name":"83daa8ee-7c9a-470c-81a8-5a99ac09d134"},{"properties":{"displayName":"Parameterized - effect (if location != eastus)","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The - policy effect."}}},"policyRule":{"if":{"not":{"field":"location","equals":"eastus"}},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2","type":"Microsoft.Authorization/policyDefinitions","name":"885f1dcb-a9c5-4c8c-8996-2702db44a2d2"},{"properties":{"displayName":"jilim - exists","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"not":{"field":"tags.xyz","exists":false}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/8959fd87-c1dd-4831-9034-a4f876bee1cc","type":"Microsoft.Authorization/policyDefinitions","name":"8959fd87-c1dd-4831-9034-a4f876bee1cc"},{"properties":{"displayName":"audit_cosmosdb_ipRangeFilter","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"allof":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"not":{"field":"Microsoft.DocumentDB/databaseAccounts/ipRangeFilter","equals":"lalala"}}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/9012b1cd-b045-46c6-a510-6137e06a009c","type":"Microsoft.Authorization/policyDefinitions","name":"9012b1cd-b045-46c6-a510-6137e06a009c"},{"properties":{"displayName":"chegg: - Remediation powershell test policy","policyType":"Custom","mode":"indexed","description":"This - policy is used in policyinsights powershell testing","metadata":{"category":""},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"location":{"type":"string"}},"resources":[],"outputs":{"location":{"type":"string","value":"[parameters(''location'')]"}}},"parameters":{"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/9934be7a-0e18-454d-a738-a1d9bcb0c202","type":"Microsoft.Authorization/policyDefinitions","name":"9934be7a-0e18-454d-a738-a1d9bcb0c202"},{"properties":{"displayName":"akhe - - Subscription Lvl test","policyType":"Custom","mode":"All","description":"Subscriptionlevel - auditIfNotExist policy","metadata":{"category":"akhe"},"parameters":{},"policyRule":{"if":{"source":"action","equals":"Microsoft.Resources/subscriptions/write"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Authorization/locks","existenceCondition":{"field":"name","equals":"testlock"}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a1b067c8-2970-4c0b-b0da-31ae7f33d1de","type":"Microsoft.Authorization/policyDefinitions","name":"a1b067c8-2970-4c0b-b0da-31ae7f33d1de"},{"properties":{"displayName":"[cstack] - Noop","policyType":"Custom","mode":"All","description":"Don''t do anything","metadata":{},"parameters":{},"policyRule":{"if":{"field":"type","in":["yabba","dabba","doo"]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a309ad64-0bae-48d9-a6b1-d99c0b4218b6","type":"Microsoft.Authorization/policyDefinitions","name":"a309ad64-0bae-48d9-a6b1-d99c0b4218b6"},{"properties":{"displayName":"HTTPS - For Web Apps","policyType":"Custom","mode":"all","description":"CSS","metadata":{"category":"WebApps"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"anyof":[{"not":{"field":"Microsoft.Web/sites/httpsOnly","exists":"true"}},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a337c781-c7d8-4e12-ae69-1951c7e74378","type":"Microsoft.Authorization/policyDefinitions","name":"a337c781-c7d8-4e12-ae69-1951c7e74378"},{"properties":{"displayName":"Ensure - https traffic only for storage account","policyType":"Custom","mode":"all","description":"Ensure - https traffic only for storage account","metadata":{},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly","equals":"true"}}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a5f66345-5fb9-4dfd-864a-e3464ee6c0c4","type":"Microsoft.Authorization/policyDefinitions","name":"a5f66345-5fb9-4dfd-864a-e3464ee6c0c4"},{"properties":{"displayName":"add - subscription name tag","policyType":"Custom","mode":"All","description":"add - subscription name tag","metadata":{"category":"camarvin"},"parameters":{},"policyRule":{"if":{"field":"tags.subscriptionname","exists":"false"},"then":{"effect":"append","details":[{"field":"tags.subscriptionname","value":"[subscription().displayName]"}]}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d82a2","type":"Microsoft.Authorization/policyDefinitions","name":"a752f8cb-6498-4e40-8431-b658ca4d82a2"},{"properties":{"displayName":"Add - subscription \"id\" tag","policyType":"Custom","mode":"All","metadata":{"category":"camarvin"},"parameters":{},"policyRule":{"if":{"field":"tags.id","exists":"false"},"then":{"effect":"append","details":[{"field":"tags.id","value":"[subscription().id]"}]}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d8339","type":"Microsoft.Authorization/policyDefinitions","name":"a752f8cb-6498-4e40-8431-b658ca4d8339"},{"properties":{"displayName":"add - subscriptionId tag","policyType":"Custom","mode":"All","metadata":{"category":"camarvin"},"parameters":{},"policyRule":{"if":{"field":"tags.subscriptionId","exists":"false"},"then":{"effect":"append","details":[{"field":"tags.subscriptionId","value":"[subscription().subscriptionId]"}]}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d8635","type":"Microsoft.Authorization/policyDefinitions","name":"a752f8cb-6498-4e40-8431-b658ca4d8635"},{"properties":{"displayName":"Allowed - Location Indexed","policyType":"Custom","mode":"Indexed","description":"hackathon - policy","parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources."}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/Allowed-Locations-Indexed","type":"Microsoft.Authorization/policyDefinitions","name":"Allowed-Locations-Indexed"},{"properties":{"displayName":"Audit - if antiMalware extension does not exist","policyType":"Custom","description":"This - policy audits if the anti malware extension .","policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Security"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"IaaSAntimalware"}]}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/antiMalwareExtensionExists","type":"Microsoft.Authorization/policyDefinitions","name":"antiMalwareExtensionExists"},{"properties":{"displayName":"Web - socket must be disabled on App Services","policyType":"Custom","description":"Ensures - web sockets are disabled on App Services.","policyRule":{"if":{"field":"location","equals":"foo"},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/AppServiceWebSockets","type":"Microsoft.Authorization/policyDefinitions","name":"AppServiceWebSockets"},{"properties":{"displayName":"Azure - Security Center must be enabled","policyType":"Custom","description":"Ensures - Azure Security Center is enabled.","policyRule":{"if":{"field":"location","equals":"foo"},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ASCEnabled","type":"Microsoft.Authorization/policyDefinitions","name":"ASCEnabled"},{"properties":{"displayName":"Audit - a tag and it''s value","policyType":"Custom","description":"Audits if a tag - and it''s value doesn''t exist for a given resource","parameters":{"tagName":{"type":"String","metadata":{"displayName":"The - name for the tag","description":"The name for the tag."},"allowedValues":[]},"tagValue":{"type":"String","metadata":{"displayName":"The - value for the tag","description":"The value for the tag"},"allowedValues":[]}},"policyRule":{"if":{"not":{"field":"[concat(''tags.'',parameters(''tagName''))]","equals":"[parameters(''tagValue'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/Audit - a tag and it''s value","type":"Microsoft.Authorization/policyDefinitions","name":"Audit - a tag and it''s value"},{"properties":{"displayName":"Audit a tag and it''s - value","policyType":"Custom","description":"Audits if a tag and it''s value - doesn''t exist for a given resource","parameters":{"tagName":{"type":"String","metadata":{"displayName":"The - name for the tag","description":"The name for the tag."},"allowedValues":[]},"tagValue":{"type":"String","metadata":{"displayName":"The - value for the tag","description":"The value for the tag"},"allowedValues":[]}},"policyRule":{"if":{"not":{"field":"[concat(''tags.'',parameters(''tagName''))]","equals":"[parameters(''tagValue'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/Audit - a tag and its value","type":"Microsoft.Authorization/policyDefinitions","name":"Audit - a tag and its value"},{"properties":{"displayName":"Audit if extension does - not exist","policyType":"Custom","mode":"All","description":"This policy audits - if a required extension doesn''t exist.","parameters":{"publisher":{"type":"String","metadata":{"description":"The - publisher of the extension","displayName":"Extension Publisher"}},"type":{"type":"String","metadata":{"description":"The - type of the extension","displayName":"Extension Type"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","in":["MicrosoftWindowsServer"]},{"field":"Microsoft.Compute/imageOffer","in":["WindowsServer"]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"[parameters(''publisher'')]"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"[parameters(''type'')]"}]}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/audit-vm-extension","type":"Microsoft.Authorization/policyDefinitions","name":"audit-vm-extension"},{"properties":{"displayName":"CanCrudPolicyAssignment - Policy Definition $[Auto Test]","policyType":"Custom","policyRule":{"if":{"source":"action","equals":"ResourceProviderTestHost/TestResourceType/TestResourceTypeNestedOne/write"},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azsmnet6487","type":"Microsoft.Authorization/policyDefinitions","name":"azsmnet6487"},{"properties":{"displayName":"makharchtest","policyType":"Custom","mode":"All","description":"policy","metadata":{"category":""},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources.","strongType":"location"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/b36f6195-0fc5-4a41-bbce-875248400f5f","type":"Microsoft.Authorization/policyDefinitions","name":"b36f6195-0fc5-4a41-bbce-875248400f5f"},{"properties":{"displayName":"NSG - Rules exists test","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"allof":[{"field":"type","equals":"Microsoft.Network/networkSecurityGroups"},{"not":{"field":"Microsoft.Network/networkSecurityGroups/securityRules[*].protocol","notLike":"*"}}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/bb6a78ae-8737-41e0-9c41-cc777c8c00a0","type":"Microsoft.Authorization/policyDefinitions","name":"bb6a78ae-8737-41e0-9c41-cc777c8c00a0"},{"properties":{"displayName":"Audit - allowed locations","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources.","strongType":"location"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c0f586f1-abe5-4801-8588-7332e49e60c9","type":"Microsoft.Authorization/policyDefinitions","name":"c0f586f1-abe5-4801-8588-7332e49e60c9"},{"properties":{"displayName":"akhe - resource group auditIfNotExists","policyType":"Custom","mode":"All","metadata":{"category":""},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Authorization/locks","existenceCondition":{"field":"name","equals":"testlock"}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c7b9982d-2f50-4730-935f-5c241982a441","type":"Microsoft.Authorization/policyDefinitions","name":"c7b9982d-2f50-4730-935f-5c241982a441"},{"properties":{"displayName":"jilim - allowed resource types","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{"allowedTypes":{"type":"Array","metadata":{"displayName":"Allowed - resource types","description":"The list of allowed resource types","strongType":"resourceTypes"}}},"policyRule":{"if":{"not":{"field":"type","in":"[parameters(''allowedTypes'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c872f951-1c5d-4c61-89dd-aee2350a11ba","type":"Microsoft.Authorization/policyDefinitions","name":"c872f951-1c5d-4c61-89dd-aee2350a11ba"},{"properties":{"displayName":"Audit - location","policyType":"Custom","mode":"All","parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources."}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474","type":"Microsoft.Authorization/policyDefinitions","name":"c8b79b49-a579-4045-984e-1b249ab8b474"},{"properties":{"displayName":"camarvin - empty string","policyType":"Custom","mode":"all","description":"Ensure resource - names meet the like condition for a pattern.","metadata":{},"parameters":{"namePattern":{"type":"String","metadata":{"displayName":"namePattern","description":"Pattern - to use for names. Can include wildcard (*)."},"allowedValues":["","one","two"],"defaultValue":""}},"policyRule":{"if":{"not":{"field":"name","equals":"[parameters(''namePattern'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/camarvin-test-empty-assign","type":"Microsoft.Authorization/policyDefinitions","name":"camarvin-test-empty-assign"},{"properties":{"displayName":"elpere - append ''test'' tag","policyType":"Custom","mode":"all","metadata":{},"parameters":{},"policyRule":{"if":{"field":"name","equals":"elpereKv"},"then":{"effect":"append","details":[{"field":"tags.test","value":"1"}]}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ced59ff0-9061-49dd-94de-093b33a640cf","type":"Microsoft.Authorization/policyDefinitions","name":"ced59ff0-9061-49dd-94de-093b33a640cf"},{"properties":{"displayName":"elpere - deny on ''test'' tag","policyType":"Custom","mode":"all","metadata":{},"parameters":{},"policyRule":{"if":{"field":"tags.test","equals":"1"},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ced59ff0-9061-49dd-94de-093b33a640d7","type":"Microsoft.Authorization/policyDefinitions","name":"ced59ff0-9061-49dd-94de-093b33a640d7"},{"properties":{"displayName":"Resource - name contains resource group name","policyType":"Custom","mode":"Indexed","description":"Require - resources to contain the resource group''s name","policyRule":{"if":{"field":"name","notContains":"[resourceGroup().name]"},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/contain-resource-group-name","type":"Microsoft.Authorization/policyDefinitions","name":"contain-resource-group-name"},{"properties":{"displayName":"akhe-incident-86226837-v3","policyType":"Custom","mode":"all","description":"third - attempt to repro this incident. ","metadata":{"category":"akhe"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Sql/servers/firewallRules"}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d03e03ca-6424-4e28-8842-5796dc0b5002","type":"Microsoft.Authorization/policyDefinitions","name":"d03e03ca-6424-4e28-8842-5796dc0b5002"},{"properties":{"displayName":"akhe-incident-86230190-deployIfNotExists","policyType":"Custom","mode":"all","description":"deploys - a delete lock for a resource ","metadata":{"category":"akhe"},"parameters":{},"policyRule":{"if":{"not":{"field":"type","equals":"Microsoft.Authorization/locks"}},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Authorization/locks","roleDefinitionIds":["/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635"],"existenceCondition":{"field":"Microsoft.Authorization/locks/level","in":["CanNotDelete"]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{},"variables":{},"resources":[{"type":"Microsoft.Authorization/locks","apiVersion":"2015-01-01","name":"DeleteLock","properties":{"level":"CanNotDelete","notes":"prevent - deletion"}}],"outputs":{}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d03e03ca-6424-4e28-8842-5796dc0b5632","type":"Microsoft.Authorization/policyDefinitions","name":"d03e03ca-6424-4e28-8842-5796dc0b5632"},{"properties":{"displayName":"Enforce - KeyVault diagnostic log storage (elpere)","policyType":"Custom","mode":"all","description":"Ensures - that AuditEvents are collected from all Key Vaults in the subscription and - stored in a specific storage account for 30 days.","metadata":{"category":"Key - Vault"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"},"roleDefinitionIds":["/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","variables":{"storageName":"elperetest"},"resources":[{"type":"Microsoft.KeyVault/vaults/providers/diagnosticSettings","name":"[concat(parameters(''vaultName''),''/Microsoft.Insights/setbypolicy'')]","apiVersion":"2017-05-01-preview","location":"[parameters(''location'')]","properties":{"storageAccountId":"[resourceid(''elpere'', - ''Microsoft.Storage/storageAccounts'', variables(''storageName''))]","logs":[{"category":"AuditEvent","enabled":true,"retentionPolicy":{"enabled":true,"days":30}}]}}],"parameters":{"vaultName":{"type":"string"},"location":{"type":"string"}}},"parameters":{"vaultName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d0d9349d-843c-443a-9f27-5ce84f08c37e","type":"Microsoft.Authorization/policyDefinitions","name":"d0d9349d-843c-443a-9f27-5ce84f08c37e"},{"properties":{"displayName":"elpere - deny test","policyType":"Custom","mode":"all","description":"","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"field":"name","equals":"elpereKv"},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d1c0e77c-53b4-4c4d-a1f5-c535a370b0c5","type":"Microsoft.Authorization/policyDefinitions","name":"d1c0e77c-53b4-4c4d-a1f5-c535a370b0c5"},{"properties":{"displayName":"Access - KV as part of remidiation deployment test (elpere)","policyType":"Custom","mode":"all","description":"","metadata":{"category":"Key - Vault"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"hello"},"deployment":{"properties":{"mode":"Incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json","contentVersion":"1.0.0.0","resources":[],"parameters":{"testSecret":{"type":"string"}},"outputs":{"testSecretOutput":{"type":"string","value":"[parameters(''testSecret'')]"}}},"parameters":{"testSecret":{"reference":{"keyVault":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.KeyVault/vaults/elpereKv"},"secretName":"test"}}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d35ce9be-f51b-4d3e-bc7f-dde2936381b0","type":"Microsoft.Authorization/policyDefinitions","name":"d35ce9be-f51b-4d3e-bc7f-dde2936381b0"},{"properties":{"displayName":"Deploy - security rule with restricted source IPs (NSG level)","policyType":"Custom","mode":"All","description":"Overwrites - security rules with IP restrictions at the NSG level","metadata":{"category":"Port - Lockdown"},"parameters":{"destinationPortRanges":{"type":"Array","metadata":{"displayName":"Destination - port ranges","description":"Destination port ranges requiring IP restrictions. - Ranges may overlap."}},"sourceAddressPrefixes":{"type":"Array","metadata":{"displayName":"IP - restriction prefixes","description":"The IP ranges incoming traffic will be - restricted to. I.e. 192.4.0.0/8;192.5.0.0/8"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkSecurityGroups"},{"anyOf":[{"not":{"field":"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange","notIn":"[parameters(''destinationPortRanges'')]"}},{"not":{"field":"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]","notIn":"[parameters(''destinationPortRanges'')]"}}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Network/networkSecurityGroups/securityRules","existenceCondition":{"allOf":[{"anyOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange","in":"[parameters(''destinationPortRanges'')]"},{"not":{"field":"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]","notIn":"[parameters(''destinationPortRanges'')]"}}]},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/access","equals":"Allow"},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/direction","equals":"Inbound"},{"anyOf":[{"allOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]","exists":"true"},{"not":{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]","notLike":"*"}},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]","notIn":["*","Internet"]}]},{"allOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix","exists":"true"},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix","notEquals":""},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix","notIn":["*","Internet"]}]}]}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"nsgName":{"type":"string"},"location":{"type":"string"},"destinationPortRanges":{"type":"array"},"sourceAddressPrefixes":{"type":"array"}},"variables":{"getNsgDeploymentName":"[concat(''getNSGContent-'', - parameters(''nsgName''))]","collectorDeploymentName":"[concat(''collectRules-'', - parameters(''nsgName''))]","overwriteNsgDeploymentName":"[concat(''overwriteNsg-'', - parameters(''nsgName''))]","nsgResourceId":"[resourceId(subscription().subscriptionId, - resourceGroup().name, ''Microsoft.Network/networkSecurityGroups'', parameters(''nsgName''))]"},"resources":[{"apiVersion":"2018-02-01","type":"Microsoft.Resources/deployments","name":"[variables(''getNsgDeploymentName'')]","properties":{"mode":"Incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","resources":[],"outputs":{"nsgProperties":{"type":"object","value":"[reference(variables(''nsgResourceId''), - ''2018-03-01'', ''Full'')]"}}}}},{"apiVersion":"2018-02-01","type":"Microsoft.Resources/deployments","name":"[variables(''collectorDeploymentName'')]","properties":{"mode":"Incremental","templateLink":{"uri":"https://portlockdown.blob.core.windows.net/portlockdown-templates/SecurityRule_NSGLevel_collectRules_template.json","contentVersion":"1.0.0.0"},"parameters":{"nsgProperties":{"value":"[reference(variables(''getNsgDeploymentName'')).outputs.nsgProperties.value]"},"nsgName":{"value":"[parameters(''nsgName'')]"},"location":{"value":"[parameters(''location'')]"},"portRangesToRestrict":{"value":"[parameters(''destinationPortRanges'')]"},"sourceAddressPrefixes":{"value":"[parameters(''sourceAddressPrefixes'')]"}}}},{"apiVersion":"2018-02-01","type":"Microsoft.Resources/deployments","name":"[variables(''overwriteNsgDeploymentName'')]","properties":{"mode":"Incremental","templateLink":{"uri":"https://portlockdown.blob.core.windows.net/portlockdown-templates/SecurityRule_NSGLevel_overwriteNSG_template.json","contentVersion":"1.0.0.0"},"parameters":{"originalNsgProperties":{"value":"[reference(variables(''getNsgDeploymentName'')).outputs.nsgProperties.value]"},"updatedSecurityRules":{"value":"[reference(variables(''collectorDeploymentName'')).outputs.updatedSecurityRules.value]"},"nsgName":{"value":"[parameters(''nsgName'')]"},"location":{"value":"[parameters(''location'')]"}}}}]},"parameters":{"nsgName":{"value":"[field(''name'')]"},"sourceAddressPrefixes":{"value":"[parameters(''sourceAddressPrefixes'')]"},"destinationPortRanges":{"value":"[parameters(''destinationPortRanges'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d7b13c30-e6aa-47e1-b50a-8e33f152d086","type":"Microsoft.Authorization/policyDefinitions","name":"d7b13c30-e6aa-47e1-b50a-8e33f152d086"},{"properties":{"displayName":"Audit - storage account SKUs","policyType":"Custom","mode":"All","metadata":{"category":"Demo - 323"},"parameters":{"listOfAllowedSKUs":{"type":"Array","metadata":{"displayName":"Audited - skus","description":"The list of skus.","strongType":"storageSkus"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/dbe1e663-7265-4cf4-96b5-7435b21e90ee","type":"Microsoft.Authorization/policyDefinitions","name":"dbe1e663-7265-4cf4-96b5-7435b21e90ee"},{"properties":{"displayName":"Audit - virtual machines SKUs","policyType":"Custom","mode":"All","metadata":{"category":"Demo - 323"},"parameters":{"listOfAllowedSKUs":{"type":"Array","metadata":{"displayName":"List - Of Allowed SKUs","description":"The list of allowed locations for resources.","strongType":"vmSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"field":"Microsoft.Compute/virtualMachines/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/dbe1e663-7265-4cf4-96b5-7435b21e9170","type":"Microsoft.Authorization/policyDefinitions","name":"dbe1e663-7265-4cf4-96b5-7435b21e9170"},{"properties":{"displayName":"[elpere] - deployIfNotExists Runners test","policyType":"Custom","mode":"all","metadata":{},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Network/networkSecurityGroups"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Network/networkSecurityGroups/securityRules","name":"deployIfNotExistsTestsRule","deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"nsgName":{"type":"string"}},"resources":[{"apiVersion":"2018-08-01","type":"Microsoft.Network/networkSecurityGroups/securityRules","name":"[concat(parameters(''nsgName''), - ''/deployIfNotExistsTestsRule'')]","properties":{"protocol":"Tcp","sourcePortRange":"*","destinationPortRange":"*","sourceAddressPrefix":"*","destinationAddressPrefix":"*","access":"Deny","priority":2000,"direction":"Outbound"}}]},"parameters":{"nsgName":{"value":"[field(''name'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/dbfa9fc0-5202-4001-8759-1aa2387f825b","type":"Microsoft.Authorization/policyDefinitions","name":"dbfa9fc0-5202-4001-8759-1aa2387f825b"},{"properties":{"displayName":"allowedOS","policyType":"Custom","mode":"All","metadata":{"category":"test_sandipsh"},"parameters":{"listOfAllowedWindows":{"type":"Array","metadata":{"displayName":"Allowed - Windows VMs","description":"The list of allowed VMs for Windows."}},"listOfAllowedUbuntus":{"type":"Array","metadata":{"displayName":"Allowed - Ubuntu VMs","description":"The list of allowed VMs for Ubuntu."}}},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Compute/disks","Microsoft.Compute/virtualMachines","Microsoft.Compute/VirtualMachineScaleSets"]},{"not":{"allOf":[{"field":"Microsoft.Compute/imagePublisher","in":["Canonical"]},{"field":"Microsoft.Compute/imageOffer","in":["UbuntuServer"]},{"field":"Microsoft.Compute/imageSku","in":"[parameters(''listOfAllowedUbuntus'')]"},{"field":"Microsoft.Compute/imageVersion","in":["latest"]}]}},{"not":{"allOf":[{"field":"Microsoft.Compute/imagePublisher","in":["MicrosoftWindowsServer"]},{"field":"Microsoft.Compute/imageOffer","in":["WindowsServer"]},{"field":"Microsoft.Compute/imageSku","in":"[parameters(''listOfAllowedWindows'')]"},{"field":"Microsoft.Compute/imageVersion","in":["latest"]}]}}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e2bdec61-8c05-4ad6-b8bf-cd1b0a87c091","type":"Microsoft.Authorization/policyDefinitions","name":"e2bdec61-8c05-4ad6-b8bf-cd1b0a87c091"},{"properties":{"displayName":"jilim - recovery services backup policies","policyType":"Custom","mode":"all","metadata":{"category":"Test"},"parameters":{"policies":{"type":"Array","metadata":{"displayName":"Allowed - Recovery Services backup policies","description":"The list of allowed Recovery - Services backup policies.","strongType":"Microsoft.RecoveryServices/vaults/backupPolicies"}},"policy":{"type":"String","metadata":{"displayName":"Allowed - Recovery Services backup policy","description":"Allowed Recovery Services - backup policy.","strongType":"Microsoft.RecoveryServices/vaults/backupPolicies"}}},"policyRule":{"if":{"allOf":[{"not":{"field":"location","in":"[parameters(''policies'')]"}},{"not":{"field":"location","equals":"[parameters(''policy'')]"}}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e3f9a624-b17d-4dc8-9649-65814d3241bb","type":"Microsoft.Authorization/policyDefinitions","name":"e3f9a624-b17d-4dc8-9649-65814d3241bb"},{"properties":{"displayName":"defaultValue: - all parameters","policyType":"Custom","mode":"All","metadata":{"category":"defaultValue"},"parameters":{"locations":{"type":"Array","metadata":{"displayName":"Strong - type (no scope, array)","description":"The list of locations for resources.","strongType":"location"},"defaultValue":["eastus","westus"]},"location":{"type":"String","metadata":{"displayName":"Strong - type (no scope, string)","description":"The location for resources.","strongType":"location"},"defaultValue":"eastus"},"resourceGroups":{"type":"Array","metadata":{"displayName":"Strong - type (array)","description":"The list of resource groups.","strongType":"existingResourceGroups"},"defaultValue":["camarvin"]},"resourceGroup":{"type":"String","metadata":{"displayName":"Strong - type (string)","description":"The resource group.","strongType":"existingResourceGroups"},"defaultValue":"camarvin"},"tags":{"type":"Array","metadata":{"displayName":"Non - strong type (array)","description":"The list of tags."},"defaultValue":[]},"tag":{"type":"String","metadata":{"displayName":"Non - strong type (string)","description":"The tag."},"defaultValue":""},"allowedLocations":{"type":"Array","metadata":{"displayName":"Strong - type (no scope, array, av)","description":"The list of allowed locations for - resources.","strongType":"location"},"allowedValues":["eastus","westus","southus"],"defaultValue":["eastus"]},"allowedLocation":{"type":"String","metadata":{"displayName":"Strong - type (no scope, string, av)","description":"The allowed location for resources.","strongType":"location"},"allowedValues":["eastus","westus","southus"],"defaultValue":"eastus"},"allowedStorageSKUs":{"type":"Array","metadata":{"displayName":"Strong - type (array, av)","description":"The list of allowed storage SKUs for resources.","strongType":"storageSkus"},"allowedValues":["Standard_LRS","Standard_ZRS","Standard_GRS"],"defaultValue":["Standard_LRS","Standard_ZRS","Standard_GRS"]},"allowedStorageSKU":{"type":"String","metadata":{"displayName":"Strong - type (string, av)","description":"The allowed storage SKU for resources.","strongType":"storageSkus"},"allowedValues":["Standard_LRS","Standard_ZRS","Standard_GRS"],"defaultValue":"Standard_LRS"},"allowedTags":{"type":"Array","metadata":{"displayName":"Non - strong type (array, av)","description":"The list of allowed tags."},"allowedValues":["FirstName","LastName","Age"],"defaultValue":["FirstName","LastName","Age"]},"allowedTag":{"type":"String","metadata":{"displayName":"Non - strong type (string, av)","description":"The allowed tag."},"allowedValues":["FirstName","LastName","Age"],"defaultValue":"FirstName"}},"policyRule":{"if":{"allOf":[{"field":"location","in":"[parameters(''locations'')]"},{"field":"location","equals":"[parameters(''location'')]"},{"field":"location","in":"[parameters(''resourceGroups'')]"},{"field":"location","equals":"[parameters(''resourceGroup'')]"},{"field":"location","in":"[parameters(''tags'')]"},{"field":"location","equals":"[parameters(''tag'')]"},{"field":"location","in":"[parameters(''allowedLocations'')]"},{"field":"location","equals":"[parameters(''allowedLocation'')]"},{"field":"location","in":"[parameters(''allowedStorageSkus'')]"},{"field":"location","Equals":"[parameters(''allowedStorageSku'')]"},{"field":"location","in":"[parameters(''allowedTags'')]"},{"field":"location","NotEquals":"[parameters(''allowedTag'')]"}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ea1688b3-022e-4add-af39-2fe60689a3b0","type":"Microsoft.Authorization/policyDefinitions","name":"ea1688b3-022e-4add-af39-2fe60689a3b0"},{"properties":{"displayName":"Deny - \"Allow All\" NSG rules","policyType":"Custom","mode":"All","description":"Denies - the creation of sourceAddressPrefix=\"*\", destinationPortRange=\"*\" NSG - security rules","metadata":{"category":"Port Lockdown"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkSecurityGroups/securityRules"},{"field":"name","notEquals":"PortLockdown_AllowAll"},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/priority","notEquals":"4000"},{"allOf":[{"anyOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange","equals":"*"},{"not":{"field":"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]","notEquals":"*"}}]},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/access","equals":"Allow"},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/direction","equals":"Inbound"},{"anyOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix","in":["*","Internet"]},{"not":{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]","notIn":["*","Internet"]}}]}]}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ebcd21e9-b89f-4a22-8654-dd3a4d8b9321","type":"Microsoft.Authorization/policyDefinitions","name":"ebcd21e9-b89f-4a22-8654-dd3a4d8b9321"},{"properties":{"displayName":"Audit - allowed locations","policyType":"Custom","description":"This policy enables - you to audit your location.","parameters":{"listOfAllowedLocations":{"type":"Array","metadata":{"description":"The - list of locations that can be specified when deploying resources.","strongType":"location","displayName":"Allowed - locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''listOfAllowedLocations'')]"}},"then":{"effect":"Audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/LocationAuditDefinition","type":"Microsoft.Authorization/policyDefinitions","name":"LocationAuditDefinition"},{"properties":{"policyType":"Custom","parameters":{},"policyRule":{"if":{"field":"location","equals":"northeurope"},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","type":"Microsoft.Authorization/policyDefinitions","name":"policy2"},{"properties":{"policyType":"Custom","mode":"All","description":"test - policy","parameters":{"resourceType":{"type":"String","metadata":{"displayName":"Resource - Type","description":"The target resource type."}},"alertNamePrefix":{"type":"String","metadata":{"displayName":"Alert - name prefix","description":"A prefix to be used for the metrics alert."}},"alertDescription":{"type":"String","metadata":{"displayName":"Alert - description.","description":"The description of alert."}},"alertSeverity":{"type":"String","metadata":{"displayName":"alertSeverity","description":"Severity - of alert {0,1,2,3,4}"},"allowedValues":["0","1","2","3","4"]},"isEnabled":{"type":"String","metadata":{"displayName":"isEnabled","description":"Specifies - whether the alert is enabled."},"allowedValues":["true","false"]},"metricName":{"type":"String","metadata":{"displayName":"Metric - name","description":"The metric name."}},"operator":{"type":"String","metadata":{"displayName":"Operator","description":"The - operator comparing the current value with the threshold value."}},"threshold":{"type":"String","metadata":{"displayName":"Threshold","description":"The - threshold value at which the alert is activated."}},"timeAggregation":{"type":"String","metadata":{"displayName":"TimeAggregation","description":"How - the data that is collected should be combined over time."}},"windowSize":{"type":"String","metadata":{"displayName":"Window - size","description":"Period of time used to monitor alert activity based on - the threshold. Must be between five minutes and one day. ISO 8601 duration - format."}},"evaluationFrequency":{"type":"String","metadata":{"displayName":"Evaluation - Frequency","description":"How often the metric alert is evaluated represented - in ISO 8601 duration format"}},"actionGroupId":{"type":"String","metadata":{"displayName":"ActionGroupId","description":"The - ID of the action group that is triggered when the alert is activated or deactivated"}}},"policyRule":{"if":{"field":"type","equals":"[parameters(''resourceType'')]"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Insights/metricAlerts","existenceCondition":{"field":"name","equals":"[concat(parameters(''alertNamePrefix''), - ''-'', resourcegroup().name, ''-'', field(''name''))]"},"existenceScope":"subscription","deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"alertNamePrefix":{"type":"string","minLength":1,"metadata":{"description":"A - prefix to be used for the metrics alert."}},"alertDescription":{"type":"string","defaultValue":"This - is a metric alert","metadata":{"description":"Description of alert"}},"alertSeverity":{"type":"string","defaultValue":"3","allowedValues":["0","1","2","3","4"],"metadata":{"description":"Severity - of alert {0,1,2,3,4}"}},"isEnabled":{"type":"string","defaultValue":"true","metadata":{"description":"Specifies - whether the alert is enabled"}},"metricName":{"type":"string","minLength":1,"metadata":{"description":"Name - of the metric used in the comparison to activate the alert."}},"operator":{"type":"string","defaultValue":"GreaterThan","allowedValues":["Equals","NotEquals","GreaterThan","GreaterThanOrEqual","LessThan","LessThanOrEqual"],"metadata":{"description":"Operator - comparing the current value with the threshold value."}},"threshold":{"type":"string","defaultValue":"0","metadata":{"description":"The - threshold value at which the alert is activated."}},"timeAggregation":{"type":"string","defaultValue":"Average","allowedValues":["Average","Minimum","Maximum","Total"],"metadata":{"description":"How - the data that is collected should be combined over time."}},"windowSize":{"type":"string","defaultValue":"PT5M","metadata":{"description":"Period - of time used to monitor alert activity based on the threshold. Must be between - five minutes and one day. ISO 8601 duration format."}},"evaluationFrequency":{"type":"string","defaultValue":"PT1M","metadata":{"description":"how - often the metric alert is evaluated represented in ISO 8601 duration format"}},"actionGroupId":{"type":"string","defaultValue":"","metadata":{"description":"The - ID of the action group that is triggered when the alert is activated or deactivated"}},"resourceType":{"type":"string","metadata":{"description":"The - resource type of target resource."}},"targetResourceName":{"type":"string","metadata":{"description":"The - target resource name."}}},"variables":{"targetResourceType":"[parameters(''resourceType'')]","resourceIdentifier":"[resourceId(variables(''targetResourceType''), - parameters(''targetResourceName''))]","alertName":"[concat(parameters(''alertNamePrefix''), - ''-'', resourcegroup().name, ''-'', parameters(''targetResourceName''))]"},"resources":[{"name":"[variables(''alertName'')]","type":"Microsoft.Insights/metricAlerts","location":"global","apiVersion":"2018-03-01","tags":{},"properties":{"description":"[parameters(''alertDescription'')]","severity":"[parameters(''alertSeverity'')]","enabled":"[parameters(''isEnabled'')]","scopes":["[variables(''resourceIdentifier'')]"],"evaluationFrequency":"[parameters(''evaluationFrequency'')]","windowSize":"[parameters(''windowSize'')]","criteria":{"odata.type":"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria","allOf":[{"name":"1st - criterion","metricName":"[parameters(''metricName'')]","dimensions":[],"operator":"[parameters(''operator'')]","threshold":"[parameters(''threshold'')]","timeAggregation":"[parameters(''timeAggregation'')]"}]},"actions":[{"actionGroupId":"[parameters(''actionGroupId'')]"}]}}]},"parameters":{"alertNamePrefix":{"value":"[parameters(''alertNamePrefix'')]"},"alertDescription":{"value":"[parameters(''alertDescription'')]"},"alertSeverity":{"value":"[parameters(''alertSeverity'')]"},"isEnabled":{"value":"[parameters(''isEnabled'')]"},"metricName":{"value":"[parameters(''metricName'')]"},"operator":{"value":"[parameters(''operator'')]"},"threshold":{"value":"[parameters(''threshold'')]"},"timeAggregation":{"value":"[parameters(''timeAggregation'')]"},"windowSize":{"value":"[parameters(''windowSize'')]"},"evaluationFrequency":{"value":"[parameters(''evaluationFrequency'')]"},"actionGroupId":{"value":"[parameters(''actionGroupId'')]"},"resourceType":{"value":"[parameters(''resourceType'')]"},"targetResourceName":{"value":"[field(''name'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/testSandipsh.draft","type":"Microsoft.Authorization/policyDefinitions","name":"testSandipsh.draft"},{"properties":{"displayName":"testtest","policyType":"Custom","description":"testtest","parameters":{"tagName":{"type":"String","metadata":{"displayName":"The - name for the tag","description":"The name for the tag."},"allowedValues":[]},"tagValue":{"type":"String","metadata":{"displayName":"The - value for the tag","description":"The value for the tag"},"allowedValues":[]}},"policyRule":{"if":{"not":{"field":"[concat(''tags.'',parameters(''tagName''))]","equals":"[parameters(''tagValue'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/testtest","type":"Microsoft.Authorization/policyDefinitions","name":"testtest"}]}'} + or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Sql/servers/databases","Microsoft.Sql/managedinstances/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"sqlVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","type":"Microsoft.Authorization/policyDefinitions","name":"feedbf84-6b99-488c-acc2-71c829aa5ffc"},{"properties":{"displayName":"test_policy3ulbefgq5","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy5rxcsbgyu","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy5rxcsbgyu"},{"properties":{"displayName":"test_policyvrud2j572","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy6rmvrx2ug","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy6rmvrx2ug"},{"properties":{"displayName":"test_policyeezgnn3tf","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy72fpbk6om","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy72fpbk6om"},{"properties":{"displayName":"test_policylzld56g3c","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy75lhjp2qz","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy75lhjp2qz"},{"properties":{"displayName":"test_policy4leaozaze","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyafjaspbln","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyafjaspbln"},{"properties":{"displayName":"test_policytz5xijuco","policyType":"Custom","description":"desc_for_test_policy_123","parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","displayName":"Allowed + locations","strongType":"location"}}},"policyRule":{"if":{"not":{"in":"[parameters(''allowedLocations'')]","field":"location"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyaip6dvuui","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyaip6dvuui"},{"properties":{"displayName":"test_policyk2ipvteje","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policycc24wg2ai","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policycc24wg2ai"},{"properties":{"displayName":"test_policynek2j6dvx","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyebyt2or2s","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyebyt2or2s"},{"properties":{"displayName":"test_policyo57mbgttt","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyf4gvztvgz","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyf4gvztvgz"},{"properties":{"displayName":"test_policyry7ktdqpn","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyfneqctrjx","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyfneqctrjx"},{"properties":{"displayName":"test_policypq5w4fcp5","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyhavmopeay","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyhavmopeay"},{"properties":{"displayName":"test_policyzhxn622hb","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyhb6kmyq63","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyhb6kmyq63"},{"properties":{"displayName":"test_policyzbi2xb6y7","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyismcbfzwf","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyismcbfzwf"},{"properties":{"displayName":"test_policyyulsilxiw","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyjp2hqpyxg","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyjp2hqpyxg"},{"properties":{"displayName":"test_policym7v6bzkep","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyl5e3igsku","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyl5e3igsku"},{"properties":{"displayName":"test_policyr5ivz4uoy","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policylw4dif6k4","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policylw4dif6k4"},{"properties":{"displayName":"test_policyp2yhkolhg","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policymxx4vzibo","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policymxx4vzibo"},{"properties":{"displayName":"test_policyt252aa3in","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyose3kehj3","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyose3kehj3"},{"properties":{"displayName":"test_policyg5g7wrd63","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyqcexugiyb","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyqcexugiyb"},{"properties":{"displayName":"test_policy5u5ook2zf","policyType":"Custom","description":"desc_for_test_policy_123","parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyrs5zxfokx","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyrs5zxfokx"},{"properties":{"displayName":"test_policyepxuvmnrs","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyrtseayuym","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyrtseayuym"},{"properties":{"displayName":"test_policyeglfwi2os","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyrzih7n7ws","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyrzih7n7ws"},{"properties":{"displayName":"test_policyeop2lxcb7","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policytaxuus2zo","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policytaxuus2zo"},{"properties":{"displayName":"test_policymichd2ukj","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policytrkoh7vio","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policytrkoh7vio"},{"properties":{"displayName":"test_policymhqqjyizg","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyunv6j3gfp","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyunv6j3gfp"},{"properties":{"displayName":"test_policyf2qzg3ba4","policyType":"Custom","description":"desc_for_test_policy_123_new","parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","displayName":"Allowed + locations","strongType":"location"}}},"policyRule":{"if":{"not":{"in":"[parameters(''allowedLocations'')]","field":"location"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyv3qavzpbx","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyv3qavzpbx"},{"properties":{"displayName":"test_policy5koxubsg5","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyv53qgvql6","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyv53qgvql6"},{"properties":{"displayName":"test_policy7t2i6ysv7","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyvpb2ircbl","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyvpb2ircbl"},{"properties":{"displayName":"test_policyif4bjggk7","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyyuuoin4oc","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyyuuoin4oc"}]}'} headers: cache-control: [no-cache] - content-length: ['299217'] + content-length: ['237106'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:41:44 GMT'] + date: ['Tue, 27 Nov 2018 04:15:28 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -3083,9 +2265,10 @@ interactions: Connection: [keep-alive] Content-Length: ['0'] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 + ParameterSetName: [--name --yes --no-wait] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 msrest_azure/0.4.34 resourcemanagementclient/2.0.0 Azure-SDK-For-Python - AZURECLI/2.0.48] + AZURECLI/2.0.52] accept-language: [en-US] method: DELETE uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_policy000001?api-version=2018-05-01 @@ -3094,9 +2277,9 @@ interactions: headers: cache-control: [no-cache] content-length: ['0'] - date: ['Mon, 22 Oct 2018 19:41:45 GMT'] + date: ['Tue, 27 Nov 2018 04:15:30 GMT'] expires: ['-1'] - location: ['https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/operationresults/eyJqb2JJZCI6IlJFU09VUkNFR1JPVVBERUxFVElPTkpPQi1DTEk6NUZURVNUOjVGUE9MSUNZWEFEQlZORFFLVDI1VTUzT1dRT05BN1VJN1lIQ3w5RjQ1REIwRTY2NjI3RTBCLVdFU1RVUyIsImpvYkxvY2F0aW9uIjoid2VzdHVzIn0?api-version=2018-05-01'] + location: ['https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/operationresults/eyJqb2JJZCI6IlJFU09VUkNFR1JPVVBERUxFVElPTkpPQi1DTEk6NUZURVNUOjVGUE9MSUNZV1kzNVBFVUJLRExHV0NDUVpZV1NBV1lJVUdFWHxBOEMxMDhBRERCOEYwODA0LVdFU1RVUyIsImpvYkxvY2F0aW9uIjoid2VzdHVzIn0?api-version=2018-05-01'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] x-content-type-options: [nosniff] diff --git a/src/command_modules/azure-cli-resource/azure/cli/command_modules/resource/tests/latest/recordings/test_resource_policy_management_group.yaml b/src/command_modules/azure-cli-resource/azure/cli/command_modules/resource/tests/latest/recordings/test_resource_policy_management_group.yaml index c07156019e5..0cffe829ea7 100644 --- a/src/command_modules/azure-cli-resource/azure/cli/command_modules/resource/tests/latest/recordings/test_resource_policy_management_group.yaml +++ b/src/command_modules/azure-cli-resource/azure/cli/command_modules/resource/tests/latest/recordings/test_resource_policy_management_group.yaml @@ -1,7 +1,7 @@ interactions: - request: - body: '{"location": "westus", "tags": {"product": "azurecli", "cause": "automation", - "date": "2018-10-22T19:40:36Z"}}' + body: '{"tags": {"cause": "automation", "date": "2018-11-27T07:42:42Z", "product": + "azurecli"}, "location": "westus"}' headers: Accept: [application/json] Accept-Encoding: ['gzip, deflate'] @@ -9,33 +9,162 @@ interactions: Connection: [keep-alive] Content-Length: ['110'] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 + ParameterSetName: [--location --name --tag] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 msrest_azure/0.4.34 resourcemanagementclient/2.0.0 Azure-SDK-For-Python - AZURECLI/2.0.48] + AZURECLI/2.0.52] accept-language: [en-US] method: PUT uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_policy_management_group000001?api-version=2018-05-01 response: - body: {string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_management_group000001","name":"cli_test_policy_management_group000001","location":"westus","tags":{"product":"azurecli","cause":"automation","date":"2018-10-22T19:40:36Z"},"properties":{"provisioningState":"Succeeded"}}'} + body: {string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policy_management_group000001","name":"cli_test_policy_management_group000001","location":"westus","tags":{"cause":"automation","date":"2018-11-27T07:42:42Z","product":"azurecli"},"properties":{"provisioningState":"Succeeded"}}'} headers: cache-control: [no-cache] content-length: ['384'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:40:37 GMT'] + date: ['Tue, 27 Nov 2018 07:42:44 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] x-content-type-options: [nosniff] - x-ms-ratelimit-remaining-subscription-writes: ['1198'] + x-ms-ratelimit-remaining-subscription-writes: ['1199'] status: {code: 201, message: Created} - request: - body: 'b''{"properties": {"mode": "Indexed", "displayName": "test_policy000003", - "description": "desc_for_test_policy_123", "policyRule": {"if": {"not": {"field": - "location", "in": "[parameters(\''allowedLocations\'')]"}}, "then": {"effect": - "deny"}}, "metadata": {"category": "test"}, "parameters": {"allowedLocations": - {"type": "array", "metadata": {"description": "The list of locations that can - be specified when deploying resources", "strongType": "location", "displayName": - "Allowed locations"}}}}}''' + body: null + headers: + Accept: [application/json] + Accept-Encoding: ['gzip, deflate'] + CommandName: [account management-group create] + Connection: [keep-alive] + Content-Length: ['0'] + Content-Type: [application/json; charset=utf-8] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 resourcemanagementclient/2.0.0 Azure-SDK-For-Python + AZURECLI/2.0.52] + accept-language: [en-US] + method: POST + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Management/register?api-version=2018-05-01 + response: + body: {string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Management","namespace":"Microsoft.Management","authorization":{"applicationId":"f2c304cf-8e7e-4c3f-8164-16299ad9d272","roleDefinitionId":"c1cf3708-588a-4647-be7f-f400bbe214cf"},"resourceTypes":[{"resourceType":"resources","locations":[],"apiVersions":["2017-11-01-preview","2017-08-31-preview","2017-06-30-preview","2017-05-31-preview"]},{"resourceType":"managementGroups","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview","2017-11-01-preview","2017-08-31-preview","2017-06-30-preview","2017-05-31-preview"]},{"resourceType":"getEntities","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview"]},{"resourceType":"checkNameAvailability","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview"]},{"resourceType":"operationResults","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview","2017-11-01-preview","2017-08-31-preview","2017-06-30-preview","2017-05-31-preview"]},{"resourceType":"tenantBackfillStatus","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta"]},{"resourceType":"startTenantBackfill","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta"]}],"registrationState":"Registered"}'} + headers: + cache-control: [no-cache] + content-length: ['1468'] + content-type: [application/json; charset=utf-8] + date: ['Tue, 27 Nov 2018 07:42:47 GMT'] + expires: ['-1'] + pragma: [no-cache] + strict-transport-security: [max-age=31536000; includeSubDomains] + transfer-encoding: [chunked] + vary: [Accept-Encoding] + x-content-type-options: [nosniff] + x-ms-ratelimit-remaining-subscription-writes: ['1199'] + status: {code: 200, message: OK} +- request: + body: null + headers: + Accept: [application/json] + Accept-Encoding: ['gzip, deflate'] + CommandName: [account management-group create] + Connection: [keep-alive] + Content-Type: [application/json; charset=utf-8] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 resourcemanagementclient/2.0.0 Azure-SDK-For-Python + AZURECLI/2.0.52] + accept-language: [en-US] + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Management?api-version=2018-05-01 + response: + body: {string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Management","namespace":"Microsoft.Management","authorization":{"applicationId":"f2c304cf-8e7e-4c3f-8164-16299ad9d272","roleDefinitionId":"c1cf3708-588a-4647-be7f-f400bbe214cf"},"resourceTypes":[{"resourceType":"resources","locations":[],"apiVersions":["2017-11-01-preview","2017-08-31-preview","2017-06-30-preview","2017-05-31-preview"]},{"resourceType":"managementGroups","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview","2017-11-01-preview","2017-08-31-preview","2017-06-30-preview","2017-05-31-preview"]},{"resourceType":"getEntities","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview"]},{"resourceType":"checkNameAvailability","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview"]},{"resourceType":"operationResults","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview","2017-11-01-preview","2017-08-31-preview","2017-06-30-preview","2017-05-31-preview"]},{"resourceType":"tenantBackfillStatus","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta"]},{"resourceType":"startTenantBackfill","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta"]}],"registrationState":"Registered"}'} + headers: + cache-control: [no-cache] + content-length: ['1468'] + content-type: [application/json; charset=utf-8] + date: ['Tue, 27 Nov 2018 07:42:58 GMT'] + expires: ['-1'] + pragma: [no-cache] + strict-transport-security: [max-age=31536000; includeSubDomains] + vary: [Accept-Encoding] + x-content-type-options: [nosniff] + status: {code: 200, message: OK} +- request: + body: 'b''{"name": "cli-test-mgmt-group000002", "properties": {"details": {"parent": + {}}}}''' + headers: + Accept: [application/json] + Accept-Encoding: ['gzip, deflate'] + Cache-Control: [no-cache] + CommandName: [account management-group create] + Connection: [keep-alive] + Content-Length: ['85'] + Content-Type: [application/json; charset=utf-8] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 azure-mgmt-managementgroups/0.1.0 Azure-SDK-For-Python + AZURECLI/2.0.52] + accept-language: [en-US] + method: PUT + uri: https://management.azure.com/providers/Microsoft.Management/managementGroups/cli-test-mgmt-group000002?api-version=2018-03-01-preview + response: + body: {string: '{"id":"/providers/Microsoft.Management/managementGroups/cli-test-mgmt-group000002","type":"/providers/Microsoft.Management/managementGroups","name":"cli-test-mgmt-group000002","status":"NotStarted"}'} + headers: + cache-control: [no-cache] + content-length: ['208'] + content-type: [application/json; charset=utf-8] + date: ['Tue, 27 Nov 2018 07:43:00 GMT'] + expires: ['-1'] + location: ['https://management.azure.com/providers/Microsoft.Management/operationResults/create/managementGroups/cli-test-mgmt-group000002?api-version=2018-03-01-preview'] + pragma: [no-cache] + request-id: [f3335230-2ec5-481f-bcf1-038ead35c1ae] + server: [Microsoft-IIS/8.5] + strict-transport-security: [max-age=31536000; includeSubDomains] + x-aspnet-version: [4.0.30319] + x-ba-restapi: [1.0.3.1223] + x-content-type-options: [nosniff] + x-ms-ratelimit-remaining-tenant-writes: ['1199'] + x-powered-by: [ASP.NET] + status: {code: 202, message: Accepted} +- request: + body: null + headers: + Accept: [application/json] + Accept-Encoding: ['gzip, deflate'] + CommandName: [account management-group create] + Connection: [keep-alive] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 azure-mgmt-managementgroups/0.1.0 Azure-SDK-For-Python + AZURECLI/2.0.52] + method: GET + uri: https://management.azure.com/providers/Microsoft.Management/operationResults/create/managementGroups/cli-test-mgmt-group000002?api-version=2018-03-01-preview + response: + body: {string: '{"id":"/providers/Microsoft.Management/managementGroups/cli-test-mgmt-group000002","type":"/providers/Microsoft.Management/managementGroups","name":"cli-test-mgmt-group000002","status":"Succeeded","properties":{"tenantId":"54826b22-38d6-4fb2-bad9-b7b93a3e9c5a","displayName":"cli-test-mgmt-group000002","details":{"version":1,"updatedTime":"2018-11-27T07:43:03.7570869Z","updatedBy":"e7e158d3-7cdc-47cd-8825-5859d7ab2b55","parent":{"id":"/providers/Microsoft.Management/managementGroups/54826b22-38d6-4fb2-bad9-b7b93a3e9c5a","name":"54826b22-38d6-4fb2-bad9-b7b93a3e9c5a","displayName":"54826b22-38d6-4fb2-bad9-b7b93a3e9c5a"}}}}'} + headers: + cache-control: [no-cache] + content-length: ['642'] + content-type: [application/json; charset=utf-8] + date: ['Tue, 27 Nov 2018 07:43:10 GMT'] + expires: ['-1'] + pragma: [no-cache] + request-id: [b716ca77-9837-4168-a41f-882e766bd3ce] + server: [Microsoft-IIS/8.5] + strict-transport-security: [max-age=31536000; includeSubDomains] + transfer-encoding: [chunked] + vary: ['Accept-Encoding,Accept-Encoding'] + x-aspnet-version: [4.0.30319] + x-ba-restapi: [1.0.3.1223] + x-content-type-options: [nosniff] + x-powered-by: [ASP.NET] + status: {code: 200, message: OK} +- request: + body: 'b''{"properties": {"policyRule": {"if": {"not": {"field": "location", "in": + "[parameters(\''allowedLocations\'')]"}}, "then": {"effect": "deny"}}, "description": + "desc_for_test_policy_123", "mode": "Indexed", "metadata": {"category": "test"}, + "displayName": "test_policy000004", "parameters": {"allowedLocations": {"metadata": + {"strongType": "location", "description": "The list of locations that can be + specified when deploying resources", "displayName": "Allowed locations"}, "type": + "array"}}}}''' headers: Accept: [application/json] Accept-Encoding: ['gzip, deflate'] @@ -43,20 +172,22 @@ interactions: Connection: [keep-alive] Content-Length: ['493'] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n --rules --params --display-name --description --mode --metadata + --management-group] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: PUT - uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/AzGovTest8/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002?api-version=2018-03-01 + uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003?api-version=2018-03-01 response: - body: {string: '{"properties":{"displayName":"test_policy000003","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","metadata":{"category":"test"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The - list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed - locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementgroups/AzGovTest8/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"}'} + body: {string: '{"properties":{"displayName":"test_policy000004","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","metadata":{"category":"test"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"strongType":"location","description":"The + list of locations that can be specified when deploying resources","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000003"}'} headers: cache-control: [no-cache] - content-length: ['726'] + content-length: ['746'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:40:38 GMT'] + date: ['Tue, 27 Nov 2018 07:43:12 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -71,20 +202,21 @@ interactions: CommandName: [policy definition update] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n --description --display-name --metadata --management-group] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET - uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/AzGovTest8/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002?api-version=2018-03-01 + uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003?api-version=2018-03-01 response: - body: {string: '{"properties":{"displayName":"test_policy000003","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","metadata":{"category":"test"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The - list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed - locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementgroups/AzGovTest8/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"}'} + body: {string: '{"properties":{"displayName":"test_policy000004","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123","metadata":{"category":"test"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"strongType":"location","description":"The + list of locations that can be specified when deploying resources","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000003"}'} headers: cache-control: [no-cache] - content-length: ['726'] + content-length: ['746'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:40:39 GMT'] + date: ['Tue, 27 Nov 2018 07:43:13 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -93,13 +225,12 @@ interactions: x-content-type-options: [nosniff] status: {code: 200, message: OK} - request: - body: 'b''{"properties": {"displayName": "test_policy000003_new", "description": - "desc_for_test_policy_123_new", "policyRule": {"if": {"not": {"field": "location", - "in": "[parameters(\''allowedLocations\'')]"}}, "then": {"effect": "deny"}}, - "metadata": {"category": "test2"}, "parameters": {"allowedLocations": {"type": - "Array", "metadata": {"description": "The list of locations that can be specified - when deploying resources", "strongType": "location", "displayName": "Allowed - locations"}}}}}''' + body: 'b''{"properties": {"metadata": {"category": "test2"}, "description": "desc_for_test_policy_123_new", + "displayName": "test_policy000004_new", "parameters": {"allowedLocations": {"metadata": + {"strongType": "location", "description": "The list of locations that can be + specified when deploying resources", "displayName": "Allowed locations"}, "type": + "Array"}}, "policyRule": {"if": {"not": {"field": "location", "in": "[parameters(\''allowedLocations\'')]"}}, + "then": {"effect": "deny"}}}}''' headers: Accept: [application/json] Accept-Encoding: ['gzip, deflate'] @@ -107,20 +238,21 @@ interactions: Connection: [keep-alive] Content-Length: ['483'] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n --description --display-name --metadata --management-group] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: PUT - uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/AzGovTest8/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002?api-version=2018-03-01 + uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003?api-version=2018-03-01 response: - body: {string: '{"properties":{"displayName":"test_policy000003_new","policyType":"Custom","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The - list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed - locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementgroups/AzGovTest8/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"}'} + body: {string: '{"properties":{"displayName":"test_policy000004_new","policyType":"Custom","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"strongType":"location","description":"The + list of locations that can be specified when deploying resources","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000003"}'} headers: cache-control: [no-cache] - content-length: ['718'] + content-length: ['738'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:40:39 GMT'] + date: ['Tue, 27 Nov 2018 07:43:13 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -135,11 +267,12 @@ interactions: CommandName: [policy definition list] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [--management-group] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET - uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/AzGovTest8/providers/Microsoft.Authorization/policyDefinitions?api-version=2018-03-01 + uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions?api-version=2018-03-01 response: body: {string: '{"value":[{"properties":{"displayName":"[Preview]: Deploy Log Analytics Agent for Linux VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy @@ -148,7 +281,9 @@ interactions: Analytics workspace","description":"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant ''Log Analytics Contributor'' permissions (or similar) to the - policy assignment''s principal ID.","strongType":"omsWorkspace"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","sles-byos"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"OmsAgentForLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"OmsAgentForLinux","vmExtensionTypeHandlerVersion":"1.7"},"resources":[{"name":"[concat(parameters(''vmName''), + policy assignment''s principal ID.","strongType":"omsWorkspace"}},"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"OmsAgentForLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"OmsAgentForLinux","vmExtensionTypeHandlerVersion":"1.7"},"resources":[{"name":"[concat(parameters(''vmName''), ''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''), ''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''), ''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled @@ -162,7 +297,7 @@ interactions: days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","type":"Microsoft.Authorization/policyDefinitions","name":"057ef27e-665e-4328-8ea3-04b3122bd9fb"},{"properties":{"displayName":"Audit SQL DB Level Audit Setting","policyType":"BuiltIn","mode":"All","description":"Audit DB level audit setting for SQL databases","metadata":{"category":"SQL","deprecated":true},"parameters":{"setting":{"type":"String","metadata":{"displayName":"Audit - Setting"},"allowedValues":["enabled","disabled"]}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers/databases"},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Sql/servers/databases/auditingSettings","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/auditingSettings.state","equals":"[parameters(''setting'')]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"Audit + Setting"},"allowedValues":["enabled","disabled"]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Sql/servers/databases/auditingSettings","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/auditingSettings.state","equals":"[parameters(''setting'')]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"Audit VMs that do not use managed disks","policyType":"BuiltIn","mode":"All","description":"This policy audits VMs that do not use managed disks","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/virtualMachines/osDisk.uri","exists":"True"}]},{"allOf":[{"field":"type","equals":"Microsoft.Compute/VirtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers","exists":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl","exists":"True"}]}]}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a4d"},{"properties":{"displayName":"[Preview]: Deploy Log Analytics Agent for Windows VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy @@ -171,7 +306,9 @@ interactions: Analytics workspace","description":"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant ''Log Analytics Contributor'' permissions (or similar) to the - policy assignment''s principal ID.","strongType":"omsWorkspace"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"MicrosoftMonitoringAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"MicrosoftMonitoringAgent","vmExtensionTypeHandlerVersion":"1.0"},"resources":[{"name":"[concat(parameters(''vmName''), + policy assignment''s principal ID.","strongType":"omsWorkspace"}},"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + values: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"MicrosoftMonitoringAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"MicrosoftMonitoringAgent","vmExtensionTypeHandlerVersion":"1.0"},"resources":[{"name":"[concat(parameters(''vmName''), ''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''), ''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''), ''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled @@ -188,21 +325,36 @@ interactions: that the resource location matches its resource group location","metadata":{"category":"General"},"policyRule":{"if":{"field":"location","notIn":["[resourcegroup().location]","global"]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a","type":"Microsoft.Authorization/policyDefinitions","name":"0a914e76-4921-4c19-b460-a2d36003525a"},{"properties":{"displayName":"[Preview]: Audit Dependency Agent Deployment - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the - agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","sles-byos"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.2-LTS","14.04.3-LTS","14.04.4-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","type":"Microsoft.Authorization/policyDefinitions","name":"11ac78e3-31bc-4f0c-8434-37ab963cea07"},{"properties":{"displayName":"[Preview]: + agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude_windows":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","type":"Microsoft.Authorization/policyDefinitions","name":"11ac78e3-31bc-4f0c-8434-37ab963cea07"},{"properties":{"displayName":"[Preview]: + Deploy VM extension to audit application inside Windows VMs must be present","policyType":"BuiltIn","mode":"Indexed","description":"Include + this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft + Azure Managed Service Identity, and required content to audit applications + inside Windows VMs must be present.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"installedApplication":{"type":"String","metadata":{"displayName":"Application + name (supports wildcard)","description":"Application name. Example: ''Microsoft + SQL Server 2014 (64-bit)'' or ''Microsoft SQL Server 2014*'' to match any + application starting with ''Microsoft SQL Server 2014''."}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"WhitelistedApplication","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"WhitelistedApplication"},"installedApplication":{"value":"[parameters(''installedApplication'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"installedApplication":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]bwhitelistedapp;Name","value":"[Parameters(''installedApplication'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), + ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6","type":"Microsoft.Authorization/policyDefinitions","name":"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6"},{"properties":{"displayName":"[Preview]: Deploy VM extension to audit Windows VM minimum password age 1 day","policyType":"BuiltIn","mode":"Indexed","description":"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password must be used before the user can change it.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"MinimumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"MinimumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"MinimumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"MinimumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","type":"Microsoft.Authorization/policyDefinitions","name":"16390df4-2f73-4b42-af13-c801066763df"},{"properties":{"displayName":"Audit transparent data encryption status","policyType":"BuiltIn","mode":"Indexed","description":"Audit transparent data encryption status for SQL databases","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers/databases"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"enabled"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"17k78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"[Preview]: + or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"enabled"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"17k78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"[Preview]: Deploy Dependency Agent for Windows VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined - and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentWindows"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentWindows","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''), + and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentWindows"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentWindows","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''), ''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04","type":"Microsoft.Authorization/policyDefinitions","name":"1c210e94-a481-4beb-95fa-1571b434fb04"},{"properties":{"displayName":"Audit use of classic virtual machines","policyType":"BuiltIn","mode":"All","description":"Use @@ -239,7 +391,7 @@ interactions: Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the least number of characters that a password for a user account may contain.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"MinimumPasswordLength","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"MinimumPasswordLength"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"MinimumPasswordLength","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"MinimumPasswordLength"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","type":"Microsoft.Authorization/policyDefinitions","name":"23020aa6-1135-4be2-bae2-149982b06eca"},{"properties":{"displayName":"[Preview]: Audit Windows VM maximum password age 70 days","policyType":"BuiltIn","mode":"Indexed","description":"This @@ -280,13 +432,17 @@ interactions: is disabled.","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","type":"Microsoft.Authorization/policyDefinitions","name":"2d67222d-05fd-4526-a171-2ee132ad9e83"},{"properties":{"displayName":"[Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the - agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","sles-byos"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","type":"Microsoft.Authorization/policyDefinitions","name":"32133ab0-ee4b-4b44-98d6-042180979d50"},{"properties":{"displayName":"[Preview]: + agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude_windows":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","type":"Microsoft.Authorization/policyDefinitions","name":"32133ab0-ee4b-4b44-98d6-042180979d50"},{"properties":{"displayName":"[Preview]: Deploy VM extension to audit Linux VM accounts with no passwords","policyType":"BuiltIn","mode":"Indexed","description":"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies there are no accounts without passwords.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordPolicy_msid232","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordPolicy_msid232"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordPolicy_msid232","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordPolicy_msid232"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","type":"Microsoft.Authorization/policyDefinitions","name":"3470477a-b35a-49db-aca5-1073d04524fe"},{"properties":{"displayName":"Audit unrestricted network access to storage accounts","policyType":"BuiltIn","mode":"Indexed","description":"Audit @@ -308,7 +464,7 @@ interactions: Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password can be used before the system requires the user to change - it.","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"MaximumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"MaximumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + it.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"MaximumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"MaximumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","type":"Microsoft.Authorization/policyDefinitions","name":"356a906e-05e5-4625-8729-90771e0ee934"},{"properties":{"displayName":"Audit enablement of encryption of Automation account variables","policyType":"BuiltIn","mode":"All","description":"It @@ -324,7 +480,31 @@ interactions: Resource Manager based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.classicStorage/storageAccounts"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","type":"Microsoft.Authorization/policyDefinitions","name":"37e0d2fe-28a5-43d6-a273-67d37d1f5606"},{"properties":{"displayName":"Deploy + or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.classicStorage/storageAccounts"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","type":"Microsoft.Authorization/policyDefinitions","name":"37e0d2fe-28a5-43d6-a273-67d37d1f5606"},{"properties":{"displayName":"[Preview]: + Deploy Dependency Agent for Windows VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy + Dependency Agent for Windows VM Scale Sets if the VM Image (OS) is in the + list defined and the agent is not installed. Note: if your scale set upgradePolicy + is set to Manual, you need to apply the extension to the all VMs in the set + by calling upgrade on them. In CLI this would be az vmss update-instances.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"DependencyAgentWindows"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentWindows","vmExtensionTypeHandlerVersion":"9.7"},"resources":[{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","name":"[concat(parameters(''vmName''), + ''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled + extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9","type":"Microsoft.Authorization/policyDefinitions","name":"3be22e3b-d919-47aa-805e-8985dbeb0ad9"},{"properties":{"displayName":"[Preview]: + Deploy Log Analytics Agent for Windows VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy + Log Analytics Agent for Windows VM Scale Sets if the VM Image (OS) is in the + list defined and the agent is not installed. Note: if your scale set upgradePolicy + is set to Manual, you need to apply the extension to the all VMs in the set + by calling upgrade on them. In CLI this would be az vmss update-instances.","metadata":{"category":"Monitoring"},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log + Analytics workspace","description":"Select Log Analytics workspace from dropdown + list. If this workspace is outside of the scope of the assignment you must + manually grant ''Log Analytics Contributor'' permissions (or similar) to the + policy assignment''s principal ID.","strongType":"omsWorkspace"}},"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293","/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"MicrosoftMonitoringAgent"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"MicrosoftMonitoringAgent","vmExtensionTypeHandlerVersion":"1.0"},"resources":[{"name":"[concat(parameters(''vmName''), + ''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachineScaleSets/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''), + ''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''), + ''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled + extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038","type":"Microsoft.Authorization/policyDefinitions","name":"3c1b3629-c8f8-4bf6-862c-037cb9094038"},{"properties":{"displayName":"Deploy default Log Analytics Agent for Ubuntu VMs","policyType":"BuiltIn","mode":"Indexed","description":"This policy deploys the Log Analytics Agent on Ubuntu VMs, and connects to the selected Log Analytics workspace","metadata":{"category":"Compute","deprecated":true},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log @@ -372,7 +552,9 @@ interactions: parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71","type":"Microsoft.Authorization/policyDefinitions","name":"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71"},{"properties":{"displayName":"[Preview]: Deploy Dependency Agent for Linux VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined - and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.2-LTS","14.04.3-LTS","14.04.4-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","sles-byos"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentLinux","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''), + and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentLinux","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''), ''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee","type":"Microsoft.Authorization/policyDefinitions","name":"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee"},{"properties":{"displayName":"[Preview]: Audit maximum number of owners for a subscription","policyType":"BuiltIn","mode":"All","description":"It @@ -386,13 +568,39 @@ interactions: Audit Windows VM passwords must be at least 14 characters","policyType":"BuiltIn","mode":"Indexed","description":"This security setting determines the least number of characters that a password for a user account may contain.","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","type":"Microsoft.Authorization/policyDefinitions","name":"5aebc8d1-020d-4037-89a0-02043a7524ec"},{"properties":{"displayName":"[Preview]: + Audit Log Analytics Agent Deployment in VMSS - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports + VMSS as non-compliant if the VM Image (OS) is not in the list defined and + the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude_windows":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","type":"Microsoft.Authorization/policyDefinitions","name":"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138"},{"properties":{"displayName":"[Preview]: Audit external accounts with write permissions on a subscription","policyType":"BuiltIn","mode":"All","description":"External accounts with write privileges should be removed from your subscription in order to prevent unmonitored access.","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","type":"Microsoft.Authorization/policyDefinitions","name":"5c607a2e-c700-4744-8254-d77e7c9eb5e4"},{"properties":{"displayName":"Allow + or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","type":"Microsoft.Authorization/policyDefinitions","name":"5c607a2e-c700-4744-8254-d77e7c9eb5e4"},{"properties":{"displayName":"[Preview]: + Audit application inside Windows VMs must be present","policyType":"BuiltIn","mode":"Indexed","description":"This + policy will audit instances of applications running inside Windows virtual + machines, to verify that the application exists.","metadata":{"category":"Guest + Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WhitelistedApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9","type":"Microsoft.Authorization/policyDefinitions","name":"5e393799-e3ca-4e43-a9a5-0ec4648a57d9"},{"properties":{"displayName":"Allow resource creation only in India data centers","policyType":"BuiltIn","description":"Allows resource creation in the following locations only: West India, South India, Central India","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["westindia","southindia","centralindia"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54","type":"Microsoft.Authorization/policyDefinitions","name":"5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54"},{"properties":{"displayName":"[Preview]: + Deploy Log Analytics Agent for Linux VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy + Log Analytics Agent for Linux VM Scale Sets if the VM Image (OS) is in the + list defined and the agent is not installed. Note: if your scale set upgradePolicy + is set to Manual, you need to apply the extension to the all VMs in the set + by calling upgrade on them. In CLI this would be az vmss update-instances.","metadata":{"category":"Monitoring"},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log + Analytics workspace","description":"Select Log Analytics workspace from dropdown + list. If this workspace is outside of the scope of the assignment you must + manually grant ''Log Analytics Contributor'' permissions (or similar) to the + policy assignment''s principal ID.","strongType":"omsWorkspace"}},"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293","/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"OmsAgentForLinux"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"OmsAgentForLinux","vmExtensionTypeHandlerVersion":"1.7"},"resources":[{"name":"[concat(parameters(''vmName''), + ''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachineScaleSets/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''), + ''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''), + ''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled + extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069","type":"Microsoft.Authorization/policyDefinitions","name":"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069"},{"properties":{"displayName":"[Preview]: Audit external accounts with read permissions on a subscription","policyType":"BuiltIn","mode":"All","description":"External accounts with read privileges should be removed from your subscription in order to prevent unmonitored access.","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable @@ -430,7 +638,7 @@ interactions: Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the number of unique new passwords that have to be associated with a user account before an old - password can be reused.","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"EnforcePasswordHistory","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"EnforcePasswordHistory"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + password can be reused.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"EnforcePasswordHistory","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"EnforcePasswordHistory"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","type":"Microsoft.Authorization/policyDefinitions","name":"726671ac-c4de-4908-8c7d-6043ae62e3b6"},{"properties":{"displayName":"Allowed storage account SKUs","policyType":"BuiltIn","description":"This policy enables @@ -446,7 +654,16 @@ interactions: vulnerabilities detected by Vulnerability Assessment solution and VMs without a Vulnerability Assessment solution in Azure Security Center as recommendations.","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"vulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","type":"Microsoft.Authorization/policyDefinitions","name":"760a85ff-6162-42b3-8d70-698e268f648c"},{"properties":{"displayName":"Audit + or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"vulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","type":"Microsoft.Authorization/policyDefinitions","name":"760a85ff-6162-42b3-8d70-698e268f648c"},{"properties":{"displayName":"[Preview]: + Deploy Dependency Agent for Linux VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy + Dependency Agent for Linux VM Scale Sets if the VM Image (OS) is in the list + defined and the agent is not installed. Note: if your scale set upgradePolicy + is set to Manual, you need to apply the extension to the all VMs in the set + by calling upgrade on them. In CLI this would be az vmss update-instances.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentLinux","vmExtensionTypeHandlerVersion":"9.7"},"resources":[{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","name":"[concat(parameters(''vmName''), + ''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled + extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0","type":"Microsoft.Authorization/policyDefinitions","name":"765266ab-e40e-4c61-bcb2-5a5275d0b7c0"},{"properties":{"displayName":"Audit enabling of diagnostics logs in Service Fabric and Virtual Machine Scale Sets","policyType":"BuiltIn","mode":"Indexed","description":"It is recommended to enable Logs so that activity trail can be recreated when investigations are required in the event of an incident or a compromise.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable @@ -459,7 +676,7 @@ interactions: Azure Managed Service Identity, and required content to check settings inside the virtual machine. If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordMustMeetComplexityRequirements","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordMustMeetComplexityRequirements"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordMustMeetComplexityRequirements","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordMustMeetComplexityRequirements"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","type":"Microsoft.Authorization/policyDefinitions","name":"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8"},{"properties":{"displayName":"Audit diagnostic setting","policyType":"BuiltIn","mode":"All","description":"Audit @@ -473,7 +690,7 @@ interactions: retention (days)","description":"The required diagnostic logs retention in days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","type":"Microsoft.Authorization/policyDefinitions","name":"83a214f7-d01a-484b-91a9-ed54470c9a6a"},{"properties":{"displayName":"Deploy SQL DB transparent data encryption","policyType":"BuiltIn","mode":"Indexed","description":"Enables - transparent data encryption on SQL databases","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers/databases"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"fullDbName":{"type":"string"}},"resources":[{"name":"[concat(parameters(''fullDbName''), + transparent data encryption on SQL databases","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"fullDbName":{"type":"string"}},"resources":[{"name":"[concat(parameters(''fullDbName''), ''/current'')]","type":"Microsoft.Sql/servers/databases/transparentDataEncryption","apiVersion":"2014-04-01","properties":{"status":"Enabled"}}]},"parameters":{"fullDbName":{"value":"[field(''fullName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f","type":"Microsoft.Authorization/policyDefinitions","name":"86a912f6-9a06-4e26-b447-11b16ba8659f"},{"properties":{"displayName":"[Preview]: Monitor missing system updates in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Missing security system updates on your servers will be monitored by Azure Security @@ -490,7 +707,7 @@ interactions: Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines whether the operating system stores passwords using reversible encryption.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"StorePasswordsUsingReversibleEncryption","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"StorePasswordsUsingReversibleEncryption"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"StorePasswordsUsingReversibleEncryption","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"StorePasswordsUsingReversibleEncryption"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","type":"Microsoft.Authorization/policyDefinitions","name":"8ff0b18b-262e-4512-857a-48ad0aeb9a78"},{"properties":{"displayName":"[Preview]: Audit accounts with write permissions who are not MFA enabled on a subscription","policyType":"BuiltIn","mode":"All","description":"Multi-Factor @@ -582,7 +799,7 @@ interactions: Azure Managed Service Identity, and required content to audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"AuditSecureProtocol","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AuditSecureProtocol"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"AuditSecureProtocol","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AuditSecureProtocol"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","type":"Microsoft.Authorization/policyDefinitions","name":"b2fc8f91-866d-4434-9089-5ebfe38d6fd8"},{"properties":{"displayName":"Audit enabling of diagnostic logs for Search service","policyType":"BuiltIn","mode":"Indexed","description":"Audit @@ -641,6 +858,13 @@ interactions: which do not satisfy the configured baseline will be monitored by Azure Security Center as recommendations","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines","Microsoft.OperationalInsights/workspaces"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"osVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","type":"Microsoft.Authorization/policyDefinitions","name":"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15"},{"properties":{"displayName":"[Preview]: + Audit Dependency Agent Deployment in VMSS - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports + VMSS as non-compliant if the VM Image (OS) is not in the list defined and + the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude_windows":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10","type":"Microsoft.Authorization/policyDefinitions","name":"e2dd799a-a932-4e9d-ac17-d473bc3c6c10"},{"properties":{"displayName":"[Preview]: Audit accounts with read permissions who are not MFA enabled on a subscription","policyType":"BuiltIn","mode":"All","description":"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with read privileges to prevent a breach of accounts or resources.","metadata":{"category":"Security @@ -669,7 +893,7 @@ interactions: Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies remote connections from accounts - with empty passwords is disabled.","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordPolicy_msid110","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordPolicy_msid110"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + with empty passwords is disabled.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordPolicy_msid110","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordPolicy_msid110"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","type":"Microsoft.Authorization/policyDefinitions","name":"ec49586f-4939-402d-a29e-6ff502b20592"},{"properties":{"displayName":"[Preview]: Deploy VM extension to audit Linux VM passwd file permissions","policyType":"BuiltIn","mode":"Indexed","description":"Include @@ -678,7 +902,7 @@ interactions: the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordPolicy_msid121","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordPolicy_msid121"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordPolicy_msid121","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordPolicy_msid121"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","type":"Microsoft.Authorization/policyDefinitions","name":"f19aa1c1-6b91-4c27-ae6a-970279f03db9"},{"properties":{"displayName":"[Preview]: Audit Log Analytics Workspace for VM - Report Mismatch","policyType":"BuiltIn","mode":"Indexed","description":"Reports @@ -732,79 +956,14 @@ interactions: Monitor SQL vulnerability assessment results in Azure Security Center","policyType":"BuiltIn","mode":"Indexed","description":"Monitor Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Sql/servers/databases","Microsoft.Sql/managedinstances/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"sqlVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","type":"Microsoft.Authorization/policyDefinitions","name":"feedbf84-6b99-488c-acc2-71c829aa5ffc"},{"properties":{"displayName":"test_policy000003_new","policyType":"Custom","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The - list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed - locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementgroups/AzGovTest8/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"},{"properties":{"displayName":"[cstack] - No-op policy","policyType":"Custom","mode":"All","description":"This policy - does nothing","metadata":{"category":"cstack"},"parameters":{},"policyRule":{"if":{"not":{"field":"name","like":"*"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest8/providers/Microsoft.Authorization/policyDefinitions/b485e1ef-eea6-4b69-8933-1ef6b08720a9","type":"Microsoft.Authorization/policyDefinitions","name":"b485e1ef-eea6-4b69-8933-1ef6b08720a9"},{"properties":{"policyType":"Custom","policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"True"}}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementgroups/AzGovTest8/providers/Microsoft.Authorization/policyDefinitions/test1","type":"Microsoft.Authorization/policyDefinitions","name":"test1"},{"properties":{"displayName":"jilim - mg no sub","policyType":"Custom","mode":"All","metadata":{},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources.","strongType":"location"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/51c286c0-25b6-4a16-b53b-208fd346d285","type":"Microsoft.Authorization/policyDefinitions","name":"51c286c0-25b6-4a16-b53b-208fd346d285"},{"properties":{"displayName":"sdfsfsdfsdfsdf","policyType":"Custom","mode":"All","metadata":{},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources.","strongType":"location"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/e1d7de9f-42f0-4af1-9ee0-0187bfce093e","type":"Microsoft.Authorization/policyDefinitions","name":"e1d7de9f-42f0-4af1-9ee0-0187bfce093e"},{"properties":{"displayName":"Azure - KeyVault Allowed Locations","policyType":"Custom","mode":"All","description":"Azure - KeyVault Allowed Locations","metadata":{"category":"Key Vault"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources.","strongType":"location"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest5/providers/Microsoft.Authorization/policyDefinitions/e1d7de9f-42f0-4af1-9ee0-0187bfce08d5","type":"Microsoft.Authorization/policyDefinitions","name":"e1d7de9f-42f0-4af1-9ee0-0187bfce08d5"},{"properties":{"displayName":"rohitbh - sql server threat detection","policyType":"Custom","mode":"all","metadata":{},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/securityAlertPolicies.state","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"serverName":{"type":"string"}},"variables":{},"resources":[{"name":"[concat(parameters(''serverName''), - ''/Default'')]","type":"Microsoft.Sql/servers/securityAlertPolicies","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","emailAccountAdmins":true}}]},"parameters":{"serverName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest3/providers/Microsoft.Authorization/policyDefinitions/99b560dc-8924-4ba4-8467-adf1fdf04660","type":"Microsoft.Authorization/policyDefinitions","name":"99b560dc-8924-4ba4-8467-adf1fdf04660"},{"properties":{"displayName":"Audit - storage account SKUs","policyType":"Custom","mode":"All","metadata":{"category":"Demo - 323"},"parameters":{"listOfAllowedSKUs":{"type":"Array","metadata":{"displayName":"Audited - skus","description":"The list of skus.","strongType":"storageSkus"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest3/providers/Microsoft.Authorization/policyDefinitions/ced9d1e5-109c-4e0b-a447-afbf649db203","type":"Microsoft.Authorization/policyDefinitions","name":"ced9d1e5-109c-4e0b-a447-afbf649db203"},{"properties":{"displayName":"Audit - virtual machines SKUs","policyType":"Custom","mode":"All","metadata":{"category":"Demo - 323"},"parameters":{"listOfAllowedSKUs":{"type":"Array","metadata":{"displayName":"List - Of Allowed SKUs","description":"The list of allowed locations for resources.","strongType":"vmSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"field":"Microsoft.Compute/virtualMachines/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest3/providers/Microsoft.Authorization/policyDefinitions/ced9d1e5-109c-4e0b-a447-afbf649db22a","type":"Microsoft.Authorization/policyDefinitions","name":"ced9d1e5-109c-4e0b-a447-afbf649db22a"},{"properties":{"displayName":"carolyn - location on mg test1","policyType":"Custom","mode":"All","parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources."}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/022d9357-5a90-46f7-9554-21d30ce4c32d","type":"Microsoft.Authorization/policyDefinitions","name":"022d9357-5a90-46f7-9554-21d30ce4c32d"},{"properties":{"displayName":"Paige - and Haishi say that Managed Disk is Required","policyType":"Custom","mode":"All","metadata":{},"parameters":{},"policyRule":{"if":{"allOf":[{"allOf":[{"field":"type","equals":"microsoft.compute/virtualmachines"},{"field":"Microsoft.Compute/virtualMachines/storageProfile.osDisk.managedDisk.id","equals":""}]},{"field":"tags.environment","equals":"Prod"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/0cd998fe-ceeb-43ae-b6ca-be6b9b093845","type":"Microsoft.Authorization/policyDefinitions","name":"0cd998fe-ceeb-43ae-b6ca-be6b9b093845"},{"properties":{"displayName":"Audit - East US location","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources.","strongType":"location"}}},"policyRule":{"if":{"field":"location","in":"[parameters(''allowedLocations'')]"},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/0f6988e2-f000-4793-b8ef-02ed2b8fa049","type":"Microsoft.Authorization/policyDefinitions","name":"0f6988e2-f000-4793-b8ef-02ed2b8fa049"},{"properties":{"displayName":"custom - allowed values","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources.","strongType":"location"},"allowedValues":["eastus","westus","southus"]},"allowedLocation":{"type":"String","metadata":{"displayName":"Allowed - location","description":"The allowed location for resources.","strongType":"location"},"allowedValues":["eastus","westus","southus"]},"allowedStorageSKUs":{"type":"Array","metadata":{"displayName":"Allowed - storage SKUs","description":"The list of allowed storage SKUs for resources.","strongType":"storageSkus"},"allowedValues":["Standard_LRS","Standard_ZRS","Standard_GRS"]},"allowedStorageSKU":{"type":"String","metadata":{"displayName":"Allowed - storage SKU","description":"The allowed storage SKU for resources.","strongType":"storageSkus"},"allowedValues":["Standard_LRS","Standard_ZRS","Standard_GRS"]},"allowedTags":{"type":"Array","metadata":{"displayName":"Allowed - tags","description":"The list of allowed tags."},"allowedValues":["FirstName","LastName","Age"]},"allowedTag":{"type":"String","metadata":{"displayName":"Allowed - tag","description":"The allowed tag."},"allowedValues":["FirstName","LastName","Age"]}},"policyRule":{"if":{"allOf":[{"field":"location","in":"[parameters(''allowedLocations'')]"},{"field":"location","equals":"[parameters(''allowedLocation'')]"},{"field":"location","in":"[parameters(''allowedStorageSkus'')]"},{"field":"location","equals":"[parameters(''allowedStorageSku'')]"},{"field":"location","in":"[parameters(''allowedTags'')]"},{"field":"location","equals":"[parameters(''allowedTag'')]"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/15ffe5ee-6e86-4ee6-96ca-20990f8c7202","type":"Microsoft.Authorization/policyDefinitions","name":"15ffe5ee-6e86-4ee6-96ca-20990f8c7202"},{"properties":{"displayName":"rohitbh: - Definition to be deleted.","policyType":"Custom","mode":"indexed","description":"This - policy will deploy a key vault named KV_B if a key vault named KV_A does not - exist.","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.KeyVault/vaults","existenceCondition":{"field":"name","equals":"KV_B"},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","resources":[{"apiVersion":"2016-10-01","name":"KV_A","type":"Microsoft.KeyVault/vaults","location":"eastus2","properties":{"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","sku":{"family":"A","name":"standard"},"accessPolicies":[]}}]}}}}}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/1a4d4a82-b0a9-4860-b066-a990a2d0116d","type":"Microsoft.Authorization/policyDefinitions","name":"1a4d4a82-b0a9-4860-b066-a990a2d0116d"},{"properties":{"displayName":"[Audit] - Test policy in MG","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources."}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/20929e43-ae09-4aac-b8ce-05a42434a1ec","type":"Microsoft.Authorization/policyDefinitions","name":"20929e43-ae09-4aac-b8ce-05a42434a1ec"},{"properties":{"displayName":"Audit - storage sku","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{"allowedStorageSKUs":{"type":"Array","metadata":{"displayName":"Storage - SKUs","description":"The list of storage SKUs.","strongType":"storageSkus"}},"allowedStorageSKU":{"type":"String","metadata":{"displayName":"Storage - SKU","description":"The storage SKU.","strongType":"storageSkus"}}},"policyRule":{"if":{"allOf":[{"field":"location","in":"[parameters(''allowedStorageSKUs'')]"},{"field":"location","equals":"[parameters(''allowedStorageSKU'')]"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/20929e43-ae09-4aac-b8ce-05a42434a9af","type":"Microsoft.Authorization/policyDefinitions","name":"20929e43-ae09-4aac-b8ce-05a42434a9af"},{"properties":{"displayName":"Enforce - tag and its value on resource groups","policyType":"Custom","mode":"All","description":"Enforces - a required tag and its value on resource groups.","metadata":{},"parameters":{"tagName":{"type":"String","metadata":{"description":"Name - of the tag, such as costCenter","strongType":"tagName"}},"tagValue":{"type":"String","metadata":{"description":"Value - of the tag, such as headquarter","strongType":"tagValue"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"not":{"field":"[concat(''tags['',parameters(''tagName''), - '']'')]","equals":"[parameters(''tagValue'')]"}}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/2730ec21-8461-41e9-b2ad-d218259d5027","type":"Microsoft.Authorization/policyDefinitions","name":"2730ec21-8461-41e9-b2ad-d218259d5027"},{"properties":{"displayName":"Audit - storage accounts open to all public network","policyType":"Custom","mode":"All","parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.defaultAction","notequals":"Deny"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/39ffa2bb-a9d5-436d-9a79-db5dd635e0f5","type":"Microsoft.Authorization/policyDefinitions","name":"39ffa2bb-a9d5-436d-9a79-db5dd635e0f5"},{"properties":{"displayName":"VMs - with no Managed Disk","policyType":"Custom","mode":"all","description":"Deny - all VMs with no Managed Disk","metadata":{"category":"General"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.compute/virtualmachines"},{"field":"Microsoft.Compute/virtualMachines/storageProfile.dataDisks[*].managedDisk.id","notlike":"*"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/5361f680-fa96-49ef-9be2-a58d8d797571","type":"Microsoft.Authorization/policyDefinitions","name":"5361f680-fa96-49ef-9be2-a58d8d797571"},{"properties":{"displayName":"Audit - allowed resource groups","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{"allowedResourceGroups":{"type":"Array","metadata":{"displayName":"Allowed - resource groups","description":"The list of allowed resource groups.","strongType":"existingResourceGroups"}}},"policyRule":{"if":{"not":{"field":"Tags.resourceGroup","in":"[parameters(''allowedResourceGroups'')]"}},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/72c0c41a-c752-4bc0-9c61-0d6adc567066","type":"Microsoft.Authorization/policyDefinitions","name":"72c0c41a-c752-4bc0-9c61-0d6adc567066"},{"properties":{"displayName":"OMS - workspace test","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{"omsWorkspace":{"type":"String","metadata":{"displayName":"OMS - Workspace","description":"The list of OMS Workspaces.","strongType":"omsWorkspace"}}},"policyRule":{"if":{"field":"location","equals":"[parameters(''omsWorkspace'')]"},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/9c1ba477-ff0c-41ea-8a5d-826c4ca18208","type":"Microsoft.Authorization/policyDefinitions","name":"9c1ba477-ff0c-41ea-8a5d-826c4ca18208"},{"properties":{"displayName":"test","policyType":"Custom","mode":"All","metadata":{},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources."}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/9e86943a-258f-4b19-9671-24ceaa5e306a","type":"Microsoft.Authorization/policyDefinitions","name":"9e86943a-258f-4b19-9671-24ceaa5e306a"},{"properties":{"displayName":"Carolyn - mg definition test1","policyType":"Custom","mode":"All","parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources."}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/a2c0414b-82e4-459d-97d5-94c79a89232c","type":"Microsoft.Authorization/policyDefinitions","name":"a2c0414b-82e4-459d-97d5-94c79a89232c"},{"properties":{"displayName":"Parameters - and allowed values","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{"locations":{"type":"Array","metadata":{"displayName":"Strong - type (no scope, array)","description":"The list of locations for resources.","strongType":"location"}},"location":{"type":"String","metadata":{"displayName":"Strong - type (no scope, string)","description":"The location for resources.","strongType":"location"}},"resourceGroups":{"type":"Array","metadata":{"displayName":"Strong - type (array)","description":"The list of resource groups.","strongType":"existingResourceGroups"}},"resourceGroup":{"type":"String","metadata":{"displayName":"Strong - type (string)","description":"The resource group.","strongType":"existingResourceGroups"}},"tags":{"type":"Array","metadata":{"displayName":"Non - strong type (array)","description":"The list of tags."}},"tag":{"type":"String","metadata":{"displayName":"Non - strong type (string)","description":"The tag."}},"allowedLocations":{"type":"Array","metadata":{"displayName":"Strong - type (no scope, array, av)","description":"The list of allowed locations for - resources.","strongType":"location"},"allowedValues":["eastus","westus","southus","eastus2","uksouth","japaneast","westcentralus","canadacentral","indiacentral"]},"allowedLocation":{"type":"String","metadata":{"displayName":"Strong - type (no scope, string, av)","description":"The allowed location for resources.","strongType":"location"},"allowedValues":["eastus","westus","southus","eastus2","uksouth","japaneast","westcentralus","canadacentral","indiacentral"]},"allowedStorageSkus":{"type":"Array","metadata":{"displayName":"Strong - type (array, av)","description":"The list of allowed storage SKUs for resources.","strongType":"storageSkus"},"allowedValues":["Standard_LRS","Standard_ZRS","Standard_GRS"]},"allowedStorageSku":{"type":"String","metadata":{"displayName":"Strong - type (string, av)","description":"The allowed storage SKU for resources.","strongType":"storageSkus"},"allowedValues":["Standard_LRS","Standard_ZRS","Standard_GRS"]},"allowedTags":{"type":"Array","metadata":{"displayName":"Non - strong type (array, av)","description":"The list of allowed tags."},"allowedValues":["FirstName","LastName","Age"]},"allowedTag":{"type":"String","metadata":{"displayName":"Non - strong type (string, av)","description":"The allowed tag."},"allowedValues":["FirstName","LastName","Age"]}},"policyRule":{"if":{"allOf":[{"field":"location","in":"[parameters(''locations'')]"},{"field":"location","equals":"[parameters(''location'')]"},{"field":"location","in":"[parameters(''resourceGroups'')]"},{"field":"location","equals":"[parameters(''resourceGroup'')]"},{"field":"location","in":"[parameters(''tags'')]"},{"field":"location","equals":"[parameters(''tag'')]"},{"field":"location","in":"[parameters(''allowedLocations'')]"},{"field":"location","equals":"[parameters(''allowedLocation'')]"},{"field":"location","in":"[parameters(''allowedStorageSkus'')]"},{"field":"location","equals":"[parameters(''allowedStorageSku'')]"},{"field":"location","in":"[parameters(''allowedTags'')]"},{"field":"location","equals":"[parameters(''allowedTag'')]"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/e6440295-d0ac-472b-949b-1cf289618198","type":"Microsoft.Authorization/policyDefinitions","name":"e6440295-d0ac-472b-949b-1cf289618198"}]}'} + or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Sql/servers/databases","Microsoft.Sql/managedinstances/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"sqlVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","type":"Microsoft.Authorization/policyDefinitions","name":"feedbf84-6b99-488c-acc2-71c829aa5ffc"},{"properties":{"displayName":"test_policy000004_new","policyType":"Custom","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"strongType":"location","description":"The + list of locations that can be specified when deploying resources","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000003"}]}'} headers: cache-control: [no-cache] - content-length: ['192788'] + content-length: ['217004'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:40:40 GMT'] + date: ['Tue, 27 Nov 2018 07:43:14 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -820,20 +979,21 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n --management-group] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET - uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/AzGovTest8/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002?api-version=2018-03-01 + uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003?api-version=2018-03-01 response: - body: {string: '{"properties":{"displayName":"test_policy000003_new","policyType":"Custom","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The - list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed - locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementgroups/AzGovTest8/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"}'} + body: {string: '{"properties":{"displayName":"test_policy000004_new","policyType":"Custom","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"strongType":"location","description":"The + list of locations that can be specified when deploying resources","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000003"}'} headers: cache-control: [no-cache] - content-length: ['718'] + content-length: ['738'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:40:40 GMT'] + date: ['Tue, 27 Nov 2018 07:43:14 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -850,20 +1010,21 @@ interactions: Connection: [keep-alive] Content-Length: ['0'] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n --management-group] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: DELETE - uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/AzGovTest8/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002?api-version=2018-03-01 + uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003?api-version=2018-03-01 response: - body: {string: '{"properties":{"displayName":"test_policy000003_new","policyType":"Custom","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The - list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed - locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementgroups/AzGovTest8/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"}'} + body: {string: '{"properties":{"displayName":"test_policy000004_new","policyType":"Custom","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"strongType":"location","description":"The + list of locations that can be specified when deploying resources","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000003"}'} headers: cache-control: [no-cache] - content-length: ['718'] + content-length: ['738'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:40:42 GMT'] + date: ['Tue, 27 Nov 2018 07:43:15 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -880,11 +1041,12 @@ interactions: CommandName: [policy definition list] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [--management-group] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET - uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/AzGovTest8/providers/Microsoft.Authorization/policyDefinitions?api-version=2018-03-01 + uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions?api-version=2018-03-01 response: body: {string: '{"value":[{"properties":{"displayName":"[Preview]: Deploy Log Analytics Agent for Linux VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy @@ -893,7 +1055,9 @@ interactions: Analytics workspace","description":"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant ''Log Analytics Contributor'' permissions (or similar) to the - policy assignment''s principal ID.","strongType":"omsWorkspace"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","sles-byos"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"OmsAgentForLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"OmsAgentForLinux","vmExtensionTypeHandlerVersion":"1.7"},"resources":[{"name":"[concat(parameters(''vmName''), + policy assignment''s principal ID.","strongType":"omsWorkspace"}},"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"OmsAgentForLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"OmsAgentForLinux","vmExtensionTypeHandlerVersion":"1.7"},"resources":[{"name":"[concat(parameters(''vmName''), ''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''), ''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''), ''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled @@ -907,7 +1071,7 @@ interactions: days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","type":"Microsoft.Authorization/policyDefinitions","name":"057ef27e-665e-4328-8ea3-04b3122bd9fb"},{"properties":{"displayName":"Audit SQL DB Level Audit Setting","policyType":"BuiltIn","mode":"All","description":"Audit DB level audit setting for SQL databases","metadata":{"category":"SQL","deprecated":true},"parameters":{"setting":{"type":"String","metadata":{"displayName":"Audit - Setting"},"allowedValues":["enabled","disabled"]}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers/databases"},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Sql/servers/databases/auditingSettings","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/auditingSettings.state","equals":"[parameters(''setting'')]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"Audit + Setting"},"allowedValues":["enabled","disabled"]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Sql/servers/databases/auditingSettings","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/auditingSettings.state","equals":"[parameters(''setting'')]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"Audit VMs that do not use managed disks","policyType":"BuiltIn","mode":"All","description":"This policy audits VMs that do not use managed disks","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/virtualMachines/osDisk.uri","exists":"True"}]},{"allOf":[{"field":"type","equals":"Microsoft.Compute/VirtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers","exists":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl","exists":"True"}]}]}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a4d"},{"properties":{"displayName":"[Preview]: Deploy Log Analytics Agent for Windows VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy @@ -916,7 +1080,9 @@ interactions: Analytics workspace","description":"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant ''Log Analytics Contributor'' permissions (or similar) to the - policy assignment''s principal ID.","strongType":"omsWorkspace"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"MicrosoftMonitoringAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"MicrosoftMonitoringAgent","vmExtensionTypeHandlerVersion":"1.0"},"resources":[{"name":"[concat(parameters(''vmName''), + policy assignment''s principal ID.","strongType":"omsWorkspace"}},"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + values: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"MicrosoftMonitoringAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"MicrosoftMonitoringAgent","vmExtensionTypeHandlerVersion":"1.0"},"resources":[{"name":"[concat(parameters(''vmName''), ''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''), ''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''), ''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled @@ -933,21 +1099,36 @@ interactions: that the resource location matches its resource group location","metadata":{"category":"General"},"policyRule":{"if":{"field":"location","notIn":["[resourcegroup().location]","global"]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a","type":"Microsoft.Authorization/policyDefinitions","name":"0a914e76-4921-4c19-b460-a2d36003525a"},{"properties":{"displayName":"[Preview]: Audit Dependency Agent Deployment - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the - agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","sles-byos"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.2-LTS","14.04.3-LTS","14.04.4-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","type":"Microsoft.Authorization/policyDefinitions","name":"11ac78e3-31bc-4f0c-8434-37ab963cea07"},{"properties":{"displayName":"[Preview]: + agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude_windows":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","type":"Microsoft.Authorization/policyDefinitions","name":"11ac78e3-31bc-4f0c-8434-37ab963cea07"},{"properties":{"displayName":"[Preview]: + Deploy VM extension to audit application inside Windows VMs must be present","policyType":"BuiltIn","mode":"Indexed","description":"Include + this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft + Azure Managed Service Identity, and required content to audit applications + inside Windows VMs must be present.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"installedApplication":{"type":"String","metadata":{"displayName":"Application + name (supports wildcard)","description":"Application name. Example: ''Microsoft + SQL Server 2014 (64-bit)'' or ''Microsoft SQL Server 2014*'' to match any + application starting with ''Microsoft SQL Server 2014''."}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"WhitelistedApplication","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"WhitelistedApplication"},"installedApplication":{"value":"[parameters(''installedApplication'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"installedApplication":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]bwhitelistedapp;Name","value":"[Parameters(''installedApplication'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), + ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6","type":"Microsoft.Authorization/policyDefinitions","name":"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6"},{"properties":{"displayName":"[Preview]: Deploy VM extension to audit Windows VM minimum password age 1 day","policyType":"BuiltIn","mode":"Indexed","description":"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password must be used before the user can change it.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"MinimumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"MinimumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"MinimumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"MinimumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","type":"Microsoft.Authorization/policyDefinitions","name":"16390df4-2f73-4b42-af13-c801066763df"},{"properties":{"displayName":"Audit transparent data encryption status","policyType":"BuiltIn","mode":"Indexed","description":"Audit transparent data encryption status for SQL databases","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers/databases"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"enabled"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"17k78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"[Preview]: + or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"enabled"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"17k78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"[Preview]: Deploy Dependency Agent for Windows VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined - and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentWindows"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentWindows","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''), + and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentWindows"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentWindows","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''), ''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04","type":"Microsoft.Authorization/policyDefinitions","name":"1c210e94-a481-4beb-95fa-1571b434fb04"},{"properties":{"displayName":"Audit use of classic virtual machines","policyType":"BuiltIn","mode":"All","description":"Use @@ -984,7 +1165,7 @@ interactions: Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the least number of characters that a password for a user account may contain.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"MinimumPasswordLength","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"MinimumPasswordLength"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"MinimumPasswordLength","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"MinimumPasswordLength"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","type":"Microsoft.Authorization/policyDefinitions","name":"23020aa6-1135-4be2-bae2-149982b06eca"},{"properties":{"displayName":"[Preview]: Audit Windows VM maximum password age 70 days","policyType":"BuiltIn","mode":"Indexed","description":"This @@ -1025,13 +1206,17 @@ interactions: is disabled.","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","type":"Microsoft.Authorization/policyDefinitions","name":"2d67222d-05fd-4526-a171-2ee132ad9e83"},{"properties":{"displayName":"[Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the - agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","sles-byos"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","type":"Microsoft.Authorization/policyDefinitions","name":"32133ab0-ee4b-4b44-98d6-042180979d50"},{"properties":{"displayName":"[Preview]: + agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude_windows":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","type":"Microsoft.Authorization/policyDefinitions","name":"32133ab0-ee4b-4b44-98d6-042180979d50"},{"properties":{"displayName":"[Preview]: Deploy VM extension to audit Linux VM accounts with no passwords","policyType":"BuiltIn","mode":"Indexed","description":"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies there are no accounts without passwords.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordPolicy_msid232","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordPolicy_msid232"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordPolicy_msid232","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordPolicy_msid232"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","type":"Microsoft.Authorization/policyDefinitions","name":"3470477a-b35a-49db-aca5-1073d04524fe"},{"properties":{"displayName":"Audit unrestricted network access to storage accounts","policyType":"BuiltIn","mode":"Indexed","description":"Audit @@ -1053,7 +1238,7 @@ interactions: Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password can be used before the system requires the user to change - it.","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"MaximumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"MaximumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + it.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"MaximumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"MaximumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","type":"Microsoft.Authorization/policyDefinitions","name":"356a906e-05e5-4625-8729-90771e0ee934"},{"properties":{"displayName":"Audit enablement of encryption of Automation account variables","policyType":"BuiltIn","mode":"All","description":"It @@ -1069,7 +1254,31 @@ interactions: Resource Manager based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.classicStorage/storageAccounts"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","type":"Microsoft.Authorization/policyDefinitions","name":"37e0d2fe-28a5-43d6-a273-67d37d1f5606"},{"properties":{"displayName":"Deploy + or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.classicStorage/storageAccounts"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","type":"Microsoft.Authorization/policyDefinitions","name":"37e0d2fe-28a5-43d6-a273-67d37d1f5606"},{"properties":{"displayName":"[Preview]: + Deploy Dependency Agent for Windows VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy + Dependency Agent for Windows VM Scale Sets if the VM Image (OS) is in the + list defined and the agent is not installed. Note: if your scale set upgradePolicy + is set to Manual, you need to apply the extension to the all VMs in the set + by calling upgrade on them. In CLI this would be az vmss update-instances.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"DependencyAgentWindows"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentWindows","vmExtensionTypeHandlerVersion":"9.7"},"resources":[{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","name":"[concat(parameters(''vmName''), + ''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled + extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9","type":"Microsoft.Authorization/policyDefinitions","name":"3be22e3b-d919-47aa-805e-8985dbeb0ad9"},{"properties":{"displayName":"[Preview]: + Deploy Log Analytics Agent for Windows VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy + Log Analytics Agent for Windows VM Scale Sets if the VM Image (OS) is in the + list defined and the agent is not installed. Note: if your scale set upgradePolicy + is set to Manual, you need to apply the extension to the all VMs in the set + by calling upgrade on them. In CLI this would be az vmss update-instances.","metadata":{"category":"Monitoring"},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log + Analytics workspace","description":"Select Log Analytics workspace from dropdown + list. If this workspace is outside of the scope of the assignment you must + manually grant ''Log Analytics Contributor'' permissions (or similar) to the + policy assignment''s principal ID.","strongType":"omsWorkspace"}},"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293","/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"MicrosoftMonitoringAgent"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"MicrosoftMonitoringAgent","vmExtensionTypeHandlerVersion":"1.0"},"resources":[{"name":"[concat(parameters(''vmName''), + ''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachineScaleSets/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''), + ''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''), + ''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled + extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038","type":"Microsoft.Authorization/policyDefinitions","name":"3c1b3629-c8f8-4bf6-862c-037cb9094038"},{"properties":{"displayName":"Deploy default Log Analytics Agent for Ubuntu VMs","policyType":"BuiltIn","mode":"Indexed","description":"This policy deploys the Log Analytics Agent on Ubuntu VMs, and connects to the selected Log Analytics workspace","metadata":{"category":"Compute","deprecated":true},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log @@ -1117,7 +1326,9 @@ interactions: parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71","type":"Microsoft.Authorization/policyDefinitions","name":"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71"},{"properties":{"displayName":"[Preview]: Deploy Dependency Agent for Linux VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined - and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.2-LTS","14.04.3-LTS","14.04.4-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","sles-byos"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentLinux","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''), + and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentLinux","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''), ''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee","type":"Microsoft.Authorization/policyDefinitions","name":"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee"},{"properties":{"displayName":"[Preview]: Audit maximum number of owners for a subscription","policyType":"BuiltIn","mode":"All","description":"It @@ -1131,13 +1342,39 @@ interactions: Audit Windows VM passwords must be at least 14 characters","policyType":"BuiltIn","mode":"Indexed","description":"This security setting determines the least number of characters that a password for a user account may contain.","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","type":"Microsoft.Authorization/policyDefinitions","name":"5aebc8d1-020d-4037-89a0-02043a7524ec"},{"properties":{"displayName":"[Preview]: + Audit Log Analytics Agent Deployment in VMSS - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports + VMSS as non-compliant if the VM Image (OS) is not in the list defined and + the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude_windows":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","type":"Microsoft.Authorization/policyDefinitions","name":"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138"},{"properties":{"displayName":"[Preview]: Audit external accounts with write permissions on a subscription","policyType":"BuiltIn","mode":"All","description":"External accounts with write privileges should be removed from your subscription in order to prevent unmonitored access.","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","type":"Microsoft.Authorization/policyDefinitions","name":"5c607a2e-c700-4744-8254-d77e7c9eb5e4"},{"properties":{"displayName":"Allow + or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","type":"Microsoft.Authorization/policyDefinitions","name":"5c607a2e-c700-4744-8254-d77e7c9eb5e4"},{"properties":{"displayName":"[Preview]: + Audit application inside Windows VMs must be present","policyType":"BuiltIn","mode":"Indexed","description":"This + policy will audit instances of applications running inside Windows virtual + machines, to verify that the application exists.","metadata":{"category":"Guest + Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WhitelistedApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9","type":"Microsoft.Authorization/policyDefinitions","name":"5e393799-e3ca-4e43-a9a5-0ec4648a57d9"},{"properties":{"displayName":"Allow resource creation only in India data centers","policyType":"BuiltIn","description":"Allows resource creation in the following locations only: West India, South India, Central India","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["westindia","southindia","centralindia"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54","type":"Microsoft.Authorization/policyDefinitions","name":"5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54"},{"properties":{"displayName":"[Preview]: + Deploy Log Analytics Agent for Linux VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy + Log Analytics Agent for Linux VM Scale Sets if the VM Image (OS) is in the + list defined and the agent is not installed. Note: if your scale set upgradePolicy + is set to Manual, you need to apply the extension to the all VMs in the set + by calling upgrade on them. In CLI this would be az vmss update-instances.","metadata":{"category":"Monitoring"},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log + Analytics workspace","description":"Select Log Analytics workspace from dropdown + list. If this workspace is outside of the scope of the assignment you must + manually grant ''Log Analytics Contributor'' permissions (or similar) to the + policy assignment''s principal ID.","strongType":"omsWorkspace"}},"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293","/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"OmsAgentForLinux"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"OmsAgentForLinux","vmExtensionTypeHandlerVersion":"1.7"},"resources":[{"name":"[concat(parameters(''vmName''), + ''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachineScaleSets/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''), + ''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''), + ''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled + extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069","type":"Microsoft.Authorization/policyDefinitions","name":"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069"},{"properties":{"displayName":"[Preview]: Audit external accounts with read permissions on a subscription","policyType":"BuiltIn","mode":"All","description":"External accounts with read privileges should be removed from your subscription in order to prevent unmonitored access.","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable @@ -1175,7 +1412,7 @@ interactions: Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the number of unique new passwords that have to be associated with a user account before an old - password can be reused.","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"EnforcePasswordHistory","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"EnforcePasswordHistory"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + password can be reused.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"EnforcePasswordHistory","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"EnforcePasswordHistory"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","type":"Microsoft.Authorization/policyDefinitions","name":"726671ac-c4de-4908-8c7d-6043ae62e3b6"},{"properties":{"displayName":"Allowed storage account SKUs","policyType":"BuiltIn","description":"This policy enables @@ -1191,7 +1428,16 @@ interactions: vulnerabilities detected by Vulnerability Assessment solution and VMs without a Vulnerability Assessment solution in Azure Security Center as recommendations.","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"vulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","type":"Microsoft.Authorization/policyDefinitions","name":"760a85ff-6162-42b3-8d70-698e268f648c"},{"properties":{"displayName":"Audit + or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"vulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","type":"Microsoft.Authorization/policyDefinitions","name":"760a85ff-6162-42b3-8d70-698e268f648c"},{"properties":{"displayName":"[Preview]: + Deploy Dependency Agent for Linux VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy + Dependency Agent for Linux VM Scale Sets if the VM Image (OS) is in the list + defined and the agent is not installed. Note: if your scale set upgradePolicy + is set to Manual, you need to apply the extension to the all VMs in the set + by calling upgrade on them. In CLI this would be az vmss update-instances.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentLinux","vmExtensionTypeHandlerVersion":"9.7"},"resources":[{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","name":"[concat(parameters(''vmName''), + ''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled + extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0","type":"Microsoft.Authorization/policyDefinitions","name":"765266ab-e40e-4c61-bcb2-5a5275d0b7c0"},{"properties":{"displayName":"Audit enabling of diagnostics logs in Service Fabric and Virtual Machine Scale Sets","policyType":"BuiltIn","mode":"Indexed","description":"It is recommended to enable Logs so that activity trail can be recreated when investigations are required in the event of an incident or a compromise.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable @@ -1204,7 +1450,7 @@ interactions: Azure Managed Service Identity, and required content to check settings inside the virtual machine. If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordMustMeetComplexityRequirements","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordMustMeetComplexityRequirements"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordMustMeetComplexityRequirements","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordMustMeetComplexityRequirements"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","type":"Microsoft.Authorization/policyDefinitions","name":"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8"},{"properties":{"displayName":"Audit diagnostic setting","policyType":"BuiltIn","mode":"All","description":"Audit @@ -1218,7 +1464,7 @@ interactions: retention (days)","description":"The required diagnostic logs retention in days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","type":"Microsoft.Authorization/policyDefinitions","name":"83a214f7-d01a-484b-91a9-ed54470c9a6a"},{"properties":{"displayName":"Deploy SQL DB transparent data encryption","policyType":"BuiltIn","mode":"Indexed","description":"Enables - transparent data encryption on SQL databases","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers/databases"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"fullDbName":{"type":"string"}},"resources":[{"name":"[concat(parameters(''fullDbName''), + transparent data encryption on SQL databases","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"fullDbName":{"type":"string"}},"resources":[{"name":"[concat(parameters(''fullDbName''), ''/current'')]","type":"Microsoft.Sql/servers/databases/transparentDataEncryption","apiVersion":"2014-04-01","properties":{"status":"Enabled"}}]},"parameters":{"fullDbName":{"value":"[field(''fullName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f","type":"Microsoft.Authorization/policyDefinitions","name":"86a912f6-9a06-4e26-b447-11b16ba8659f"},{"properties":{"displayName":"[Preview]: Monitor missing system updates in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Missing security system updates on your servers will be monitored by Azure Security @@ -1235,7 +1481,7 @@ interactions: Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines whether the operating system stores passwords using reversible encryption.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"StorePasswordsUsingReversibleEncryption","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"StorePasswordsUsingReversibleEncryption"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"StorePasswordsUsingReversibleEncryption","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"StorePasswordsUsingReversibleEncryption"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","type":"Microsoft.Authorization/policyDefinitions","name":"8ff0b18b-262e-4512-857a-48ad0aeb9a78"},{"properties":{"displayName":"[Preview]: Audit accounts with write permissions who are not MFA enabled on a subscription","policyType":"BuiltIn","mode":"All","description":"Multi-Factor @@ -1327,7 +1573,7 @@ interactions: Azure Managed Service Identity, and required content to audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"AuditSecureProtocol","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AuditSecureProtocol"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"AuditSecureProtocol","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AuditSecureProtocol"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","type":"Microsoft.Authorization/policyDefinitions","name":"b2fc8f91-866d-4434-9089-5ebfe38d6fd8"},{"properties":{"displayName":"Audit enabling of diagnostic logs for Search service","policyType":"BuiltIn","mode":"Indexed","description":"Audit @@ -1386,6 +1632,13 @@ interactions: which do not satisfy the configured baseline will be monitored by Azure Security Center as recommendations","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines","Microsoft.OperationalInsights/workspaces"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"osVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","type":"Microsoft.Authorization/policyDefinitions","name":"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15"},{"properties":{"displayName":"[Preview]: + Audit Dependency Agent Deployment in VMSS - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports + VMSS as non-compliant if the VM Image (OS) is not in the list defined and + the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude_windows":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10","type":"Microsoft.Authorization/policyDefinitions","name":"e2dd799a-a932-4e9d-ac17-d473bc3c6c10"},{"properties":{"displayName":"[Preview]: Audit accounts with read permissions who are not MFA enabled on a subscription","policyType":"BuiltIn","mode":"All","description":"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with read privileges to prevent a breach of accounts or resources.","metadata":{"category":"Security @@ -1414,7 +1667,7 @@ interactions: Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies remote connections from accounts - with empty passwords is disabled.","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordPolicy_msid110","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordPolicy_msid110"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + with empty passwords is disabled.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordPolicy_msid110","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordPolicy_msid110"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","type":"Microsoft.Authorization/policyDefinitions","name":"ec49586f-4939-402d-a29e-6ff502b20592"},{"properties":{"displayName":"[Preview]: Deploy VM extension to audit Linux VM passwd file permissions","policyType":"BuiltIn","mode":"Indexed","description":"Include @@ -1423,7 +1676,7 @@ interactions: the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordPolicy_msid121","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordPolicy_msid121"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordPolicy_msid121","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordPolicy_msid121"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","type":"Microsoft.Authorization/policyDefinitions","name":"f19aa1c1-6b91-4c27-ae6a-970279f03db9"},{"properties":{"displayName":"[Preview]: Audit Log Analytics Workspace for VM - Report Mismatch","policyType":"BuiltIn","mode":"Indexed","description":"Reports @@ -1477,83 +1730,145 @@ interactions: Monitor SQL vulnerability assessment results in Azure Security Center","policyType":"BuiltIn","mode":"Indexed","description":"Monitor Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Sql/servers/databases","Microsoft.Sql/managedinstances/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"sqlVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","type":"Microsoft.Authorization/policyDefinitions","name":"feedbf84-6b99-488c-acc2-71c829aa5ffc"},{"properties":{"displayName":"[cstack] - No-op policy","policyType":"Custom","mode":"All","description":"This policy - does nothing","metadata":{"category":"cstack"},"parameters":{},"policyRule":{"if":{"not":{"field":"name","like":"*"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest8/providers/Microsoft.Authorization/policyDefinitions/b485e1ef-eea6-4b69-8933-1ef6b08720a9","type":"Microsoft.Authorization/policyDefinitions","name":"b485e1ef-eea6-4b69-8933-1ef6b08720a9"},{"properties":{"policyType":"Custom","policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"True"}}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementgroups/AzGovTest8/providers/Microsoft.Authorization/policyDefinitions/test1","type":"Microsoft.Authorization/policyDefinitions","name":"test1"},{"properties":{"displayName":"jilim - mg no sub","policyType":"Custom","mode":"All","metadata":{},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources.","strongType":"location"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/51c286c0-25b6-4a16-b53b-208fd346d285","type":"Microsoft.Authorization/policyDefinitions","name":"51c286c0-25b6-4a16-b53b-208fd346d285"},{"properties":{"displayName":"sdfsfsdfsdfsdf","policyType":"Custom","mode":"All","metadata":{},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources.","strongType":"location"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/e1d7de9f-42f0-4af1-9ee0-0187bfce093e","type":"Microsoft.Authorization/policyDefinitions","name":"e1d7de9f-42f0-4af1-9ee0-0187bfce093e"},{"properties":{"displayName":"Azure - KeyVault Allowed Locations","policyType":"Custom","mode":"All","description":"Azure - KeyVault Allowed Locations","metadata":{"category":"Key Vault"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources.","strongType":"location"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest5/providers/Microsoft.Authorization/policyDefinitions/e1d7de9f-42f0-4af1-9ee0-0187bfce08d5","type":"Microsoft.Authorization/policyDefinitions","name":"e1d7de9f-42f0-4af1-9ee0-0187bfce08d5"},{"properties":{"displayName":"rohitbh - sql server threat detection","policyType":"Custom","mode":"all","metadata":{},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/securityAlertPolicies.state","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"serverName":{"type":"string"}},"variables":{},"resources":[{"name":"[concat(parameters(''serverName''), - ''/Default'')]","type":"Microsoft.Sql/servers/securityAlertPolicies","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","emailAccountAdmins":true}}]},"parameters":{"serverName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest3/providers/Microsoft.Authorization/policyDefinitions/99b560dc-8924-4ba4-8467-adf1fdf04660","type":"Microsoft.Authorization/policyDefinitions","name":"99b560dc-8924-4ba4-8467-adf1fdf04660"},{"properties":{"displayName":"Audit - storage account SKUs","policyType":"Custom","mode":"All","metadata":{"category":"Demo - 323"},"parameters":{"listOfAllowedSKUs":{"type":"Array","metadata":{"displayName":"Audited - skus","description":"The list of skus.","strongType":"storageSkus"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest3/providers/Microsoft.Authorization/policyDefinitions/ced9d1e5-109c-4e0b-a447-afbf649db203","type":"Microsoft.Authorization/policyDefinitions","name":"ced9d1e5-109c-4e0b-a447-afbf649db203"},{"properties":{"displayName":"Audit - virtual machines SKUs","policyType":"Custom","mode":"All","metadata":{"category":"Demo - 323"},"parameters":{"listOfAllowedSKUs":{"type":"Array","metadata":{"displayName":"List - Of Allowed SKUs","description":"The list of allowed locations for resources.","strongType":"vmSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"field":"Microsoft.Compute/virtualMachines/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest3/providers/Microsoft.Authorization/policyDefinitions/ced9d1e5-109c-4e0b-a447-afbf649db22a","type":"Microsoft.Authorization/policyDefinitions","name":"ced9d1e5-109c-4e0b-a447-afbf649db22a"},{"properties":{"displayName":"carolyn - location on mg test1","policyType":"Custom","mode":"All","parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources."}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/022d9357-5a90-46f7-9554-21d30ce4c32d","type":"Microsoft.Authorization/policyDefinitions","name":"022d9357-5a90-46f7-9554-21d30ce4c32d"},{"properties":{"displayName":"Paige - and Haishi say that Managed Disk is Required","policyType":"Custom","mode":"All","metadata":{},"parameters":{},"policyRule":{"if":{"allOf":[{"allOf":[{"field":"type","equals":"microsoft.compute/virtualmachines"},{"field":"Microsoft.Compute/virtualMachines/storageProfile.osDisk.managedDisk.id","equals":""}]},{"field":"tags.environment","equals":"Prod"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/0cd998fe-ceeb-43ae-b6ca-be6b9b093845","type":"Microsoft.Authorization/policyDefinitions","name":"0cd998fe-ceeb-43ae-b6ca-be6b9b093845"},{"properties":{"displayName":"Audit - East US location","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources.","strongType":"location"}}},"policyRule":{"if":{"field":"location","in":"[parameters(''allowedLocations'')]"},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/0f6988e2-f000-4793-b8ef-02ed2b8fa049","type":"Microsoft.Authorization/policyDefinitions","name":"0f6988e2-f000-4793-b8ef-02ed2b8fa049"},{"properties":{"displayName":"custom - allowed values","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources.","strongType":"location"},"allowedValues":["eastus","westus","southus"]},"allowedLocation":{"type":"String","metadata":{"displayName":"Allowed - location","description":"The allowed location for resources.","strongType":"location"},"allowedValues":["eastus","westus","southus"]},"allowedStorageSKUs":{"type":"Array","metadata":{"displayName":"Allowed - storage SKUs","description":"The list of allowed storage SKUs for resources.","strongType":"storageSkus"},"allowedValues":["Standard_LRS","Standard_ZRS","Standard_GRS"]},"allowedStorageSKU":{"type":"String","metadata":{"displayName":"Allowed - storage SKU","description":"The allowed storage SKU for resources.","strongType":"storageSkus"},"allowedValues":["Standard_LRS","Standard_ZRS","Standard_GRS"]},"allowedTags":{"type":"Array","metadata":{"displayName":"Allowed - tags","description":"The list of allowed tags."},"allowedValues":["FirstName","LastName","Age"]},"allowedTag":{"type":"String","metadata":{"displayName":"Allowed - tag","description":"The allowed tag."},"allowedValues":["FirstName","LastName","Age"]}},"policyRule":{"if":{"allOf":[{"field":"location","in":"[parameters(''allowedLocations'')]"},{"field":"location","equals":"[parameters(''allowedLocation'')]"},{"field":"location","in":"[parameters(''allowedStorageSkus'')]"},{"field":"location","equals":"[parameters(''allowedStorageSku'')]"},{"field":"location","in":"[parameters(''allowedTags'')]"},{"field":"location","equals":"[parameters(''allowedTag'')]"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/15ffe5ee-6e86-4ee6-96ca-20990f8c7202","type":"Microsoft.Authorization/policyDefinitions","name":"15ffe5ee-6e86-4ee6-96ca-20990f8c7202"},{"properties":{"displayName":"rohitbh: - Definition to be deleted.","policyType":"Custom","mode":"indexed","description":"This - policy will deploy a key vault named KV_B if a key vault named KV_A does not - exist.","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.KeyVault/vaults","existenceCondition":{"field":"name","equals":"KV_B"},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","resources":[{"apiVersion":"2016-10-01","name":"KV_A","type":"Microsoft.KeyVault/vaults","location":"eastus2","properties":{"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","sku":{"family":"A","name":"standard"},"accessPolicies":[]}}]}}}}}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/1a4d4a82-b0a9-4860-b066-a990a2d0116d","type":"Microsoft.Authorization/policyDefinitions","name":"1a4d4a82-b0a9-4860-b066-a990a2d0116d"},{"properties":{"displayName":"[Audit] - Test policy in MG","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources."}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/20929e43-ae09-4aac-b8ce-05a42434a1ec","type":"Microsoft.Authorization/policyDefinitions","name":"20929e43-ae09-4aac-b8ce-05a42434a1ec"},{"properties":{"displayName":"Audit - storage sku","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{"allowedStorageSKUs":{"type":"Array","metadata":{"displayName":"Storage - SKUs","description":"The list of storage SKUs.","strongType":"storageSkus"}},"allowedStorageSKU":{"type":"String","metadata":{"displayName":"Storage - SKU","description":"The storage SKU.","strongType":"storageSkus"}}},"policyRule":{"if":{"allOf":[{"field":"location","in":"[parameters(''allowedStorageSKUs'')]"},{"field":"location","equals":"[parameters(''allowedStorageSKU'')]"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/20929e43-ae09-4aac-b8ce-05a42434a9af","type":"Microsoft.Authorization/policyDefinitions","name":"20929e43-ae09-4aac-b8ce-05a42434a9af"},{"properties":{"displayName":"Enforce - tag and its value on resource groups","policyType":"Custom","mode":"All","description":"Enforces - a required tag and its value on resource groups.","metadata":{},"parameters":{"tagName":{"type":"String","metadata":{"description":"Name - of the tag, such as costCenter","strongType":"tagName"}},"tagValue":{"type":"String","metadata":{"description":"Value - of the tag, such as headquarter","strongType":"tagValue"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"not":{"field":"[concat(''tags['',parameters(''tagName''), - '']'')]","equals":"[parameters(''tagValue'')]"}}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/2730ec21-8461-41e9-b2ad-d218259d5027","type":"Microsoft.Authorization/policyDefinitions","name":"2730ec21-8461-41e9-b2ad-d218259d5027"},{"properties":{"displayName":"Audit - storage accounts open to all public network","policyType":"Custom","mode":"All","parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.defaultAction","notequals":"Deny"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/39ffa2bb-a9d5-436d-9a79-db5dd635e0f5","type":"Microsoft.Authorization/policyDefinitions","name":"39ffa2bb-a9d5-436d-9a79-db5dd635e0f5"},{"properties":{"displayName":"VMs - with no Managed Disk","policyType":"Custom","mode":"all","description":"Deny - all VMs with no Managed Disk","metadata":{"category":"General"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.compute/virtualmachines"},{"field":"Microsoft.Compute/virtualMachines/storageProfile.dataDisks[*].managedDisk.id","notlike":"*"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/5361f680-fa96-49ef-9be2-a58d8d797571","type":"Microsoft.Authorization/policyDefinitions","name":"5361f680-fa96-49ef-9be2-a58d8d797571"},{"properties":{"displayName":"Audit - allowed resource groups","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{"allowedResourceGroups":{"type":"Array","metadata":{"displayName":"Allowed - resource groups","description":"The list of allowed resource groups.","strongType":"existingResourceGroups"}}},"policyRule":{"if":{"not":{"field":"Tags.resourceGroup","in":"[parameters(''allowedResourceGroups'')]"}},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/72c0c41a-c752-4bc0-9c61-0d6adc567066","type":"Microsoft.Authorization/policyDefinitions","name":"72c0c41a-c752-4bc0-9c61-0d6adc567066"},{"properties":{"displayName":"OMS - workspace test","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{"omsWorkspace":{"type":"String","metadata":{"displayName":"OMS - Workspace","description":"The list of OMS Workspaces.","strongType":"omsWorkspace"}}},"policyRule":{"if":{"field":"location","equals":"[parameters(''omsWorkspace'')]"},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/9c1ba477-ff0c-41ea-8a5d-826c4ca18208","type":"Microsoft.Authorization/policyDefinitions","name":"9c1ba477-ff0c-41ea-8a5d-826c4ca18208"},{"properties":{"displayName":"test","policyType":"Custom","mode":"All","metadata":{},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources."}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/9e86943a-258f-4b19-9671-24ceaa5e306a","type":"Microsoft.Authorization/policyDefinitions","name":"9e86943a-258f-4b19-9671-24ceaa5e306a"},{"properties":{"displayName":"Carolyn - mg definition test1","policyType":"Custom","mode":"All","parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources."}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/a2c0414b-82e4-459d-97d5-94c79a89232c","type":"Microsoft.Authorization/policyDefinitions","name":"a2c0414b-82e4-459d-97d5-94c79a89232c"},{"properties":{"displayName":"Parameters - and allowed values","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{"locations":{"type":"Array","metadata":{"displayName":"Strong - type (no scope, array)","description":"The list of locations for resources.","strongType":"location"}},"location":{"type":"String","metadata":{"displayName":"Strong - type (no scope, string)","description":"The location for resources.","strongType":"location"}},"resourceGroups":{"type":"Array","metadata":{"displayName":"Strong - type (array)","description":"The list of resource groups.","strongType":"existingResourceGroups"}},"resourceGroup":{"type":"String","metadata":{"displayName":"Strong - type (string)","description":"The resource group.","strongType":"existingResourceGroups"}},"tags":{"type":"Array","metadata":{"displayName":"Non - strong type (array)","description":"The list of tags."}},"tag":{"type":"String","metadata":{"displayName":"Non - strong type (string)","description":"The tag."}},"allowedLocations":{"type":"Array","metadata":{"displayName":"Strong - type (no scope, array, av)","description":"The list of allowed locations for - resources.","strongType":"location"},"allowedValues":["eastus","westus","southus","eastus2","uksouth","japaneast","westcentralus","canadacentral","indiacentral"]},"allowedLocation":{"type":"String","metadata":{"displayName":"Strong - type (no scope, string, av)","description":"The allowed location for resources.","strongType":"location"},"allowedValues":["eastus","westus","southus","eastus2","uksouth","japaneast","westcentralus","canadacentral","indiacentral"]},"allowedStorageSkus":{"type":"Array","metadata":{"displayName":"Strong - type (array, av)","description":"The list of allowed storage SKUs for resources.","strongType":"storageSkus"},"allowedValues":["Standard_LRS","Standard_ZRS","Standard_GRS"]},"allowedStorageSku":{"type":"String","metadata":{"displayName":"Strong - type (string, av)","description":"The allowed storage SKU for resources.","strongType":"storageSkus"},"allowedValues":["Standard_LRS","Standard_ZRS","Standard_GRS"]},"allowedTags":{"type":"Array","metadata":{"displayName":"Non - strong type (array, av)","description":"The list of allowed tags."},"allowedValues":["FirstName","LastName","Age"]},"allowedTag":{"type":"String","metadata":{"displayName":"Non - strong type (string, av)","description":"The allowed tag."},"allowedValues":["FirstName","LastName","Age"]}},"policyRule":{"if":{"allOf":[{"field":"location","in":"[parameters(''locations'')]"},{"field":"location","equals":"[parameters(''location'')]"},{"field":"location","in":"[parameters(''resourceGroups'')]"},{"field":"location","equals":"[parameters(''resourceGroup'')]"},{"field":"location","in":"[parameters(''tags'')]"},{"field":"location","equals":"[parameters(''tag'')]"},{"field":"location","in":"[parameters(''allowedLocations'')]"},{"field":"location","equals":"[parameters(''allowedLocation'')]"},{"field":"location","in":"[parameters(''allowedStorageSkus'')]"},{"field":"location","equals":"[parameters(''allowedStorageSku'')]"},{"field":"location","in":"[parameters(''allowedTags'')]"},{"field":"location","equals":"[parameters(''allowedTag'')]"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/e6440295-d0ac-472b-949b-1cf289618198","type":"Microsoft.Authorization/policyDefinitions","name":"e6440295-d0ac-472b-949b-1cf289618198"}]}'} + or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Sql/servers/databases","Microsoft.Sql/managedinstances/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"sqlVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","type":"Microsoft.Authorization/policyDefinitions","name":"feedbf84-6b99-488c-acc2-71c829aa5ffc"}]}'} + headers: + cache-control: [no-cache] + content-length: ['216265'] + content-type: [application/json; charset=utf-8] + date: ['Tue, 27 Nov 2018 07:43:27 GMT'] + expires: ['-1'] + pragma: [no-cache] + strict-transport-security: [max-age=31536000; includeSubDomains] + transfer-encoding: [chunked] + vary: ['Accept-Encoding,Accept-Encoding'] + x-content-type-options: [nosniff] + status: {code: 200, message: OK} +- request: + body: null + headers: + Accept: [application/json] + Accept-Encoding: ['gzip, deflate'] + CommandName: [account management-group delete] + Connection: [keep-alive] + Content-Length: ['0'] + Content-Type: [application/json; charset=utf-8] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 resourcemanagementclient/2.0.0 Azure-SDK-For-Python + AZURECLI/2.0.52] + accept-language: [en-US] + method: POST + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Management/register?api-version=2018-05-01 + response: + body: {string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Management","namespace":"Microsoft.Management","authorization":{"applicationId":"f2c304cf-8e7e-4c3f-8164-16299ad9d272","roleDefinitionId":"c1cf3708-588a-4647-be7f-f400bbe214cf"},"resourceTypes":[{"resourceType":"resources","locations":[],"apiVersions":["2017-11-01-preview","2017-08-31-preview","2017-06-30-preview","2017-05-31-preview"]},{"resourceType":"managementGroups","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview","2017-11-01-preview","2017-08-31-preview","2017-06-30-preview","2017-05-31-preview"]},{"resourceType":"getEntities","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview"]},{"resourceType":"checkNameAvailability","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview"]},{"resourceType":"operationResults","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview","2017-11-01-preview","2017-08-31-preview","2017-06-30-preview","2017-05-31-preview"]},{"resourceType":"tenantBackfillStatus","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta"]},{"resourceType":"startTenantBackfill","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta"]}],"registrationState":"Registered"}'} + headers: + cache-control: [no-cache] + content-length: ['1468'] + content-type: [application/json; charset=utf-8] + date: ['Tue, 27 Nov 2018 07:43:29 GMT'] + expires: ['-1'] + pragma: [no-cache] + strict-transport-security: [max-age=31536000; includeSubDomains] + transfer-encoding: [chunked] + vary: [Accept-Encoding] + x-content-type-options: [nosniff] + x-ms-ratelimit-remaining-subscription-writes: ['1199'] + status: {code: 200, message: OK} +- request: + body: null + headers: + Accept: [application/json] + Accept-Encoding: ['gzip, deflate'] + CommandName: [account management-group delete] + Connection: [keep-alive] + Content-Type: [application/json; charset=utf-8] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 resourcemanagementclient/2.0.0 Azure-SDK-For-Python + AZURECLI/2.0.52] + accept-language: [en-US] + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Management?api-version=2018-05-01 + response: + body: {string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Management","namespace":"Microsoft.Management","authorization":{"applicationId":"f2c304cf-8e7e-4c3f-8164-16299ad9d272","roleDefinitionId":"c1cf3708-588a-4647-be7f-f400bbe214cf"},"resourceTypes":[{"resourceType":"resources","locations":[],"apiVersions":["2017-11-01-preview","2017-08-31-preview","2017-06-30-preview","2017-05-31-preview"]},{"resourceType":"managementGroups","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview","2017-11-01-preview","2017-08-31-preview","2017-06-30-preview","2017-05-31-preview"]},{"resourceType":"getEntities","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview"]},{"resourceType":"checkNameAvailability","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview"]},{"resourceType":"operationResults","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview","2017-11-01-preview","2017-08-31-preview","2017-06-30-preview","2017-05-31-preview"]},{"resourceType":"tenantBackfillStatus","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta"]},{"resourceType":"startTenantBackfill","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta"]}],"registrationState":"Registered"}'} + headers: + cache-control: [no-cache] + content-length: ['1468'] + content-type: [application/json; charset=utf-8] + date: ['Tue, 27 Nov 2018 07:43:39 GMT'] + expires: ['-1'] + pragma: [no-cache] + strict-transport-security: [max-age=31536000; includeSubDomains] + vary: [Accept-Encoding] + x-content-type-options: [nosniff] + status: {code: 200, message: OK} +- request: + body: null + headers: + Accept: [application/json] + Accept-Encoding: ['gzip, deflate'] + Cache-Control: [no-cache] + CommandName: [account management-group delete] + Connection: [keep-alive] + Content-Length: ['0'] + Content-Type: [application/json; charset=utf-8] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 azure-mgmt-managementgroups/0.1.0 Azure-SDK-For-Python + AZURECLI/2.0.52] + accept-language: [en-US] + method: DELETE + uri: https://management.azure.com/providers/Microsoft.Management/managementGroups/cli-test-mgmt-group000002?api-version=2018-03-01-preview + response: + body: {string: '{"id":"/providers/Microsoft.Management/managementGroups/cli-test-mgmt-group000002","type":"/providers/Microsoft.Management/managementGroups","name":"cli-test-mgmt-group000002","status":"NotStarted"}'} + headers: + cache-control: [no-cache] + content-length: ['208'] + content-type: [application/json; charset=utf-8] + date: ['Tue, 27 Nov 2018 07:43:41 GMT'] + expires: ['-1'] + location: ['https://management.azure.com/providers/Microsoft.Management/operationResults/delete/managementGroups/cli-test-mgmt-group000002?api-version=2018-03-01-preview'] + pragma: [no-cache] + request-id: [d0776ea5-ac3e-4d1e-8438-d68d91a4b865] + server: [Microsoft-IIS/8.5] + strict-transport-security: [max-age=31536000; includeSubDomains] + x-aspnet-version: [4.0.30319] + x-ba-restapi: [1.0.3.1223] + x-content-type-options: [nosniff] + x-ms-ratelimit-remaining-tenant-writes: ['1199'] + x-powered-by: [ASP.NET] + status: {code: 202, message: Accepted} +- request: + body: null + headers: + Accept: [application/json] + Accept-Encoding: ['gzip, deflate'] + CommandName: [account management-group delete] + Connection: [keep-alive] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 azure-mgmt-managementgroups/0.1.0 Azure-SDK-For-Python + AZURECLI/2.0.52] + method: GET + uri: https://management.azure.com/providers/Microsoft.Management/operationResults/delete/managementGroups/cli-test-mgmt-group000002?api-version=2018-03-01-preview + response: + body: {string: '{"id":"/providers/Microsoft.Management/managementGroups/cli-test-mgmt-group000002","type":"/providers/Microsoft.Management/managementGroups","name":"cli-test-mgmt-group000002","status":"Succeeded"}'} headers: cache-control: [no-cache] - content-length: ['192069'] + content-length: ['207'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:40:53 GMT'] + date: ['Tue, 27 Nov 2018 07:43:52 GMT'] expires: ['-1'] pragma: [no-cache] + request-id: [afe525a3-3de4-4042-95e9-db53dea2a0e9] + server: [Microsoft-IIS/8.5] strict-transport-security: [max-age=31536000; includeSubDomains] transfer-encoding: [chunked] vary: ['Accept-Encoding,Accept-Encoding'] + x-aspnet-version: [4.0.30319] + x-ba-restapi: [1.0.3.1223] x-content-type-options: [nosniff] + x-powered-by: [ASP.NET] status: {code: 200, message: OK} - request: body: null @@ -1564,9 +1879,10 @@ interactions: Connection: [keep-alive] Content-Length: ['0'] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 + ParameterSetName: [--name --yes --no-wait] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 msrest_azure/0.4.34 resourcemanagementclient/2.0.0 Azure-SDK-For-Python - AZURECLI/2.0.48] + AZURECLI/2.0.52] accept-language: [en-US] method: DELETE uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_policy_management_group000001?api-version=2018-05-01 @@ -1575,9 +1891,9 @@ interactions: headers: cache-control: [no-cache] content-length: ['0'] - date: ['Mon, 22 Oct 2018 19:40:53 GMT'] + date: ['Tue, 27 Nov 2018 07:43:54 GMT'] expires: ['-1'] - location: ['https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/operationresults/eyJqb2JJZCI6IlJFU09VUkNFR1JPVVBERUxFVElPTkpPQi1DTEk6NUZURVNUOjVGUE9MSUNZOjVGTUFOQUdFTUVOVDo1RkdST1VQMzdVVkxUSnw3NUI5QUQxQUYwMUJCNDNFLVdFU1RVUyIsImpvYkxvY2F0aW9uIjoid2VzdHVzIn0?api-version=2018-05-01'] + location: ['https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/operationresults/eyJqb2JJZCI6IlJFU09VUkNFR1JPVVBERUxFVElPTkpPQi1DTEk6NUZURVNUOjVGUE9MSUNZOjVGTUFOQUdFTUVOVDo1RkdST1VQTDdSR1hBNnw2NUVCRDhGRUNDRTBEMDNDLVdFU1RVUyIsImpvYkxvY2F0aW9uIjoid2VzdHVzIn0?api-version=2018-05-01'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] x-content-type-options: [nosniff] diff --git a/src/command_modules/azure-cli-resource/azure/cli/command_modules/resource/tests/latest/recordings/test_resource_policyset_default.yaml b/src/command_modules/azure-cli-resource/azure/cli/command_modules/resource/tests/latest/recordings/test_resource_policyset_default.yaml index 69fe26fe9bc..d34e1a72fc0 100644 --- a/src/command_modules/azure-cli-resource/azure/cli/command_modules/resource/tests/latest/recordings/test_resource_policyset_default.yaml +++ b/src/command_modules/azure-cli-resource/azure/cli/command_modules/resource/tests/latest/recordings/test_resource_policyset_default.yaml @@ -1,7 +1,7 @@ interactions: - request: - body: '{"location": "westus", "tags": {"product": "azurecli", "cause": "automation", - "date": "2018-10-22T19:37:48Z"}}' + body: '{"tags": {"date": "2018-11-27T05:04:44Z", "product": "azurecli", "cause": + "automation"}, "location": "westus"}' headers: Accept: [application/json] Accept-Encoding: ['gzip, deflate'] @@ -9,19 +9,20 @@ interactions: Connection: [keep-alive] Content-Length: ['110'] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 + ParameterSetName: [--location --name --tag] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 msrest_azure/0.4.34 resourcemanagementclient/2.0.0 Azure-SDK-For-Python - AZURECLI/2.0.48] + AZURECLI/2.0.52] accept-language: [en-US] method: PUT uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_policyset000001?api-version=2018-05-01 response: - body: {string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policyset000001","name":"cli_test_policyset000001","location":"westus","tags":{"product":"azurecli","cause":"automation","date":"2018-10-22T19:37:48Z"},"properties":{"provisioningState":"Succeeded"}}'} + body: {string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policyset000001","name":"cli_test_policyset000001","location":"westus","tags":{"date":"2018-11-27T05:04:44Z","product":"azurecli","cause":"automation"},"properties":{"provisioningState":"Succeeded"}}'} headers: cache-control: [no-cache] content-length: ['384'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:37:53 GMT'] + date: ['Tue, 27 Nov 2018 05:04:46 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -29,11 +30,11 @@ interactions: x-ms-ratelimit-remaining-subscription-writes: ['1199'] status: {code: 201, message: Created} - request: - body: 'b''{"properties": {"displayName": "test_policy000003", "description": "desc_for_test_policy_123", - "policyRule": {"if": {"not": {"field": "location", "in": "[parameters(\''allowedLocations\'')]"}}, - "then": {"effect": "deny"}}, "parameters": {"allowedLocations": {"type": "array", - "metadata": {"description": "The list of locations that can be specified when - deploying resources", "strongType": "location", "displayName": "Allowed locations"}}}}}''' + body: 'b''{"properties": {"policyRule": {"if": {"not": {"in": "[parameters(\''allowedLocations\'')]", + "field": "location"}}, "then": {"effect": "deny"}}, "description": "desc_for_test_policy_123", + "parameters": {"allowedLocations": {"metadata": {"strongType": "location", "description": + "The list of locations that can be specified when deploying resources", "displayName": + "Allowed locations"}, "type": "array"}}, "displayName": "test_policy000003"}}''' headers: Accept: [application/json] Accept-Encoding: ['gzip, deflate'] @@ -41,20 +42,21 @@ interactions: Connection: [keep-alive] Content-Length: ['440'] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n --rules --params --display-name --description] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: PUT uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002?api-version=2018-03-01 response: - body: {string: '{"properties":{"displayName":"test_policy000003","policyType":"Custom","description":"desc_for_test_policy_123","parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The - list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed - locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"}'} + body: {string: '{"properties":{"displayName":"test_policy000003","policyType":"Custom","description":"desc_for_test_policy_123","parameters":{"allowedLocations":{"type":"Array","metadata":{"strongType":"location","description":"The + list of locations that can be specified when deploying resources","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"in":"[parameters(''allowedLocations'')]","field":"location"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"}'} headers: cache-control: [no-cache] content-length: ['670'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:37:56 GMT'] + date: ['Tue, 27 Nov 2018 05:04:48 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -62,11 +64,9 @@ interactions: x-ms-ratelimit-remaining-subscription-writes: ['1199'] status: {code: 201, message: Created} - request: - body: 'b''b\''{"properties": {"displayName": "test_policyset000005", "description": - "desc_for_test_policyset_123", "policyDefinitions": [{"policyDefinitionId": - "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002", + body: 'b''b\''{"properties": {"policyDefinitions": [{"policyDefinitionId": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002", "parameters": {"allowedLocations": {"value": ["australiaeast", "eastus", "japaneast", - "westus"]}}}]}}\''''' + "westus"]}}}], "displayName": "test_policyset000005", "description": "desc_for_test_policyset_123"}}\''''' headers: Accept: [application/json] Accept-Encoding: ['gzip, deflate'] @@ -74,18 +74,19 @@ interactions: Connection: [keep-alive] Content-Length: ['385'] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n --definitions --display-name --description] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: PUT uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000004?api-version=2018-03-01 response: - body: {string: '{"properties":{"displayName":"test_policyset000005","policyType":"Custom","description":"desc_for_test_policyset_123","policyDefinitions":[{"policyDefinitionReferenceId":"4247430667449036087","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000004","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000004"}'} + body: {string: '{"properties":{"displayName":"test_policyset000005","policyType":"Custom","description":"desc_for_test_policyset_123","policyDefinitions":[{"policyDefinitionReferenceId":"900353541108509014","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000004","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000004"}'} headers: cache-control: [no-cache] - content-length: ['684'] + content-length: ['683'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:37:57 GMT'] + date: ['Tue, 27 Nov 2018 05:04:49 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -100,18 +101,19 @@ interactions: CommandName: [policy set-definition update] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n --display-name --description] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000004?api-version=2018-03-01 response: - body: {string: '{"properties":{"displayName":"test_policyset000005","policyType":"Custom","description":"desc_for_test_policyset_123","policyDefinitions":[{"policyDefinitionReferenceId":"4247430667449036087","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000004","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000004"}'} + body: {string: '{"properties":{"displayName":"test_policyset000005","policyType":"Custom","description":"desc_for_test_policyset_123","policyDefinitions":[{"policyDefinitionReferenceId":"900353541108509014","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000004","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000004"}'} headers: cache-control: [no-cache] - content-length: ['684'] + content-length: ['683'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:37:57 GMT'] + date: ['Tue, 27 Nov 2018 05:04:50 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -120,11 +122,9 @@ interactions: x-content-type-options: [nosniff] status: {code: 200, message: OK} - request: - body: 'b''b\''{"properties": {"displayName": "test_policyset000005_new", "description": - "desc_for_test_policyset_123_new", "policyDefinitions": [{"policyDefinitionId": - "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002", + body: 'b''b\''{"properties": {"policyDefinitions": [{"policyDefinitionId": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002", "parameters": {"allowedLocations": {"value": ["australiaeast", "eastus", "japaneast", - "westus"]}}}]}}\''''' + "westus"]}}}], "displayName": "test_policyset000005_new", "description": "desc_for_test_policyset_123_new"}}\''''' headers: Accept: [application/json] Accept-Encoding: ['gzip, deflate'] @@ -132,18 +132,19 @@ interactions: Connection: [keep-alive] Content-Length: ['393'] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n --display-name --description] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: PUT uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000004?api-version=2018-03-01 response: - body: {string: '{"properties":{"displayName":"test_policyset000005_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","policyDefinitions":[{"policyDefinitionReferenceId":"4247430667449036087","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000004","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000004"}'} + body: {string: '{"properties":{"displayName":"test_policyset000005_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","policyDefinitions":[{"policyDefinitionReferenceId":"900353541108509014","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000004","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000004"}'} headers: cache-control: [no-cache] - content-length: ['692'] + content-length: ['691'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:37:59 GMT'] + date: ['Tue, 27 Nov 2018 05:04:51 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -160,8 +161,8 @@ interactions: CommandName: [policy set-definition list] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions?api-version=2018-03-01 @@ -292,6 +293,12 @@ interactions: disable the monitoring of external acounts with write permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor remove external accounts with read permissions","description":"Enable or disable the monitoring of external acounts with read permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"diagnosticsLogsInServiceFabricMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"accessRulesInEventHubNamespaceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7","parameters":{"effect":{"value":"[parameters(''accessRulesInEventHubNamespaceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"accessRulesInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d","parameters":{"effect":{"value":"[parameters(''accessRulesInEventHubMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''disableUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"useRbacRulesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{"effect":{"value":"[parameters(''useRbacRulesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInStreamAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"secureTransferToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''secureTransferToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInSqlServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInSqlServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"namespaceAuthorizationRulesInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","parameters":{"effect":{"value":"[parameters(''namespaceAuthorizationRulesInServiceBusMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceBusMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInServiceBusRetentionDays'')]"}}},{"policyDefinitionReferenceId":"clusterProtectionLevelInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{"effect":{"value":"[parameters(''clusterProtectionLevelInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSearchServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSearchServiceMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInSearchServiceRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInRedisCacheMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInRedisCacheMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInLogicAppsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInLogicAppsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInLogicAppsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInKeyVaultMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInKeyVaultMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInKeyVaultRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInEventHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInEventHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeStoreMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"classicStorageAccountsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{"effect":{"value":"[parameters(''classicStorageAccountsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"classicComputeVMsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{"effect":{"value":"[parameters(''classicComputeVMsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"metricAlertsInBatchAccountPoolDeleteStart","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7","parameters":{"effect":{"value":"[parameters(''metricAlertsInBatchAccountMonitoringEffect'')]"},"metricName":{"value":"PoolDeleteStartEvent"}}},{"policyDefinitionReferenceId":"metricAlertsInBatchAccountPoolDeleteComplete","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7","parameters":{"effect":{"value":"[parameters(''metricAlertsInBatchAccountMonitoringEffect'')]"},"metricName":{"value":"PoolDeleteCompleteEvent"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInBatchAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInBatchAccountMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInBatchAccountRetentionDays'')]"}}},{"policyDefinitionReferenceId":"encryptionOfAutomationAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{"effect":{"value":"[parameters(''encryptionOfAutomationAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInAppServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInAppServiceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''sqlDbEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAuditingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16","parameters":{"effect":{"value":"[parameters(''sqlEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlAuditingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d","parameters":{"effect":{"value":"[parameters(''sqlAuditingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"storageEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759","parameters":{"effect":{"value":"[parameters(''storageEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"jitNetworkAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''jitNetworkAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemConfigurationsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{"effect":{"value":"[parameters(''systemConfigurationsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"endpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{"effect":{"value":"[parameters(''endpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webApplicationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{"effect":{"value":"[parameters(''webApplicationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"nextGenerationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{"effect":{"value":"[parameters(''nextGenerationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{"effect":{"value":"[parameters(''sqlDbVulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateLessThanOwnersMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{"effect":{"value":"[parameters(''identityDesignateLessThanOwnersMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateMoreThanOneOwnerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{"effect":{"value":"[parameters(''identityDesignateMoreThanOneOwnerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithReadPermissionsMonitoringEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8","type":"Microsoft.Authorization/policySetDefinitions","name":"1f3afdf9-d0c9-4c3d-847f-89da613e70a8"},{"properties":{"displayName":"[Preview]: + Audit applications inside Windows VMs","policyType":"BuiltIn","description":"http://aka.ms/gcpol. + This initiative will both deploy the VM extension and audit applications inside + Windows VMs.","metadata":{"category":"Guest Configuration"},"parameters":{"installedApplication":{"type":"String","metadata":{"displayName":"Application + name (supports wildcard)","description":"Application name. Example: ''Microsoft + SQL Server 2014 (64-bit)'' or ''Microsoft SQL Server 2014*'' to match any + application starting with ''Microsoft SQL Server 2014''."}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_InstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6","parameters":{"installedApplication":{"value":"[parameters(''installedApplication'')]"}}},{"policyDefinitionReferenceId":"Audit_InstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/25ef9b72-4af2-4501-acd1-fc814e73dde1","type":"Microsoft.Authorization/policySetDefinitions","name":"25ef9b72-4af2-4501-acd1-fc814e73dde1"},{"properties":{"displayName":"[Preview]: Audit Password security settings inside Linux and Windows virtual machines","policyType":"BuiltIn","description":"http://aka.ms/gcpol. This policy will audit password security settings inside Linux and Windows virtual machines. For a list of individual settings, please follow the aka.ms @@ -302,39 +309,37 @@ interactions: Analytics workspace","description":"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant ''Log Analytics Contributor'' permissions (or similar) to the - policy assignment''s principal ID.","strongType":"omsWorkspace"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"LogAnalyticsExtension_Windows_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c","parameters":{"logAnalytics":{"value":"[parameters(''logAnalytics_1'')]"}}},{"policyDefinitionReferenceId":"LogAnalyticsExtension_Linux_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77","parameters":{"logAnalytics":{"value":"[parameters(''logAnalytics_1'')]"}}},{"policyDefinitionReferenceId":"DependencyAgentExtension_Windows_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04","parameters":{}},{"policyDefinitionReferenceId":"DependencyAgentExtension_Linux_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee","parameters":{}},{"policyDefinitionReferenceId":"LogAnalytics_OSImage_Audit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"DependencyAgent_OSImage_Audit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/55f3eceb-5573-4f18-9695-226972c6d74a","type":"Microsoft.Authorization/policySetDefinitions","name":"55f3eceb-5573-4f18-9695-226972c6d74a"},{"properties":{"displayName":"[Preview]: + policy assignment''s principal ID.","strongType":"omsWorkspace"}},"listOfImageIdToInclude_windows":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyDefinitions":[{"policyDefinitionReferenceId":"LogAnalyticsExtension_Windows_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c","parameters":{"logAnalytics":{"value":"[parameters(''logAnalytics_1'')]"},"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"}}},{"policyDefinitionReferenceId":"LogAnalyticsExtension_Linux_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77","parameters":{"logAnalytics":{"value":"[parameters(''logAnalytics_1'')]"},"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}}},{"policyDefinitionReferenceId":"DependencyAgentExtension_Windows_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04","parameters":{"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"}}},{"policyDefinitionReferenceId":"DependencyAgentExtension_Linux_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee","parameters":{"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}}},{"policyDefinitionReferenceId":"LogAnalytics_OSImage_Audit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}}},{"policyDefinitionReferenceId":"DependencyAgent_OSImage_Audit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/55f3eceb-5573-4f18-9695-226972c6d74a","type":"Microsoft.Authorization/policySetDefinitions","name":"55f3eceb-5573-4f18-9695-226972c6d74a"},{"properties":{"displayName":"[Preview]: + Enable Azure Monitor for VM Scale Sets (VMSS)","policyType":"BuiltIn","description":"Enable + Azure Monitor for the VM Scale Sets in the specified scope (Management group, + Subscription or resource group). Takes Log Analytics workspace as parameter. + Note: if your scale set upgradePolicy is set to Manual, you need to apply + the extension to the all VMs in the set by calling upgrade on them. In CLI + this would be az vmss update-instances.","metadata":{"category":"Monitoring"},"parameters":{"logAnalytics_1":{"type":"String","metadata":{"displayName":"Log + Analytics workspace","description":"Select Log Analytics workspace from dropdown + list. If this workspace is outside of the scope of the assignment you must + manually grant ''Log Analytics Contributor'' permissions (or similar) to the + policy assignment''s principal ID.","strongType":"omsWorkspace"}},"listOfImageIdToInclude_windows":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyDefinitions":[{"policyDefinitionReferenceId":"LogAnalyticsExtension_Windows_VMSS_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038","parameters":{"logAnalytics":{"value":"[parameters(''logAnalytics_1'')]"},"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"}}},{"policyDefinitionReferenceId":"LogAnalyticsExtension_Linux_VMSS_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069","parameters":{"logAnalytics":{"value":"[parameters(''logAnalytics_1'')]"},"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}}},{"policyDefinitionReferenceId":"DependencyAgentExtension_Windows_VMSS_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9","parameters":{"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"}}},{"policyDefinitionReferenceId":"DependencyAgentExtension_Linux_VMSS_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0","parameters":{"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}}},{"policyDefinitionReferenceId":"LogAnalytics_OSImage_VMSS_Audit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}}},{"policyDefinitionReferenceId":"DependencyAgent_OSImage_VMSS_Audit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/75714362-cae7-409e-9b99-a8e5075b7fad","type":"Microsoft.Authorization/policySetDefinitions","name":"75714362-cae7-409e-9b99-a8e5075b7fad"},{"properties":{"displayName":"[Preview]: Audit web server security settings inside Windows VMs","policyType":"BuiltIn","description":"http://aka.ms/gcpol. This initiative will both deploy the VM extension and audit web server security settings inside Windows VMs.","metadata":{"category":"Guest Configuration"},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_WindowsTLS","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8"},{"policyDefinitionReferenceId":"Audit_WindowsTLS","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/8bc55e6b-e9d5-4266-8dac-f688d151ec9c","type":"Microsoft.Authorization/policySetDefinitions","name":"8bc55e6b-e9d5-4266-8dac-f688d151ec9c"},{"properties":{"displayName":"[Preview]: Enable Data Protection Suite","policyType":"BuiltIn","description":"Enable data protection for SQL servers. This initiative is assigned automatically by Azure Security Center Standard Tier.","metadata":{"category":"Security - Center"},"parameters":{},"policyDefinitions":[{"policyDefinitionReferenceId":"deployThreatDetectionOnSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97","type":"Microsoft.Authorization/policySetDefinitions","name":"9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97"},{"properties":{"displayName":"Enforce - VM Port Lockdown","policyType":"Custom","description":"Enforces that specific - port ranges have access restricted to either CorpNet or SAW (depending on - source IP range chosen during assignment)","metadata":{"category":"Port Lockdown","parameterScopes":{"access":"/subscriptions/00000000-0000-0000-0000-000000000000"}},"parameters":{"SOURCEADDRESSPREFIXES_1":{"type":"Array","metadata":{"displayName":"IP - restriction prefixes","description":null}}},"policyDefinitions":[{"policyDefinitionReferenceId":"5930870351761903477","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111","parameters":{"destinationPortRanges":{"value":["3389","3389-3390"]},"sourceAddressPrefixes":{"value":"[parameters(''SOURCEADDRESSPREFIXES_1'')]"}}},{"policyDefinitionReferenceId":"14554220312663270802","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111","parameters":{"destinationPortRanges":{"value":["5986","5985","5985-5986"]},"sourceAddressPrefixes":{"value":"[parameters(''SOURCEADDRESSPREFIXES_1'')]"}}},{"policyDefinitionReferenceId":"9245329265770241913","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111","parameters":{"destinationPortRanges":{"value":["22","22-22","22-23"]},"sourceAddressPrefixes":{"value":"[parameters(''SOURCEADDRESSPREFIXES_1'')]"}}},{"policyDefinitionReferenceId":"17233112498738905251","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111","parameters":{"destinationPortRanges":{"value":["23"]},"sourceAddressPrefixes":{"value":"[parameters(''SOURCEADDRESSPREFIXES_1'')]"}}},{"policyDefinitionReferenceId":"11847028610508251009","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111","parameters":{"destinationPortRanges":{"value":["1433"]},"sourceAddressPrefixes":{"value":"[parameters(''SOURCEADDRESSPREFIXES_1'')]"}}},{"policyDefinitionReferenceId":"5782128531867937477","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111","parameters":{"destinationPortRanges":{"value":["445"]},"sourceAddressPrefixes":{"value":"[parameters(''SOURCEADDRESSPREFIXES_1'')]"}}},{"policyDefinitionReferenceId":"6932989581576954984","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111","parameters":{"destinationPortRanges":{"value":["135"]},"sourceAddressPrefixes":{"value":"[parameters(''SOURCEADDRESSPREFIXES_1'')]"}}},{"policyDefinitionReferenceId":"797444469315623872","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d7b13c30-e6aa-47e1-b50a-8e33f152d086","parameters":{"destinationPortRanges":{"value":["3389","3389-3390","5986","5985","5985-5986","22","22-22","22-23","23","1433","445","135"]},"sourceAddressPrefixes":{"value":"[parameters(''SOURCEADDRESSPREFIXES_1'')]"}}},{"policyDefinitionReferenceId":"6167651208609008778","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ebcd21e9-b89f-4a22-8654-dd3a4d8b9321","parameters":{}},{"policyDefinitionReferenceId":"5487397055645750292","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/210ed8bd-6b07-4d5e-a62c-c34f07293288","parameters":{"nsgPrefix":{"value":"PortLockdown"},"sourceAddressPrefixes":{"value":"[parameters(''SOURCEADDRESSPREFIXES_1'')]"},"destinationPortRanges":{"value":["3389-3390","5985-5986","22","23","1433","445","135"]}}},{"policyDefinitionReferenceId":"5721159336579598604","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115","parameters":{"nsgPrefix":{"value":"PortLockdown"},"sourceAddressPrefixes":{"value":"[parameters(''SOURCEADDRESSPREFIXES_1'')]"},"destinationPortRanges":{"value":["3389-3390","5985-5986","22","23","1433","445","135"]},"priority":{"value":"3997"},"access":{"value":"Allow"},"name":{"value":"PortLockdown_ControlledPorts_Restrict"}}},{"policyDefinitionReferenceId":"783328307102833297","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115","parameters":{"nsgPrefix":{"value":"PortLockdown"},"sourceAddressPrefixes":{"value":["VirtualNetwork"]},"destinationPortRanges":{"value":["3389-3390","5985-5986","22","23","1433","445","135"]},"priority":{"value":"3998"},"access":{"value":"Allow"},"name":{"value":"PortLockdown_ControlledPorts_AllowVnet"}}},{"policyDefinitionReferenceId":"13264874163570265928","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115","parameters":{"nsgPrefix":{"value":"PortLockdown"},"sourceAddressPrefixes":{"value":["*"]},"destinationPortRanges":{"value":["3389-3390","5985-5986","22","23","1433","445","135"]},"priority":{"value":"3999"},"access":{"value":"Deny"},"name":{"value":"PortLockdown_ControlledPorts_Deny"}}},{"policyDefinitionReferenceId":"10868451132156218171","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115","parameters":{"nsgPrefix":{"value":"PortLockdown"},"sourceAddressPrefixes":{"value":["*"]},"destinationPortRanges":{"value":["*"]},"priority":{"value":"4000"},"access":{"value":"Allow"},"name":{"value":"PortLockdown_AllowAll"}}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7115","type":"Microsoft.Authorization/policySetDefinitions","name":"20c4afd0-8a77-4433-b8b0-4ad06e4c7115"},{"properties":{"displayName":"cosmosdb - new aliases test","policyType":"Custom","metadata":{"category":"Test"},"parameters":{},"policyDefinitions":[{"policyDefinitionReferenceId":"5701618597132748228","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0a0","parameters":{}},{"policyDefinitionReferenceId":"9148562625737659571","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0b7","parameters":{}},{"policyDefinitionReferenceId":"1317257300482699336","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0bd","parameters":{}},{"policyDefinitionReferenceId":"636235743263978372","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0ce","parameters":{}},{"policyDefinitionReferenceId":"6540762518326135304","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd160","parameters":{}},{"policyDefinitionReferenceId":"16237668974108817340","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/9012b1cd-b045-46c6-a510-6137e06a009c","parameters":{}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/37501145-d01b-4bc8-92d0-c795a19fd164","type":"Microsoft.Authorization/policySetDefinitions","name":"37501145-d01b-4bc8-92d0-c795a19fd164"},{"properties":{"displayName":"rohitbh: - Initiative containing some definitions with deployIfNotExists effect","policyType":"Custom","metadata":{"category":"Test"},"parameters":{},"policyDefinitions":[{"policyDefinitionReferenceId":"9705281775767545600","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/50e2972e-143c-4edf-9ef6-bee0f84212d6","parameters":{}},{"policyDefinitionReferenceId":"3301615874834833614","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5","parameters":{}},{"policyDefinitionReferenceId":"8044870099827093134","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","parameters":{}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/471eddb2-9421-4b81-8a25-3a0b849544dd","type":"Microsoft.Authorization/policySetDefinitions","name":"471eddb2-9421-4b81-8a25-3a0b849544dd"},{"properties":{"displayName":"Policy - tracked resources SDK tests","policyType":"Custom","metadata":{},"parameters":{},"policyDefinitions":[{"policyDefinitionReferenceId":"6346022531429970426","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/71289c53-22e7-4f31-a6dd-780b532380c2","parameters":{}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/71289c53-22e7-4f31-a6dd-780b532380c6","type":"Microsoft.Authorization/policySetDefinitions","name":"71289c53-22e7-4f31-a6dd-780b532380c6"},{"properties":{"displayName":"jilim - allowed set","policyType":"Custom","metadata":{"category":"Test"},"parameters":{"LISTOFALLOWEDSKUS_1":{"type":"Array","metadata":{"displayName":"Allowed - SKUs","strongType":"VMSKUs"}},"LISTOFRESOURCETYPESNOTALLOWED_1":{"type":"Array","metadata":{"displayName":"Not - allowed resource types","strongType":"resourceTypes"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"8962248944013962433","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3","parameters":{"listOfAllowedSKUs":{"value":"[parameters(''LISTOFALLOWEDSKUS_1'')]"}}},{"policyDefinitionReferenceId":"13081098409154781365","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749","parameters":{"listOfResourceTypesNotAllowed":{"value":"[parameters(''LISTOFRESOURCETYPESNOTALLOWED_1'')]"}}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/762007ec-c5ba-41ae-a52d-db0834bea096","type":"Microsoft.Authorization/policySetDefinitions","name":"762007ec-c5ba-41ae-a52d-db0834bea096"},{"properties":{"displayName":"jilim - rt group set","policyType":"Custom","description":"1","metadata":{"category":"Test","parameterScopes":{"listOfResourceTypesAllowed":"/subscriptions/00000000-0000-0000-0000-000000000000"}},"parameters":{"ALLOWEDTYPES_1":{"type":"Array","metadata":{"displayName":"Allowed - resource types","description":null,"strongType":"resourceTypes"},"allowedValues":["Microsoft.EventGrid/domains","Microsoft.EventGrid/domains/topics","Microsoft.EventGrid/locations"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"18341726042324576950","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c","parameters":{"listOfResourceTypesAllowed":{"value":["Microsoft.Cdn/checkNameAvailability","Microsoft.Cdn/checkResourceUsage","Microsoft.Cdn/profiles"]}}},{"policyDefinitionReferenceId":"1359233886895761531","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c872f951-1c5d-4c61-89dd-aee2350a11ba","parameters":{"allowedTypes":{"value":"[parameters(''ALLOWEDTYPES_1'')]"}}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/82d42e20-f682-48dc-95b1-144f0963f0c1","type":"Microsoft.Authorization/policySetDefinitions","name":"82d42e20-f682-48dc-95b1-144f0963f0c1"},{"properties":{"displayName":"tags","policyType":"Custom","metadata":{},"parameters":{},"policyDefinitions":[{"policyDefinitionReferenceId":"9736595915162791837","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498","parameters":{"tagName":{"value":"t1"},"tagValue":{"value":"t1v"}}},{"policyDefinitionReferenceId":"5376449293497609056","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498","parameters":{"tagName":{"value":"t2"},"tagValue":{"value":"t2v"}}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/875cf75e-49c3-47f8-ab8d-89ba3d2311a0","type":"Microsoft.Authorization/policySetDefinitions","name":"875cf75e-49c3-47f8-ab8d-89ba3d2311a0"},{"properties":{"displayName":"ComplianceTestInitiative","policyType":"Custom","description":"Compliance - test initiative ","metadata":{"category":"Compliance test"},"parameters":{},"policyDefinitions":[{"policyDefinitionReferenceId":"4047897157028507992","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474","parameters":{"allowedLocations":{"value":["eastus"]}}},{"policyDefinitionReferenceId":"4859121137597195236","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474","parameters":{"allowedLocations":{"value":["centralus"]}}},{"policyDefinitionReferenceId":"8935913113203900114","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474","parameters":{"allowedLocations":{"value":["eastus2"]}}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/a03db67e-a286-43c3-9098-b2da83d361ad","type":"Microsoft.Authorization/policySetDefinitions","name":"a03db67e-a286-43c3-9098-b2da83d361ad"},{"properties":{"displayName":"test_policyset000005_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","policyDefinitions":[{"policyDefinitionReferenceId":"4247430667449036087","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000004","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000004"},{"properties":{"displayName":"test_sandipsh123","policyType":"Custom","metadata":{},"parameters":{},"policyDefinitions":[{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759","parameters":{}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/db6c5074-a529-4cc8-8882-43f10ef42002","type":"Microsoft.Authorization/policySetDefinitions","name":"db6c5074-a529-4cc8-8882-43f10ef42002"},{"properties":{"displayName":"MuratTest","policyType":"Custom","metadata":{"category":"Security - Center"},"parameters":{},"policyDefinitions":[{"policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/Audit - a tag and it''s value","parameters":{"tagName":{"value":"murat"},"tagValue":{"value":"ersan"}}},{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759","parameters":{}},{"policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/Audit - a tag and its value","parameters":{"tagName":{"value":"testupdate"},"tagValue":{"value":"ignite"}}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/e4a08f18-4e3e-47af-a2eb-cc96d8c9a01f","type":"Microsoft.Authorization/policySetDefinitions","name":"e4a08f18-4e3e-47af-a2eb-cc96d8c9a01f"},{"properties":{"displayName":"Initiative - with my parameterized effect policy","policyType":"Custom","metadata":{"category":"camarvin","parameterScopes":{"logAnalytics":"/subscriptions/00000000-0000-0000-0000-000000000000"}},"parameters":{"EFFECT_1":{"type":"String","metadata":{"displayName":"Initiative - effect","description":null},"defaultValue":"audit"}},"policyDefinitions":[{"policyDefinitionReferenceId":"16025301204423402856","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2","parameters":{"effect":{"value":"audit"}}},{"policyDefinitionReferenceId":"15232055014610564026","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2","parameters":{"effect":{"value":"[parameters(''EFFECT_1'')]"}}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/e6884163-54c6-4f5e-9570-9e4cbd95b078","type":"Microsoft.Authorization/policySetDefinitions","name":"e6884163-54c6-4f5e-9570-9e4cbd95b078"},{"properties":{"displayName":"rohitbh: - Initiative with parameterized deployIfNotExists","policyType":"Custom","metadata":{"category":"Test","parameterScopes":{"namePattern":"/subscriptions/00000000-0000-0000-0000-000000000000"}},"parameters":{"LOGANALYTICS_1":{"type":"String","metadata":{"displayName":"Log - Analytics workspace","strongType":"omsWorkspace"}},"EFFECT_1":{"type":"String","metadata":{"displayName":"Effect","strongType":"omsWorkspace"},"allowedValues":["deployIfNotExists","disabled"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"7548235847093577126","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/263f13f4-6b88-4788-bead-34beedde70ce","parameters":{"logAnalytics":{"value":"[parameters(''LOGANALYTICS_1'')]"},"effect":{"value":"[parameters(''EFFECT_1'')]"}}},{"policyDefinitionReferenceId":"94784994378515624","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/camarvin-test-empty-assign","parameters":{"namePattern":{"value":"one"}}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/fbcd550f-aeec-40fc-b92f-96aece1f50cd","type":"Microsoft.Authorization/policySetDefinitions","name":"fbcd550f-aeec-40fc-b92f-96aece1f50cd"}]}'} + Center"},"parameters":{},"policyDefinitions":[{"policyDefinitionReferenceId":"deployThreatDetectionOnSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97","type":"Microsoft.Authorization/policySetDefinitions","name":"9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97"},{"properties":{"displayName":"test_policysetwxjo4i","policyType":"Custom","description":"desc_for_test_policyset_123_new","parameters":{},"policyDefinitions":[{"policyDefinitionReferenceId":"17488445668941566688","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyrs5zxfokx","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset6rniub","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset6rniub"},{"properties":{"displayName":"test_policyset000005_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","policyDefinitions":[{"policyDefinitionReferenceId":"900353541108509014","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000004","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000004"}]}'} headers: cache-control: [no-cache] - content-length: ['60683'] + content-length: ['49152'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:37:59 GMT'] + date: ['Tue, 27 Nov 2018 05:04:53 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -350,18 +355,19 @@ interactions: CommandName: [policy set-definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000004?api-version=2018-03-01 response: - body: {string: '{"properties":{"displayName":"test_policyset000005_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","policyDefinitions":[{"policyDefinitionReferenceId":"4247430667449036087","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000004","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000004"}'} + body: {string: '{"properties":{"displayName":"test_policyset000005_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","policyDefinitions":[{"policyDefinitionReferenceId":"900353541108509014","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000004","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000004"}'} headers: cache-control: [no-cache] - content-length: ['692'] + content-length: ['691'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:00 GMT'] + date: ['Tue, 27 Nov 2018 05:04:54 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -377,18 +383,19 @@ interactions: CommandName: [policy assignment create] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-d -n --display-name -g] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000004?api-version=2018-03-01 response: - body: {string: '{"properties":{"displayName":"test_policyset000005_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","policyDefinitions":[{"policyDefinitionReferenceId":"4247430667449036087","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000004","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000004"}'} + body: {string: '{"properties":{"displayName":"test_policyset000005_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","policyDefinitions":[{"policyDefinitionReferenceId":"900353541108509014","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000004","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000004"}'} headers: cache-control: [no-cache] - content-length: ['692'] + content-length: ['691'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:01 GMT'] + date: ['Tue, 27 Nov 2018 05:04:55 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -397,10 +404,10 @@ interactions: x-content-type-options: [nosniff] status: {code: 200, message: OK} - request: - body: 'b''b\''b\\\''{"properties": {"displayName": "test_assignment000007", "policyDefinitionId": - "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000004", - "scope": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policyset000001"}, - "sku": {"name": "A0", "tier": "Free"}}\\\''\''''' + body: 'b''b\''b\\\''{"sku": {"name": "A0", "tier": "Free"}, "properties": {"scope": + "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policyset000001", + "policyDefinitionId": "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000004", + "displayName": "test_assignment000007"}}\\\''\''''' headers: Accept: [application/json] Accept-Encoding: ['gzip, deflate'] @@ -408,8 +415,9 @@ interactions: Connection: [keep-alive] Content-Length: ['412'] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-d -n --display-name -g] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: PUT uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policyset000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000006?api-version=2018-03-01 @@ -419,7 +427,7 @@ interactions: cache-control: [no-cache] content-length: ['745'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:02 GMT'] + date: ['Tue, 27 Nov 2018 05:04:56 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -435,8 +443,9 @@ interactions: Connection: [keep-alive] Content-Length: ['0'] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n -g] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: DELETE uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policyset000001/providers/Microsoft.Authorization/policyAssignments/azurecli-test-policy-assignment000006?api-version=2018-03-01 @@ -446,7 +455,7 @@ interactions: cache-control: [no-cache] content-length: ['745'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:03 GMT'] + date: ['Tue, 27 Nov 2018 05:04:57 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -463,135 +472,19 @@ interactions: CommandName: [policy assignment list] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [--disable-scope-strict-match] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments?api-version=2018-03-01 response: - body: {string: '{"value":[{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"chegg: - Remediation powershell test policy","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/9934be7a-0e18-454d-a738-a1d9bcb0c202","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Chris - Eggert","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/2deae24764b447c29af7c309","type":"Microsoft.Authorization/policyAssignments","name":"2deae24764b447c29af7c309"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Attempt - service bus","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/163c640e-681c-445f-92ba-cd434bd8c11c","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Camille - Marvin","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/e5c4e1c88be34db1bc8b2046","type":"Microsoft.Authorization/policyAssignments","name":"e5c4e1c88be34db1bc8b2046"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"ASC - Default (subscription: d0610b27-9663-4c05-89f8-5b4be01e86a5)","policyDefinitionId":"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8","scope":"/subscriptions/00000000-0000-0000-0000-000000000000","parameters":{"diagnosticsLogsInServiceFabricMonitoringEffect":{"value":"AuditIfNotExists"},"systemUpdatesMonitoringEffect":{"value":"AuditIfNotExists"},"systemConfigurationsMonitoringEffect":{"value":"AuditIfNotExists"},"endpointProtectionMonitoringEffect":{"value":"AuditIfNotExists"},"diskEncryptionMonitoringEffect":{"value":"AuditIfNotExists"},"networkSecurityGroupsMonitoringEffect":{"value":"AuditIfNotExists"},"webApplicationFirewallMonitoringEffect":{"value":"AuditIfNotExists"},"sqlAuditingMonitoringEffect":{"value":"AuditIfNotExists"},"sqlEncryptionMonitoringEffect":{"value":"AuditIfNotExists"},"nextGenerationFirewallMonitoringEffect":{"value":"AuditIfNotExists"},"vulnerabilityAssesmentMonitoringEffect":{"value":"AuditIfNotExists"},"storageEncryptionMonitoringEffect":{"value":"Audit"},"jitNetworkAccessMonitoringEffect":{"value":"AuditIfNotExists"},"adaptiveApplicationControlsMonitoringEffect":{"value":"AuditIfNotExists"}},"description":"This - policy assignment was automatically created by Azure Security Center","metadata":{"assignedBy":"Security - Center"}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyAssignments/SecurityCenterBuiltIn","type":"Microsoft.Authorization/policyAssignments","name":"SecurityCenterBuiltIn"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"storage_httpsTrafficOnly","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/023217dd-81bb-461f-93ea-8799caac50c7","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Sandip - Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1/providers/Microsoft.Authorization/policyAssignments/896b553d68384e2a9d8a2f67","type":"Microsoft.Authorization/policyAssignments","name":"896b553d68384e2a9d8a2f67"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"testImageId","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/70dc1e8d-61c9-4089-8bf5-895b227c1298","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Sandip - Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1/providers/Microsoft.Authorization/policyAssignments/a12728ff6d5f4f1f8555f05a","type":"Microsoft.Authorization/policyAssignments","name":"a12728ff6d5f4f1f8555f05a"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Allowed - Location Indexed - eastasia","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/Allowed-Locations-Indexed","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1","notScopes":[],"parameters":{"allowedLocations":{"value":["centralus"]}},"description":"test - 1","metadata":{"assignedBy":"Sandip Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1/providers/Microsoft.Authorization/policyAssignments/a63772a0504c4466a7558f76","type":"Microsoft.Authorization/policyAssignments","name":"a63772a0504c4466a7558f76"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"Do_not_Delete_Assignment","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4a0425e4-97bf-4ad0-ab36-145b94083c60","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1","notScopes":[],"parameters":{"allowedLocations":{"value":["EUS, - WEU"]}},"description":"this is used for testing purpose, do not delete it.","metadata":{"assignedBy":"Sandip - Shahane"}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1/providers/Microsoft.Authorization/policyAssignments/b7a1ca2596524e3ab19597f2","type":"Microsoft.Authorization/policyAssignments","name":"b7a1ca2596524e3ab19597f2"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Not - allowed resource types","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1","notScopes":[],"parameters":{"listOfResourceTypesNotAllowed":{"value":["Microsoft.Storage/storageAccounts"]}},"description":"test - ","metadata":{"assignedBy":"Sandip Shahane","parameterScopes":{"listOfResourceTypesNotAllowed":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1/providers/Microsoft.Authorization/policyAssignments/c0e2b84ed8224fe684fb0487","type":"Microsoft.Authorization/policyAssignments","name":"c0e2b84ed8224fe684fb0487"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"test_sandipsh123","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/db6c5074-a529-4cc8-8882-43f10ef42002","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Sandip - Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1/providers/Microsoft.Authorization/policyAssignments/fafa9611e2ad4da19e8af8b9","type":"Microsoft.Authorization/policyAssignments","name":"fafa9611e2ad4da19e8af8b9"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"testblah3","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipsh-rg1/providers/Microsoft.Authorization/policyAssignments/testblah3","type":"Microsoft.Authorization/policyAssignments","name":"testblah3"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"inherit - all tags","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/1e3c9312-c011-40a3-ac40-3bf3ddc24120","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/camarvin","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Camille - Marvin","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/camarvin/providers/Microsoft.Authorization/policyAssignments/6fb4cdaa7959425791446915","type":"Microsoft.Authorization/policyAssignments","name":"6fb4cdaa7959425791446915"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"camarvin - oms vm linux parameterized effect (with manually modified MI)","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/263f13f4-6b88-4788-bead-34beedde70ce","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/camarvin","notScopes":[],"parameters":{"logAnalytics":{"value":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/jilimpolicytest/providers/microsoft.operationalinsights/workspaces/jilimpolicyws"},"effect":{"value":"deployIfNotExists"}},"description":"Has - a manually modified Managed Identity with correct permissions\n\nSteps to - add permissions:\n1. Powershell: Get-AzureRmADServicePrincipal -ObjectId 055b8b93-56ec-43d6-8ba0-ede402de7fa0\n2: - Copy the \"DisplayName\" \n\n3. In azure portal: subscriptions => IAM => Add - => Search for \"DisplayName\" \n4. Add \"Log Analytics Contributor\"","metadata":{"assignedBy":"Camille - Marvin","parameterScopes":{"logAnalytics":"/subscriptions/00000000-0000-0000-0000-000000000000","effect":"/subscriptions/00000000-0000-0000-0000-000000000000"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/camarvin/providers/Microsoft.Authorization/policyAssignments/7a29f3e24c224adaa05ace42","type":"Microsoft.Authorization/policyAssignments","name":"7a29f3e24c224adaa05ace42"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"9_11_18 - security center","policyDefinitionId":"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/camarvin","notScopes":[],"parameters":{"systemUpdatesMonitoringEffect":{"value":"AuditIfNotExists"},"systemConfigurationsMonitoringEffect":{"value":"AuditIfNotExists"},"endpointProtectionMonitoringEffect":{"value":"AuditIfNotExists"},"diskEncryptionMonitoringEffect":{"value":"AuditIfNotExists"},"networkSecurityGroupsMonitoringEffect":{"value":"AuditIfNotExists"},"webApplicationFirewallMonitoringEffect":{"value":"AuditIfNotExists"},"nextGenerationFirewallMonitoringEffect":{"value":"AuditIfNotExists"},"vulnerabilityAssesmentMonitoringEffect":{"value":"AuditIfNotExists"},"storageEncryptionMonitoringEffect":{"value":"Audit"},"jitNetworkAccessMonitoringEffect":{"value":"AuditIfNotExists"},"adaptiveApplicationControlsMonitoringEffect":{"value":"AuditIfNotExists"},"sqlAuditingMonitoringEffect":{"value":"AuditIfNotExists"},"sqlEncryptionMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInAppServiceMonitoringEffect":{"value":"Audit"},"encryptionOfAutomationAccountMonitoringEffect":{"value":"Audit"},"diagnosticsLogsInBatchAccountMonitoringEffect":{"value":"AuditIfNotExists"},"metricAlertsInBatchAccountMonitoringEffect":{"value":"AuditIfNotExists"},"classicComputeVMsMonitoringEffect":{"value":"Audit"},"classicStorageAccountsMonitoringEffect":{"value":"Audit"},"diagnosticsLogsInDataLakeAnalyticsMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInDataLakeStoreMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInEventHubMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInKeyVaultMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInLogicAppsMonitoringEffect":{"value":"AuditIfNotExists"},"diagnosticsLogsInRedisCacheMonitoringEffect":{"value":"Audit"},"diagnosticsLogsInSearchServiceMonitoringEffect":{"value":"AuditIfNotExists"},"aadAuthenticationInServiceFabricMonitoringEffect":{"value":"Audit"},"clusterProtectionLevelInServiceFabricMonitoringEffect":{"value":"Audit"},"diagnosticsLogsInServiceBusMonitoringEffect":{"value":"AuditIfNotExists"},"namespaceAuthorizationRulesInServiceBusMonitoringEffect":{"value":"Audit"},"aadAuthenticationInSqlServerMonitoringEffect":{"value":"AuditIfNotExists"},"secureTransferToStorageAccountMonitoringEffect":{"value":"Audit"},"diagnosticsLogsInStreamAnalyticsMonitoringEffect":{"value":"AuditIfNotExists"},"useRbacRulesMonitoringEffect":{"value":"Audit"},"disableUnrestrictedNetworkToStorageAccountMonitoringEffect":{"value":"Audit"},"accessRulesInEventHubNamespaceMonitoringEffect":{"value":"Audit"},"accessRulesInEventHubMonitoringEffect":{"value":"AuditIfNotExists"}},"metadata":{"assignedBy":"Camille - Marvin","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/camarvin/providers/Microsoft.Authorization/policyAssignments/7fc35fcaccba4ce6a1dab6b3","type":"Microsoft.Authorization/policyAssignments","name":"7fc35fcaccba4ce6a1dab6b3"},{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/camarvin-test-empty-assign","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/camarvin","parameters":{"namePattern":{"value":""}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/camarvin/providers/Microsoft.Authorization/policyAssignments/camarvin-empty","type":"Microsoft.Authorization/policyAssignments","name":"camarvin-empty"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"Allowed - resource types","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/Test","notScopes":[],"parameters":{"listOfResourceTypesAllowed":{"value":["Microsoft.AzureActiveDirectory/operations","Microsoft.AzureStack/registrations/customerSubscriptions","Microsoft.Batch/locations/quotas","Microsoft.BatchAI/fileservers","Microsoft.BatchAI/locations/operationstatuses","Microsoft.BatchAI/locations/usages","Microsoft.BatchAI/operations","Microsoft.Billing/BillingPeriods","Microsoft.Cdn/operationresults/profileresults/endpointresults/customdomainresults","Microsoft.Cdn/operations","Microsoft.Cdn/profiles/endpoints","Microsoft.ClassicNetwork/reservedIps","Microsoft.ClassicNetwork/virtualNetworks/remoteVirtualNetworkPeeringProxies","Microsoft.ClassicNetwork/virtualNetworks/virtualNetworkPeerings","Microsoft.Compute/locations/publishers","Microsoft.Compute/operations","Microsoft.ContainerRegistry/registries/regenerateCredentials","Microsoft.ContainerRegistry/registries/webhooks","Microsoft.ContainerRegistry/registries/webhooks/getCallbackConfig","Microsoft.DBforPostgreSQL/checkNameAvailability","Microsoft.DBforPostgreSQL/locations","Microsoft.DBforPostgreSQL/locations/azureAsyncOperation","Microsoft.DataMigration/locations/checkNameAvailability","Microsoft.DataMigration/locations/operationStatuses","Microsoft.DataMigration/services","Microsoft.DynamicsLcs/operations","Microsoft.EventGrid/extensionTopics","Microsoft.Network/dnszones"]}},"description":"This - policy ensures that only approves resource types can be deployed.","metadata":{"assignedBy":"Liz - Kim","parameterScopes":{"listOfResourceTypesAllowed":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/Test"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/Test/providers/Microsoft.Authorization/policyAssignments/5d78e6eb576241ee898e7450","type":"Microsoft.Authorization/policyAssignments","name":"5d78e6eb576241ee898e7450"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Policy - tracked resources SDK tests","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/71289c53-22e7-4f31-a6dd-780b532380c6","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere-sdk-tests","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere-sdk-tests/providers/Microsoft.Authorization/policyAssignments/18c66454099644de94931534","type":"Microsoft.Authorization/policyAssignments","name":"18c66454099644de94931534"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"robgatest","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/robgasatest","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Robert - Gao","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/robgasatest/providers/Microsoft.Authorization/policyAssignments/c7509a25e71345a69af498de","type":"Microsoft.Authorization/policyAssignments","name":"c7509a25e71345a69af498de"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"Audit - allowed locations","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c0f586f1-abe5-4801-8588-7332e49e60c9","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest","notScopes":[],"parameters":{"allowedLocations":{"value":["koreacentral","koreasouth"]}},"metadata":{"assignedBy":"Jin - Soon Lim","parameterScopes":{"allowedLocations":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest/providers/Microsoft.Authorization/policyAssignments/39ecf6a6f4c84656a087acb9","type":"Microsoft.Authorization/policyAssignments","name":"39ecf6a6f4c84656a087acb9"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"jilim - Allowed resource types group","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest","notScopes":[],"parameters":{"listOfResourceTypesAllowed":{"value":["stackify.retrace/services","Microsoft.DataLakeStore/accounts","Microsoft.DataLakeStore/accounts/firewallRules"]}},"description":"3","metadata":{"assignedBy":"Jin - Soon Lim","parameterScopes":{"listOfResourceTypesAllowed":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest/providers/Microsoft.Authorization/policyAssignments/46a9fc53b1f8417b9a260977","type":"Microsoft.Authorization/policyAssignments","name":"46a9fc53b1f8417b9a260977"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"jilim-incident-86226837-fix","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/15358dd8-671e-4c96-be33-2b668791418f","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Jin - Soon Lim","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest/providers/Microsoft.Authorization/policyAssignments/a130362e761140cfb54de097","type":"Microsoft.Authorization/policyAssignments","name":"a130362e761140cfb54de097"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"rohitbh: - Initiative containing some definitions with deployIfNotExists effect","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/471eddb2-9421-4b81-8a25-3a0b849544dd","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rohitbhtest","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Rohit - Bhardwaj","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rohitbhtest/providers/Microsoft.Authorization/policyAssignments/a4798059d8b545ca9d3a9bf4","type":"Microsoft.Authorization/policyAssignments","name":"a4798059d8b545ca9d3a9bf4"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"RobgaDataFactoryTest","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3ffb9f8c-fdaa-41b0-ad4b-b0f55e2860c9","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/robgaTestEUS","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Robert - Gao","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/robgaTestEUS/providers/Microsoft.Authorization/policyAssignments/14c147c3c5e64680ba18065f","type":"Microsoft.Authorization/policyAssignments","name":"14c147c3c5e64680ba18065f"},{"sku":{"name":"A0","tier":"Free"},"properties":{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/ea7ac87c-b242-4ed1-b49f-ca12d59175e7","parameters":{"listOfAllowedSKUs":{"value":["Standard_LRS"]}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/ea7ac87c-b242-4ed1-b49f-ca12d59175e7/providers/Microsoft.Authorization/policyAssignments/storageAccountSku","type":"Microsoft.Authorization/policyAssignments","name":"storageAccountSku"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"ICM - 83686598","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4c03a3e3-e038-4a55-a6a6-abf8e7bb9175","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/10c375d4213549ca943b5507","type":"Microsoft.Authorization/policyAssignments","name":"10c375d4213549ca943b5507"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Enforce - KeyVault diagnostic log storage (elpere)","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d0d9349d-843c-443a-9f27-5ce84f08c37e","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","description":"aaza"},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/147a06ff85c644e1a06bb389","type":"Microsoft.Authorization/policyAssignments","name":"147a06ff85c644e1a06bb389"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"elpere - deny on ''test'' tag","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ced59ff0-9061-49dd-94de-093b33a640d7","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/22865d87f97b4dfe89a81509","type":"Microsoft.Authorization/policyAssignments","name":"22865d87f97b4dfe89a81509"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"docdb_aliases_test","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/1f5360b7-fe59-43f7-8af5-825df420d09c","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/2eae45fa1fcd4da1ab3a076a","type":"Microsoft.Authorization/policyAssignments","name":"2eae45fa1fcd4da1ab3a076a"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"storage - ip rules append 2","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/2b2317a7-ab02-47b5-8159-eb7e6227709f","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/3614109c79cb40b5b6aee5be","type":"Microsoft.Authorization/policyAssignments","name":"3614109c79cb40b5b6aee5be"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"elpere - deny test","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d1c0e77c-53b4-4c4d-a1f5-c535a370b0c5","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/44b5ca6aeab545c3aab8e23b","type":"Microsoft.Authorization/policyAssignments","name":"44b5ca6aeab545c3aab8e23b"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"deployifnotexist - template alias tests - redis","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5a8a68e8-ae1c-420a-9639-a94ebeb3c0c8","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/45b097d59dd441908f7a3f1f","type":"Microsoft.Authorization/policyAssignments","name":"45b097d59dd441908f7a3f1f"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"ICM - 83577342 deny proxy resource location","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/77429b44-aac1-4417-a53e-6900c07e11ac","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/5fc81fe96c7148a2a6677065","type":"Microsoft.Authorization/policyAssignments","name":"5fc81fe96c7148a2a6677065"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"NSG - Rules exists test","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/bb6a78ae-8737-41e0-9c41-cc777c8c00a0","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/69541cb19f7448f9b016f351","type":"Microsoft.Authorization/policyAssignments","name":"69541cb19f7448f9b016f351"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Policy - tracked resources SDK tests","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/71289c53-22e7-4f31-a6dd-780b532380c6","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","notScopes":[],"parameters":{},"description":"asdasd","metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/abb5adbb7b394308957c1a77","type":"Microsoft.Authorization/policyAssignments","name":"abb5adbb7b394308957c1a77"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"cosmosdb - new aliases test","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/37501145-d01b-4bc8-92d0-c795a19fd164","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/d6e82e15ff484a3bad53adbf","type":"Microsoft.Authorization/policyAssignments","name":"d6e82e15ff484a3bad53adbf"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"[elpere] - deployIfNotExists Runners test","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/dbfa9fc0-5202-4001-8759-1aa2387f825b","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/e68b39995d0e4bb8807f71ae","type":"Microsoft.Authorization/policyAssignments","name":"e68b39995d0e4bb8807f71ae"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Access - KV as part of remidiation deployment test (elpere)","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d35ce9be-f51b-4d3e-bc7f-dde2936381b0","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/e9cfe872284b49aeba2f45b7","type":"Microsoft.Authorization/policyAssignments","name":"e9cfe872284b49aeba2f45b7"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"[elpere] - DeployInNotExistsRunnersWithoutIdentity","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/dbfa9fc0-5202-4001-8759-1aa2387f825b","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere","metadata":{"assignedBy":"Elad - Perets","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.Authorization/policyAssignments/elpereDeployInNotExistsRunnersWithoutIdentity","type":"Microsoft.Authorization/policyAssignments","name":"elpereDeployInNotExistsRunnersWithoutIdentity"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"allowedOS","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e2bdec61-8c05-4ad6-b8bf-cd1b0a87c091","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipshrg3","notScopes":[],"parameters":{"listOfAllowedWindows":{"value":["2016-Datacenter"]},"listOfAllowedUbuntus":{"value":["16.04 - Lts"]}},"description":"a","metadata":{"assignedBy":"Sandip Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/sandipshrg3/providers/Microsoft.Authorization/policyAssignments/ce50243878b84aee93c86e73","type":"Microsoft.Authorization/policyAssignments","name":"ce50243878b84aee93c86e73"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Enforce - tag and its value test","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","notScopes":[],"parameters":{"tagName":{"value":"2018-07-25T00:53:12Z"},"tagValue":{"value":"2018-07-25T00:53:12.3067173Z - "}},"metadata":{"assignedBy":"Narine Mossikyan","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh/providers/Microsoft.Authorization/policyAssignments/400aff512a774d8782cbfb08","type":"Microsoft.Authorization/policyAssignments","name":"400aff512a774d8782cbfb08"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"narinem - - 2 defaultValue: all parameters","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ea1688b3-022e-4add-af39-2fe60689a3b0","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","notScopes":[],"parameters":{"locations":{"value":["eastus","westus"]},"location":{"value":"eastus"},"resourceGroups":{"value":["camarvin"]},"resourceGroup":{"value":"camarvin"},"tags":{"value":["London","New - York"]},"allowedLocations":{"value":["eastus"]},"allowedLocation":{"value":"eastus"},"allowedStorageSKUs":{"value":["Standard_LRS","Standard_ZRS","Standard_GRS"]},"allowedStorageSKU":{"value":"Standard_LRS"},"allowedTags":{"value":["FirstName","LastName","Age"]},"allowedTag":{"value":"FirstName"}},"metadata":{"assignedBy":"Narine - Mossikyan","parameterScopes":{"locations":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","location":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","resourceGroups":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","resourceGroup":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","allowedLocations":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","allowedLocation":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","allowedStorageSKUs":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","allowedStorageSKU":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh/providers/Microsoft.Authorization/policyAssignments/46b2dd438ab547eaa10e2bc3","type":"Microsoft.Authorization/policyAssignments","name":"46b2dd438ab547eaa10e2bc3"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"narinem - - Enforce tag and its value","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","notScopes":[],"parameters":{"tagName":{"value":"name"},"tagValue":{"value":"value"}},"metadata":{"assignedBy":"Narine - Mossikyan","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh/providers/Microsoft.Authorization/policyAssignments/77fec4647f8442e3b7ce96db","type":"Microsoft.Authorization/policyAssignments","name":"77fec4647f8442e3b7ce96db"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"narinem - - defaultValue: all parameters with overwrites","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ea1688b3-022e-4add-af39-2fe60689a3b0","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","notScopes":[],"parameters":{"locations":{"value":["eastus","westus","eastus2","centralus"]},"location":{"value":"eastus"},"resourceGroups":{"value":["camarvin"]},"resourceGroup":{"value":"camarvin"},"allowedLocations":{"value":["eastus"]},"allowedLocation":{"value":"eastus"},"allowedStorageSKUs":{"value":["Standard_LRS","Standard_ZRS","Standard_GRS"]},"allowedStorageSKU":{"value":"Standard_LRS"},"allowedTags":{"value":["FirstName","LastName","Age"]},"allowedTag":{"value":"FirstName"}},"metadata":{"assignedBy":"Narine - Mossikyan","parameterScopes":{"locations":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","location":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","resourceGroups":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","resourceGroup":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","allowedLocations":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","allowedLocation":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","allowedStorageSKUs":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","allowedStorageSKU":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh/providers/Microsoft.Authorization/policyAssignments/78a2dfec07014d659619515d","type":"Microsoft.Authorization/policyAssignments","name":"78a2dfec07014d659619515d"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Enforce - tag and its value","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh","notScopes":[],"parameters":{"tagName":{"value":"er"},"tagValue":{"value":"wete"}},"metadata":{"assignedBy":"Narine - Mossikyan","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/argh/providers/Microsoft.Authorization/policyAssignments/beb85152cea0475ba4942c26","type":"Microsoft.Authorization/policyAssignments","name":"beb85152cea0475ba4942c26"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"akhe-incident-86230190-deployIfNotExists","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d03e03ca-6424-4e28-8842-5796dc0b5632","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86230190","notScopes":[],"parameters":{},"description":"adding - this to help custmomer for incident 86230190","metadata":{"assignedBy":"Akif - Heren","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86230190/providers/Microsoft.Authorization/policyAssignments/2b3657d96b224ee3a708d815","type":"Microsoft.Authorization/policyAssignments","name":"2b3657d96b224ee3a708d815"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"akhe-incident-86230190-v2","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/83daa8ee-7c9a-470c-81a8-5a99ac09d134","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86230190","notScopes":[],"parameters":{},"description":"audits - if a resource doesn''t have a lock","metadata":{"assignedBy":"Akif Heren","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86230190/providers/Microsoft.Authorization/policyAssignments/4c15b85c96404165be04889e","type":"Microsoft.Authorization/policyAssignments","name":"4c15b85c96404165be04889e"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"akhe-incident-86230190","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca8d6","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86230190","notScopes":[],"parameters":{},"description":"reproing - incident 86230190","metadata":{"assignedBy":"Akif Heren","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86230190/providers/Microsoft.Authorization/policyAssignments/d2101b18c58142acafa06f07","type":"Microsoft.Authorization/policyAssignments","name":"d2101b18c58142acafa06f07"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Apply - tag and its default value conflicting1","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh","notScopes":[],"parameters":{"tagName":{"value":"tagName"},"tagValue":{"value":"t2"}},"metadata":{"assignedBy":"Sandip - Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh/providers/Microsoft.Authorization/policyAssignments/1227b506064144338d0fd256","type":"Microsoft.Authorization/policyAssignments","name":"1227b506064144338d0fd256"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"testSandipsh - metric alert policy3","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/123c6354-fc96-4f54-984e-8d49d06a80a3","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh","notScopes":[],"parameters":{"resourceType":{"value":"Microsoft.Storage/storageAccounts1"},"alertNamePrefix":{"value":"testSandipsh3"},"alertDescription":{"value":"This - is test 3 policy assignment"},"alertSeverity":{"value":"4"},"isEnabled":{"value":"true"},"metricName":{"value":"Transactions"},"operator":{"value":"GreaterThan"},"threshold":{"value":"1"},"timeAggregation":{"value":"Total"},"windowSize":{"value":"PT5M"},"evaluationFrequency":{"value":"PT1M"},"actionGroupId":{"value":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/default-activitylogalerts/providers/microsoft.insights/actiongroups/sandipsh"}},"description":"This - is a test assignment created using \"testSandipsh metric alert policy3\" policy - definition.","metadata":{"assignedBy":"Sandip Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh/providers/Microsoft.Authorization/policyAssignments/123a95223c214e4eaf7b88d9","type":"Microsoft.Authorization/policyAssignments","name":"123a95223c214e4eaf7b88d9"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"detect - ''allow All'' NSG rule","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4c915617-16f0-4c62-b021-e66d5409d11d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Liz - Kim","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh/providers/Microsoft.Authorization/policyAssignments/4710061986c740bb92427daf","type":"Microsoft.Authorization/policyAssignments","name":"4710061986c740bb92427daf"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"tags","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/875cf75e-49c3-47f8-ab8d-89ba3d2311a0","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Sandip - Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh/providers/Microsoft.Authorization/policyAssignments/57f3f848f38346ea8614463f","type":"Microsoft.Authorization/policyAssignments","name":"57f3f848f38346ea8614463f"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Audit - existence of a tag2","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/24813039-7534-408a-9842-eb99f45721b1","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh","notScopes":[],"parameters":{"tagName":{"value":"env"}},"metadata":{"assignedBy":"Sandip - Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh/providers/Microsoft.Authorization/policyAssignments/8b3c4695be824259a66370e1","type":"Microsoft.Authorization/policyAssignments","name":"8b3c4695be824259a66370e1"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"[Preview]: - Apply Diagnostic Settings for Network Security Groups","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh","notScopes":[],"parameters":{"storagePrefix":{"value":"testSandipsh"},"rgName":{"value":"testSandipsh"}},"metadata":{"assignedBy":"Sandip - Shahane","parameterScopes":{"rgName":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh/providers/Microsoft.Authorization/policyAssignments/b72ec05b04624c87b35e5d97","type":"Microsoft.Authorization/policyAssignments","name":"b72ec05b04624c87b35e5d97"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"storage_httpsTrafficOnly_testSandipshRG","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/023217dd-81bb-461f-93ea-8799caac50c7","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Sandip - Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh/providers/Microsoft.Authorization/policyAssignments/bc650b603c02494bb890837e","type":"Microsoft.Authorization/policyAssignments","name":"bc650b603c02494bb890837e"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"testSandipsh - metric alert policy Assignment1","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/6f2c6354-fc96-4f54-984e-8d49d06a80a3","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh","notScopes":[],"parameters":{"resourceType":{"value":"Microsoft.Storage/storageAccounts1"},"alertNamePrefix":{"value":"testSandipshPrefix"},"alertDescription":{"value":"this - is dummy alert"},"alertSeverity":{"value":"4"},"isEnabled":{"value":"true"},"metricName":{"value":"Transactions"},"operator":{"value":"GreaterThan"},"threshold":{"value":"1"},"timeAggregation":{"value":"Total"},"windowSize":{"value":"PT5M"},"evaluationFrequency":{"value":"PT1M"},"actionGroupId":{"value":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/default-activitylogalerts/providers/microsoft.insights/actiongroups/sandipsh"}},"metadata":{"assignedBy":"Sandip - Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh/providers/Microsoft.Authorization/policyAssignments/e2737c4f650a4c569ad6df20","type":"Microsoft.Authorization/policyAssignments","name":"e2737c4f650a4c569ad6df20"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Apply - tag and its default value conflicting","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh","notScopes":[],"parameters":{"tagName":{"value":"tagName"},"tagValue":{"value":"tag1"}},"metadata":{"assignedBy":"Sandip - Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh/providers/Microsoft.Authorization/policyAssignments/f45d12be72f4471f84f6b47f","type":"Microsoft.Authorization/policyAssignments","name":"f45d12be72f4471f84f6b47f"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"testSandipsh.Assignment.draft","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/testSandipsh.draft","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh","notScopes":[],"parameters":{"resourceType":{"value":"Microsoft.Storage/storageAccounts"},"alertNamePrefix":{"value":"testSandipsh.draft"},"alertDescription":{"value":"This - is test draft policy assignment"},"alertSeverity":{"value":"4"},"isEnabled":{"value":"true"},"metricName":{"value":"Transactions"},"operator":{"value":"GreaterThan"},"threshold":{"value":"1"},"timeAggregation":{"value":"Total"},"windowSize":{"value":"PT5M"},"evaluationFrequency":{"value":"PT1M"},"actionGroupId":{"value":"/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/default-activitylogalerts/providers/microsoft.insights/actiongroups/sandipsh"}},"description":"test - assignment","metadata":{"assignedBy":"Sandip Shahane","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/testSandipsh/providers/Microsoft.Authorization/policyAssignments/testSandipsh.Assignment.draft","type":"Microsoft.Authorization/policyAssignments","name":"testSandipsh.Assignment.draft"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"joelpo-Audit - VMs that do not use managed disks","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/joelpogroup","notScopes":[],"parameters":{},"description":"test_rg_assignment","metadata":{"assignedBy":"Joel - Pothering","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/joelpogroup/providers/Microsoft.Authorization/policyAssignments/7df9280324ba4f41a41ce08a","type":"Microsoft.Authorization/policyAssignments","name":"7df9280324ba4f41a41ce08a"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"Test - storage alias","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5fa69139-9a49-464e-90b5-0d243a469138","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/camarvin-asr","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Camille - Marvin","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/camarvin-asr/providers/Microsoft.Authorization/policyAssignments/a164f0ceb98d474685ecf9ab","type":"Microsoft.Authorization/policyAssignments","name":"a164f0ceb98d474685ecf9ab"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"jilim - allowed set","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/762007ec-c5ba-41ae-a52d-db0834bea096","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest2","notScopes":[],"parameters":{"LISTOFALLOWEDSKUS_1":{"value":["Basic_A0"]},"LISTOFRESOURCETYPESNOTALLOWED_1":{"value":["Microsoft.Network/networkSecurityGroups","Aspera.Transfers/listCommunicationPreference"]}},"metadata":{"assignedBy":"Jin - Soon Lim","parameterScopes":{"LISTOFALLOWEDSKUS_1":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest2","LISTOFRESOURCETYPESNOTALLOWED_1":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest2"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest2/providers/Microsoft.Authorization/policyAssignments/8828df941b124d42841bfe69","type":"Microsoft.Authorization/policyAssignments","name":"8828df941b124d42841bfe69"},{"sku":{"name":"A1","tier":"Standard"},"properties":{"displayName":"jilimpolicytest2 - Allowed locations","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest2","notScopes":[],"parameters":{"listOfAllowedLocations":{"value":["japanwest","japaneast"]}},"metadata":{"assignedBy":"Jin - Soon Lim","parameterScopes":{"listOfAllowedLocations":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest2"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/jilimpolicytest2/providers/Microsoft.Authorization/policyAssignments/e9860612d8ec4a469f59af06","type":"Microsoft.Authorization/policyAssignments","name":"e9860612d8ec4a469f59af06"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"akhe-incident-86226837-v2","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/0e0d567a-6089-46fc-b12c-ca5af1287abe","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86226837","notScopes":[],"parameters":{},"description":"second - attempt to repro the incident ","metadata":{"assignedBy":"Akif Heren","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86226837/providers/Microsoft.Authorization/policyAssignments/3f1e5705173546d59712ba1f","type":"Microsoft.Authorization/policyAssignments","name":"3f1e5705173546d59712ba1f"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"jilim-incident-86226837-fix","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/15358dd8-671e-4c96-be33-2b668791418f","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86226837","notScopes":[],"parameters":{},"metadata":{"assignedBy":"Akif - Heren","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86226837/providers/Microsoft.Authorization/policyAssignments/49f23c95c52242f5b9762c0d","type":"Microsoft.Authorization/policyAssignments","name":"49f23c95c52242f5b9762c0d"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"akhe-incident-86226837","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca376","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86226837","notScopes":[],"parameters":{},"description":"reproing - incident 86226837","metadata":{"assignedBy":"Akif Heren","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86226837/providers/Microsoft.Authorization/policyAssignments/631306c13e2f42b3abc414b7","type":"Microsoft.Authorization/policyAssignments","name":"631306c13e2f42b3abc414b7"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"akhe-incident-86318519","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca600","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86226837","notScopes":[],"parameters":{},"description":"reproing - incident 86318519","metadata":{"assignedBy":"Akif Heren","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86226837/providers/Microsoft.Authorization/policyAssignments/e1e4cc3cbdfb435b9268cd4b","type":"Microsoft.Authorization/policyAssignments","name":"e1e4cc3cbdfb435b9268cd4b"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"akhe-incident-86226837-v3","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d03e03ca-6424-4e28-8842-5796dc0b5002","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86226837","notScopes":[],"parameters":{},"description":"3rd","metadata":{"assignedBy":"Akif - Heren","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-86226837/providers/Microsoft.Authorization/policyAssignments/e992cf28e75942d3a66e894d","type":"Microsoft.Authorization/policyAssignments","name":"e992cf28e75942d3a66e894d"},{"sku":{"name":"A0","tier":"Free"},"properties":{"displayName":"akhe-incident-85944710-combined","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/290b38e4-eff9-434b-b4d3-3ddd6084180f","scope":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-85944710","notScopes":[],"parameters":{"locationNames":{"value":["westus","westus2","West - US"]}},"description":"combined policy.","metadata":{"assignedBy":"Akif Heren","parameterScopes":{}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/akhe-incident-85944710/providers/Microsoft.Authorization/policyAssignments/e67bd210931a420a87f41ad5","type":"Microsoft.Authorization/policyAssignments","name":"e67bd210931a420a87f41ad5"}]}'} + body: {string: '{"value":[]}'} headers: cache-control: [no-cache] - content-length: ['57104'] + content-length: ['12'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:04 GMT'] + date: ['Tue, 27 Nov 2018 05:04:59 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -608,25 +501,26 @@ interactions: Connection: [keep-alive] Content-Length: ['0'] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: DELETE uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000004?api-version=2018-03-01 response: - body: {string: '{"properties":{"displayName":"test_policyset000005_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","policyDefinitions":[{"policyDefinitionReferenceId":"4247430667449036087","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000004","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000004"}'} + body: {string: '{"properties":{"displayName":"test_policyset000005_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","policyDefinitions":[{"policyDefinitionReferenceId":"900353541108509014","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000004","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000004"}'} headers: cache-control: [no-cache] - content-length: ['692'] + content-length: ['691'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:05 GMT'] + date: ['Tue, 27 Nov 2018 05:05:01 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] transfer-encoding: [chunked] vary: ['Accept-Encoding,Accept-Encoding'] x-content-type-options: [nosniff] - x-ms-ratelimit-remaining-subscription-deletes: ['14999'] + x-ms-ratelimit-remaining-subscription-deletes: ['14998'] status: {code: 200, message: OK} - request: body: null @@ -636,8 +530,8 @@ interactions: CommandName: [policy set-definition list] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions?api-version=2018-03-01 @@ -768,6 +662,12 @@ interactions: disable the monitoring of external acounts with write permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor remove external accounts with read permissions","description":"Enable or disable the monitoring of external acounts with read permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"diagnosticsLogsInServiceFabricMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"accessRulesInEventHubNamespaceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7","parameters":{"effect":{"value":"[parameters(''accessRulesInEventHubNamespaceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"accessRulesInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d","parameters":{"effect":{"value":"[parameters(''accessRulesInEventHubMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''disableUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"useRbacRulesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{"effect":{"value":"[parameters(''useRbacRulesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInStreamAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"secureTransferToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''secureTransferToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInSqlServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInSqlServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"namespaceAuthorizationRulesInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","parameters":{"effect":{"value":"[parameters(''namespaceAuthorizationRulesInServiceBusMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceBusMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInServiceBusRetentionDays'')]"}}},{"policyDefinitionReferenceId":"clusterProtectionLevelInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{"effect":{"value":"[parameters(''clusterProtectionLevelInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSearchServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSearchServiceMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInSearchServiceRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInRedisCacheMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInRedisCacheMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInLogicAppsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInLogicAppsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInLogicAppsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInKeyVaultMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInKeyVaultMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInKeyVaultRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInEventHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInEventHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeStoreMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"classicStorageAccountsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{"effect":{"value":"[parameters(''classicStorageAccountsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"classicComputeVMsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{"effect":{"value":"[parameters(''classicComputeVMsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"metricAlertsInBatchAccountPoolDeleteStart","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7","parameters":{"effect":{"value":"[parameters(''metricAlertsInBatchAccountMonitoringEffect'')]"},"metricName":{"value":"PoolDeleteStartEvent"}}},{"policyDefinitionReferenceId":"metricAlertsInBatchAccountPoolDeleteComplete","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7","parameters":{"effect":{"value":"[parameters(''metricAlertsInBatchAccountMonitoringEffect'')]"},"metricName":{"value":"PoolDeleteCompleteEvent"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInBatchAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInBatchAccountMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInBatchAccountRetentionDays'')]"}}},{"policyDefinitionReferenceId":"encryptionOfAutomationAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{"effect":{"value":"[parameters(''encryptionOfAutomationAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInAppServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInAppServiceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''sqlDbEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAuditingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16","parameters":{"effect":{"value":"[parameters(''sqlEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlAuditingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d","parameters":{"effect":{"value":"[parameters(''sqlAuditingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"storageEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759","parameters":{"effect":{"value":"[parameters(''storageEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"jitNetworkAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''jitNetworkAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemConfigurationsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{"effect":{"value":"[parameters(''systemConfigurationsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"endpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{"effect":{"value":"[parameters(''endpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webApplicationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{"effect":{"value":"[parameters(''webApplicationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"nextGenerationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{"effect":{"value":"[parameters(''nextGenerationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{"effect":{"value":"[parameters(''sqlDbVulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateLessThanOwnersMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{"effect":{"value":"[parameters(''identityDesignateLessThanOwnersMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateMoreThanOneOwnerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{"effect":{"value":"[parameters(''identityDesignateMoreThanOneOwnerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithReadPermissionsMonitoringEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8","type":"Microsoft.Authorization/policySetDefinitions","name":"1f3afdf9-d0c9-4c3d-847f-89da613e70a8"},{"properties":{"displayName":"[Preview]: + Audit applications inside Windows VMs","policyType":"BuiltIn","description":"http://aka.ms/gcpol. + This initiative will both deploy the VM extension and audit applications inside + Windows VMs.","metadata":{"category":"Guest Configuration"},"parameters":{"installedApplication":{"type":"String","metadata":{"displayName":"Application + name (supports wildcard)","description":"Application name. Example: ''Microsoft + SQL Server 2014 (64-bit)'' or ''Microsoft SQL Server 2014*'' to match any + application starting with ''Microsoft SQL Server 2014''."}}},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_InstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6","parameters":{"installedApplication":{"value":"[parameters(''installedApplication'')]"}}},{"policyDefinitionReferenceId":"Audit_InstalledApp","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/25ef9b72-4af2-4501-acd1-fc814e73dde1","type":"Microsoft.Authorization/policySetDefinitions","name":"25ef9b72-4af2-4501-acd1-fc814e73dde1"},{"properties":{"displayName":"[Preview]: Audit Password security settings inside Linux and Windows virtual machines","policyType":"BuiltIn","description":"http://aka.ms/gcpol. This policy will audit password security settings inside Linux and Windows virtual machines. For a list of individual settings, please follow the aka.ms @@ -778,39 +678,37 @@ interactions: Analytics workspace","description":"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant ''Log Analytics Contributor'' permissions (or similar) to the - policy assignment''s principal ID.","strongType":"omsWorkspace"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"LogAnalyticsExtension_Windows_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c","parameters":{"logAnalytics":{"value":"[parameters(''logAnalytics_1'')]"}}},{"policyDefinitionReferenceId":"LogAnalyticsExtension_Linux_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77","parameters":{"logAnalytics":{"value":"[parameters(''logAnalytics_1'')]"}}},{"policyDefinitionReferenceId":"DependencyAgentExtension_Windows_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04","parameters":{}},{"policyDefinitionReferenceId":"DependencyAgentExtension_Linux_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee","parameters":{}},{"policyDefinitionReferenceId":"LogAnalytics_OSImage_Audit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"DependencyAgent_OSImage_Audit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/55f3eceb-5573-4f18-9695-226972c6d74a","type":"Microsoft.Authorization/policySetDefinitions","name":"55f3eceb-5573-4f18-9695-226972c6d74a"},{"properties":{"displayName":"[Preview]: + policy assignment''s principal ID.","strongType":"omsWorkspace"}},"listOfImageIdToInclude_windows":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyDefinitions":[{"policyDefinitionReferenceId":"LogAnalyticsExtension_Windows_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c","parameters":{"logAnalytics":{"value":"[parameters(''logAnalytics_1'')]"},"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"}}},{"policyDefinitionReferenceId":"LogAnalyticsExtension_Linux_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77","parameters":{"logAnalytics":{"value":"[parameters(''logAnalytics_1'')]"},"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}}},{"policyDefinitionReferenceId":"DependencyAgentExtension_Windows_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04","parameters":{"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"}}},{"policyDefinitionReferenceId":"DependencyAgentExtension_Linux_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee","parameters":{"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}}},{"policyDefinitionReferenceId":"LogAnalytics_OSImage_Audit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}}},{"policyDefinitionReferenceId":"DependencyAgent_OSImage_Audit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/55f3eceb-5573-4f18-9695-226972c6d74a","type":"Microsoft.Authorization/policySetDefinitions","name":"55f3eceb-5573-4f18-9695-226972c6d74a"},{"properties":{"displayName":"[Preview]: + Enable Azure Monitor for VM Scale Sets (VMSS)","policyType":"BuiltIn","description":"Enable + Azure Monitor for the VM Scale Sets in the specified scope (Management group, + Subscription or resource group). Takes Log Analytics workspace as parameter. + Note: if your scale set upgradePolicy is set to Manual, you need to apply + the extension to the all VMs in the set by calling upgrade on them. In CLI + this would be az vmss update-instances.","metadata":{"category":"Monitoring"},"parameters":{"logAnalytics_1":{"type":"String","metadata":{"displayName":"Log + Analytics workspace","description":"Select Log Analytics workspace from dropdown + list. If this workspace is outside of the scope of the assignment you must + manually grant ''Log Analytics Contributor'' permissions (or similar) to the + policy assignment''s principal ID.","strongType":"omsWorkspace"}},"listOfImageIdToInclude_windows":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyDefinitions":[{"policyDefinitionReferenceId":"LogAnalyticsExtension_Windows_VMSS_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038","parameters":{"logAnalytics":{"value":"[parameters(''logAnalytics_1'')]"},"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"}}},{"policyDefinitionReferenceId":"LogAnalyticsExtension_Linux_VMSS_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069","parameters":{"logAnalytics":{"value":"[parameters(''logAnalytics_1'')]"},"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}}},{"policyDefinitionReferenceId":"DependencyAgentExtension_Windows_VMSS_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9","parameters":{"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"}}},{"policyDefinitionReferenceId":"DependencyAgentExtension_Linux_VMSS_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0","parameters":{"listOfImageIdToInclude":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}}},{"policyDefinitionReferenceId":"LogAnalytics_OSImage_VMSS_Audit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}}},{"policyDefinitionReferenceId":"DependencyAgent_OSImage_VMSS_Audit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10","parameters":{"listOfImageIdToInclude_windows":{"value":"[parameters(''listOfImageIdToInclude_windows'')]"},"listOfImageIdToInclude_linux":{"value":"[parameters(''listOfImageIdToInclude_linux'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/75714362-cae7-409e-9b99-a8e5075b7fad","type":"Microsoft.Authorization/policySetDefinitions","name":"75714362-cae7-409e-9b99-a8e5075b7fad"},{"properties":{"displayName":"[Preview]: Audit web server security settings inside Windows VMs","policyType":"BuiltIn","description":"http://aka.ms/gcpol. This initiative will both deploy the VM extension and audit web server security settings inside Windows VMs.","metadata":{"category":"Guest Configuration"},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_WindowsTLS","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8"},{"policyDefinitionReferenceId":"Audit_WindowsTLS","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/8bc55e6b-e9d5-4266-8dac-f688d151ec9c","type":"Microsoft.Authorization/policySetDefinitions","name":"8bc55e6b-e9d5-4266-8dac-f688d151ec9c"},{"properties":{"displayName":"[Preview]: Enable Data Protection Suite","policyType":"BuiltIn","description":"Enable data protection for SQL servers. This initiative is assigned automatically by Azure Security Center Standard Tier.","metadata":{"category":"Security - Center"},"parameters":{},"policyDefinitions":[{"policyDefinitionReferenceId":"deployThreatDetectionOnSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97","type":"Microsoft.Authorization/policySetDefinitions","name":"9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97"},{"properties":{"displayName":"Enforce - VM Port Lockdown","policyType":"Custom","description":"Enforces that specific - port ranges have access restricted to either CorpNet or SAW (depending on - source IP range chosen during assignment)","metadata":{"category":"Port Lockdown","parameterScopes":{"access":"/subscriptions/00000000-0000-0000-0000-000000000000"}},"parameters":{"SOURCEADDRESSPREFIXES_1":{"type":"Array","metadata":{"displayName":"IP - restriction prefixes","description":null}}},"policyDefinitions":[{"policyDefinitionReferenceId":"5930870351761903477","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111","parameters":{"destinationPortRanges":{"value":["3389","3389-3390"]},"sourceAddressPrefixes":{"value":"[parameters(''SOURCEADDRESSPREFIXES_1'')]"}}},{"policyDefinitionReferenceId":"14554220312663270802","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111","parameters":{"destinationPortRanges":{"value":["5986","5985","5985-5986"]},"sourceAddressPrefixes":{"value":"[parameters(''SOURCEADDRESSPREFIXES_1'')]"}}},{"policyDefinitionReferenceId":"9245329265770241913","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111","parameters":{"destinationPortRanges":{"value":["22","22-22","22-23"]},"sourceAddressPrefixes":{"value":"[parameters(''SOURCEADDRESSPREFIXES_1'')]"}}},{"policyDefinitionReferenceId":"17233112498738905251","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111","parameters":{"destinationPortRanges":{"value":["23"]},"sourceAddressPrefixes":{"value":"[parameters(''SOURCEADDRESSPREFIXES_1'')]"}}},{"policyDefinitionReferenceId":"11847028610508251009","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111","parameters":{"destinationPortRanges":{"value":["1433"]},"sourceAddressPrefixes":{"value":"[parameters(''SOURCEADDRESSPREFIXES_1'')]"}}},{"policyDefinitionReferenceId":"5782128531867937477","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111","parameters":{"destinationPortRanges":{"value":["445"]},"sourceAddressPrefixes":{"value":"[parameters(''SOURCEADDRESSPREFIXES_1'')]"}}},{"policyDefinitionReferenceId":"6932989581576954984","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111","parameters":{"destinationPortRanges":{"value":["135"]},"sourceAddressPrefixes":{"value":"[parameters(''SOURCEADDRESSPREFIXES_1'')]"}}},{"policyDefinitionReferenceId":"797444469315623872","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d7b13c30-e6aa-47e1-b50a-8e33f152d086","parameters":{"destinationPortRanges":{"value":["3389","3389-3390","5986","5985","5985-5986","22","22-22","22-23","23","1433","445","135"]},"sourceAddressPrefixes":{"value":"[parameters(''SOURCEADDRESSPREFIXES_1'')]"}}},{"policyDefinitionReferenceId":"6167651208609008778","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ebcd21e9-b89f-4a22-8654-dd3a4d8b9321","parameters":{}},{"policyDefinitionReferenceId":"5487397055645750292","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/210ed8bd-6b07-4d5e-a62c-c34f07293288","parameters":{"nsgPrefix":{"value":"PortLockdown"},"sourceAddressPrefixes":{"value":"[parameters(''SOURCEADDRESSPREFIXES_1'')]"},"destinationPortRanges":{"value":["3389-3390","5985-5986","22","23","1433","445","135"]}}},{"policyDefinitionReferenceId":"5721159336579598604","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115","parameters":{"nsgPrefix":{"value":"PortLockdown"},"sourceAddressPrefixes":{"value":"[parameters(''SOURCEADDRESSPREFIXES_1'')]"},"destinationPortRanges":{"value":["3389-3390","5985-5986","22","23","1433","445","135"]},"priority":{"value":"3997"},"access":{"value":"Allow"},"name":{"value":"PortLockdown_ControlledPorts_Restrict"}}},{"policyDefinitionReferenceId":"783328307102833297","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115","parameters":{"nsgPrefix":{"value":"PortLockdown"},"sourceAddressPrefixes":{"value":["VirtualNetwork"]},"destinationPortRanges":{"value":["3389-3390","5985-5986","22","23","1433","445","135"]},"priority":{"value":"3998"},"access":{"value":"Allow"},"name":{"value":"PortLockdown_ControlledPorts_AllowVnet"}}},{"policyDefinitionReferenceId":"13264874163570265928","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115","parameters":{"nsgPrefix":{"value":"PortLockdown"},"sourceAddressPrefixes":{"value":["*"]},"destinationPortRanges":{"value":["3389-3390","5985-5986","22","23","1433","445","135"]},"priority":{"value":"3999"},"access":{"value":"Deny"},"name":{"value":"PortLockdown_ControlledPorts_Deny"}}},{"policyDefinitionReferenceId":"10868451132156218171","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115","parameters":{"nsgPrefix":{"value":"PortLockdown"},"sourceAddressPrefixes":{"value":["*"]},"destinationPortRanges":{"value":["*"]},"priority":{"value":"4000"},"access":{"value":"Allow"},"name":{"value":"PortLockdown_AllowAll"}}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7115","type":"Microsoft.Authorization/policySetDefinitions","name":"20c4afd0-8a77-4433-b8b0-4ad06e4c7115"},{"properties":{"displayName":"cosmosdb - new aliases test","policyType":"Custom","metadata":{"category":"Test"},"parameters":{},"policyDefinitions":[{"policyDefinitionReferenceId":"5701618597132748228","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0a0","parameters":{}},{"policyDefinitionReferenceId":"9148562625737659571","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0b7","parameters":{}},{"policyDefinitionReferenceId":"1317257300482699336","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0bd","parameters":{}},{"policyDefinitionReferenceId":"636235743263978372","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0ce","parameters":{}},{"policyDefinitionReferenceId":"6540762518326135304","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd160","parameters":{}},{"policyDefinitionReferenceId":"16237668974108817340","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/9012b1cd-b045-46c6-a510-6137e06a009c","parameters":{}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/37501145-d01b-4bc8-92d0-c795a19fd164","type":"Microsoft.Authorization/policySetDefinitions","name":"37501145-d01b-4bc8-92d0-c795a19fd164"},{"properties":{"displayName":"rohitbh: - Initiative containing some definitions with deployIfNotExists effect","policyType":"Custom","metadata":{"category":"Test"},"parameters":{},"policyDefinitions":[{"policyDefinitionReferenceId":"9705281775767545600","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/50e2972e-143c-4edf-9ef6-bee0f84212d6","parameters":{}},{"policyDefinitionReferenceId":"3301615874834833614","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5","parameters":{}},{"policyDefinitionReferenceId":"8044870099827093134","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","parameters":{}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/471eddb2-9421-4b81-8a25-3a0b849544dd","type":"Microsoft.Authorization/policySetDefinitions","name":"471eddb2-9421-4b81-8a25-3a0b849544dd"},{"properties":{"displayName":"Policy - tracked resources SDK tests","policyType":"Custom","metadata":{},"parameters":{},"policyDefinitions":[{"policyDefinitionReferenceId":"6346022531429970426","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/71289c53-22e7-4f31-a6dd-780b532380c2","parameters":{}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/71289c53-22e7-4f31-a6dd-780b532380c6","type":"Microsoft.Authorization/policySetDefinitions","name":"71289c53-22e7-4f31-a6dd-780b532380c6"},{"properties":{"displayName":"jilim - allowed set","policyType":"Custom","metadata":{"category":"Test"},"parameters":{"LISTOFALLOWEDSKUS_1":{"type":"Array","metadata":{"displayName":"Allowed - SKUs","strongType":"VMSKUs"}},"LISTOFRESOURCETYPESNOTALLOWED_1":{"type":"Array","metadata":{"displayName":"Not - allowed resource types","strongType":"resourceTypes"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"8962248944013962433","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3","parameters":{"listOfAllowedSKUs":{"value":"[parameters(''LISTOFALLOWEDSKUS_1'')]"}}},{"policyDefinitionReferenceId":"13081098409154781365","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749","parameters":{"listOfResourceTypesNotAllowed":{"value":"[parameters(''LISTOFRESOURCETYPESNOTALLOWED_1'')]"}}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/762007ec-c5ba-41ae-a52d-db0834bea096","type":"Microsoft.Authorization/policySetDefinitions","name":"762007ec-c5ba-41ae-a52d-db0834bea096"},{"properties":{"displayName":"jilim - rt group set","policyType":"Custom","description":"1","metadata":{"category":"Test","parameterScopes":{"listOfResourceTypesAllowed":"/subscriptions/00000000-0000-0000-0000-000000000000"}},"parameters":{"ALLOWEDTYPES_1":{"type":"Array","metadata":{"displayName":"Allowed - resource types","description":null,"strongType":"resourceTypes"},"allowedValues":["Microsoft.EventGrid/domains","Microsoft.EventGrid/domains/topics","Microsoft.EventGrid/locations"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"18341726042324576950","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c","parameters":{"listOfResourceTypesAllowed":{"value":["Microsoft.Cdn/checkNameAvailability","Microsoft.Cdn/checkResourceUsage","Microsoft.Cdn/profiles"]}}},{"policyDefinitionReferenceId":"1359233886895761531","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c872f951-1c5d-4c61-89dd-aee2350a11ba","parameters":{"allowedTypes":{"value":"[parameters(''ALLOWEDTYPES_1'')]"}}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/82d42e20-f682-48dc-95b1-144f0963f0c1","type":"Microsoft.Authorization/policySetDefinitions","name":"82d42e20-f682-48dc-95b1-144f0963f0c1"},{"properties":{"displayName":"tags","policyType":"Custom","metadata":{},"parameters":{},"policyDefinitions":[{"policyDefinitionReferenceId":"9736595915162791837","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498","parameters":{"tagName":{"value":"t1"},"tagValue":{"value":"t1v"}}},{"policyDefinitionReferenceId":"5376449293497609056","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498","parameters":{"tagName":{"value":"t2"},"tagValue":{"value":"t2v"}}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/875cf75e-49c3-47f8-ab8d-89ba3d2311a0","type":"Microsoft.Authorization/policySetDefinitions","name":"875cf75e-49c3-47f8-ab8d-89ba3d2311a0"},{"properties":{"displayName":"ComplianceTestInitiative","policyType":"Custom","description":"Compliance - test initiative ","metadata":{"category":"Compliance test"},"parameters":{},"policyDefinitions":[{"policyDefinitionReferenceId":"4047897157028507992","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474","parameters":{"allowedLocations":{"value":["eastus"]}}},{"policyDefinitionReferenceId":"4859121137597195236","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474","parameters":{"allowedLocations":{"value":["centralus"]}}},{"policyDefinitionReferenceId":"8935913113203900114","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474","parameters":{"allowedLocations":{"value":["eastus2"]}}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/a03db67e-a286-43c3-9098-b2da83d361ad","type":"Microsoft.Authorization/policySetDefinitions","name":"a03db67e-a286-43c3-9098-b2da83d361ad"},{"properties":{"displayName":"test_sandipsh123","policyType":"Custom","metadata":{},"parameters":{},"policyDefinitions":[{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759","parameters":{}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/db6c5074-a529-4cc8-8882-43f10ef42002","type":"Microsoft.Authorization/policySetDefinitions","name":"db6c5074-a529-4cc8-8882-43f10ef42002"},{"properties":{"displayName":"MuratTest","policyType":"Custom","metadata":{"category":"Security - Center"},"parameters":{},"policyDefinitions":[{"policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/Audit - a tag and it''s value","parameters":{"tagName":{"value":"murat"},"tagValue":{"value":"ersan"}}},{"policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759","parameters":{}},{"policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/Audit - a tag and its value","parameters":{"tagName":{"value":"testupdate"},"tagValue":{"value":"ignite"}}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/e4a08f18-4e3e-47af-a2eb-cc96d8c9a01f","type":"Microsoft.Authorization/policySetDefinitions","name":"e4a08f18-4e3e-47af-a2eb-cc96d8c9a01f"},{"properties":{"displayName":"Initiative - with my parameterized effect policy","policyType":"Custom","metadata":{"category":"camarvin","parameterScopes":{"logAnalytics":"/subscriptions/00000000-0000-0000-0000-000000000000"}},"parameters":{"EFFECT_1":{"type":"String","metadata":{"displayName":"Initiative - effect","description":null},"defaultValue":"audit"}},"policyDefinitions":[{"policyDefinitionReferenceId":"16025301204423402856","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2","parameters":{"effect":{"value":"audit"}}},{"policyDefinitionReferenceId":"15232055014610564026","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2","parameters":{"effect":{"value":"[parameters(''EFFECT_1'')]"}}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/e6884163-54c6-4f5e-9570-9e4cbd95b078","type":"Microsoft.Authorization/policySetDefinitions","name":"e6884163-54c6-4f5e-9570-9e4cbd95b078"},{"properties":{"displayName":"rohitbh: - Initiative with parameterized deployIfNotExists","policyType":"Custom","metadata":{"category":"Test","parameterScopes":{"namePattern":"/subscriptions/00000000-0000-0000-0000-000000000000"}},"parameters":{"LOGANALYTICS_1":{"type":"String","metadata":{"displayName":"Log - Analytics workspace","strongType":"omsWorkspace"}},"EFFECT_1":{"type":"String","metadata":{"displayName":"Effect","strongType":"omsWorkspace"},"allowedValues":["deployIfNotExists","disabled"]}},"policyDefinitions":[{"policyDefinitionReferenceId":"7548235847093577126","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/263f13f4-6b88-4788-bead-34beedde70ce","parameters":{"logAnalytics":{"value":"[parameters(''LOGANALYTICS_1'')]"},"effect":{"value":"[parameters(''EFFECT_1'')]"}}},{"policyDefinitionReferenceId":"94784994378515624","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/camarvin-test-empty-assign","parameters":{"namePattern":{"value":"one"}}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/fbcd550f-aeec-40fc-b92f-96aece1f50cd","type":"Microsoft.Authorization/policySetDefinitions","name":"fbcd550f-aeec-40fc-b92f-96aece1f50cd"}]}'} + Center"},"parameters":{},"policyDefinitions":[{"policyDefinitionReferenceId":"deployThreatDetectionOnSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97","type":"Microsoft.Authorization/policySetDefinitions","name":"9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97"},{"properties":{"displayName":"test_policysetwxjo4i","policyType":"Custom","description":"desc_for_test_policyset_123_new","parameters":{},"policyDefinitions":[{"policyDefinitionReferenceId":"17488445668941566688","policyDefinitionId":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyrs5zxfokx","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}}]},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset6rniub","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset6rniub"}]}'} headers: cache-control: [no-cache] - content-length: ['59990'] + content-length: ['48460'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:15 GMT'] + date: ['Tue, 27 Nov 2018 05:05:13 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -827,20 +725,21 @@ interactions: Connection: [keep-alive] Content-Length: ['0'] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: DELETE uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002?api-version=2018-03-01 response: - body: {string: '{"properties":{"displayName":"test_policy000003","policyType":"Custom","description":"desc_for_test_policy_123","parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The - list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed - locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"}'} + body: {string: '{"properties":{"displayName":"test_policy000003","policyType":"Custom","description":"desc_for_test_policy_123","parameters":{"allowedLocations":{"type":"Array","metadata":{"strongType":"location","description":"The + list of locations that can be specified when deploying resources","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"in":"[parameters(''allowedLocations'')]","field":"location"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"}'} headers: cache-control: [no-cache] content-length: ['670'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:16 GMT'] + date: ['Tue, 27 Nov 2018 05:05:14 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -857,8 +756,8 @@ interactions: CommandName: [policy definition list] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions?api-version=2018-03-01 @@ -870,7 +769,9 @@ interactions: Analytics workspace","description":"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant ''Log Analytics Contributor'' permissions (or similar) to the - policy assignment''s principal ID.","strongType":"omsWorkspace"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","sles-byos"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"OmsAgentForLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"OmsAgentForLinux","vmExtensionTypeHandlerVersion":"1.7"},"resources":[{"name":"[concat(parameters(''vmName''), + policy assignment''s principal ID.","strongType":"omsWorkspace"}},"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"OmsAgentForLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"OmsAgentForLinux","vmExtensionTypeHandlerVersion":"1.7"},"resources":[{"name":"[concat(parameters(''vmName''), ''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''), ''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''), ''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled @@ -884,7 +785,7 @@ interactions: days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","type":"Microsoft.Authorization/policyDefinitions","name":"057ef27e-665e-4328-8ea3-04b3122bd9fb"},{"properties":{"displayName":"Audit SQL DB Level Audit Setting","policyType":"BuiltIn","mode":"All","description":"Audit DB level audit setting for SQL databases","metadata":{"category":"SQL","deprecated":true},"parameters":{"setting":{"type":"String","metadata":{"displayName":"Audit - Setting"},"allowedValues":["enabled","disabled"]}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers/databases"},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Sql/servers/databases/auditingSettings","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/auditingSettings.state","equals":"[parameters(''setting'')]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"Audit + Setting"},"allowedValues":["enabled","disabled"]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Sql/servers/databases/auditingSettings","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/auditingSettings.state","equals":"[parameters(''setting'')]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"Audit VMs that do not use managed disks","policyType":"BuiltIn","mode":"All","description":"This policy audits VMs that do not use managed disks","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/virtualMachines/osDisk.uri","exists":"True"}]},{"allOf":[{"field":"type","equals":"Microsoft.Compute/VirtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers","exists":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl","exists":"True"}]}]}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a4d"},{"properties":{"displayName":"[Preview]: Deploy Log Analytics Agent for Windows VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy @@ -893,7 +794,9 @@ interactions: Analytics workspace","description":"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant ''Log Analytics Contributor'' permissions (or similar) to the - policy assignment''s principal ID.","strongType":"omsWorkspace"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"MicrosoftMonitoringAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"MicrosoftMonitoringAgent","vmExtensionTypeHandlerVersion":"1.0"},"resources":[{"name":"[concat(parameters(''vmName''), + policy assignment''s principal ID.","strongType":"omsWorkspace"}},"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + values: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"MicrosoftMonitoringAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"MicrosoftMonitoringAgent","vmExtensionTypeHandlerVersion":"1.0"},"resources":[{"name":"[concat(parameters(''vmName''), ''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''), ''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''), ''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled @@ -910,21 +813,36 @@ interactions: that the resource location matches its resource group location","metadata":{"category":"General"},"policyRule":{"if":{"field":"location","notIn":["[resourcegroup().location]","global"]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a","type":"Microsoft.Authorization/policyDefinitions","name":"0a914e76-4921-4c19-b460-a2d36003525a"},{"properties":{"displayName":"[Preview]: Audit Dependency Agent Deployment - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the - agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","sles-byos"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.2-LTS","14.04.3-LTS","14.04.4-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","type":"Microsoft.Authorization/policyDefinitions","name":"11ac78e3-31bc-4f0c-8434-37ab963cea07"},{"properties":{"displayName":"[Preview]: + agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude_windows":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","type":"Microsoft.Authorization/policyDefinitions","name":"11ac78e3-31bc-4f0c-8434-37ab963cea07"},{"properties":{"displayName":"[Preview]: + Deploy VM extension to audit application inside Windows VMs must be present","policyType":"BuiltIn","mode":"Indexed","description":"Include + this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft + Azure Managed Service Identity, and required content to audit applications + inside Windows VMs must be present.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"installedApplication":{"type":"String","metadata":{"displayName":"Application + name (supports wildcard)","description":"Application name. Example: ''Microsoft + SQL Server 2014 (64-bit)'' or ''Microsoft SQL Server 2014*'' to match any + application starting with ''Microsoft SQL Server 2014''."}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"WhitelistedApplication","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"WhitelistedApplication"},"installedApplication":{"value":"[parameters(''installedApplication'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"installedApplication":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]bwhitelistedapp;Name","value":"[Parameters(''installedApplication'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), + ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6","type":"Microsoft.Authorization/policyDefinitions","name":"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6"},{"properties":{"displayName":"[Preview]: Deploy VM extension to audit Windows VM minimum password age 1 day","policyType":"BuiltIn","mode":"Indexed","description":"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password must be used before the user can change it.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"MinimumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"MinimumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"MinimumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"MinimumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","type":"Microsoft.Authorization/policyDefinitions","name":"16390df4-2f73-4b42-af13-c801066763df"},{"properties":{"displayName":"Audit transparent data encryption status","policyType":"BuiltIn","mode":"Indexed","description":"Audit transparent data encryption status for SQL databases","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers/databases"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"enabled"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"17k78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"[Preview]: + or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"enabled"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"17k78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"[Preview]: Deploy Dependency Agent for Windows VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined - and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentWindows"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentWindows","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''), + and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentWindows"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentWindows","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''), ''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04","type":"Microsoft.Authorization/policyDefinitions","name":"1c210e94-a481-4beb-95fa-1571b434fb04"},{"properties":{"displayName":"Audit use of classic virtual machines","policyType":"BuiltIn","mode":"All","description":"Use @@ -961,7 +879,7 @@ interactions: Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the least number of characters that a password for a user account may contain.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"MinimumPasswordLength","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"MinimumPasswordLength"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"MinimumPasswordLength","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"MinimumPasswordLength"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","type":"Microsoft.Authorization/policyDefinitions","name":"23020aa6-1135-4be2-bae2-149982b06eca"},{"properties":{"displayName":"[Preview]: Audit Windows VM maximum password age 70 days","policyType":"BuiltIn","mode":"Indexed","description":"This @@ -1002,13 +920,17 @@ interactions: is disabled.","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","type":"Microsoft.Authorization/policyDefinitions","name":"2d67222d-05fd-4526-a171-2ee132ad9e83"},{"properties":{"displayName":"[Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the - agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","sles-byos"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","type":"Microsoft.Authorization/policyDefinitions","name":"32133ab0-ee4b-4b44-98d6-042180979d50"},{"properties":{"displayName":"[Preview]: + agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude_windows":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","type":"Microsoft.Authorization/policyDefinitions","name":"32133ab0-ee4b-4b44-98d6-042180979d50"},{"properties":{"displayName":"[Preview]: Deploy VM extension to audit Linux VM accounts with no passwords","policyType":"BuiltIn","mode":"Indexed","description":"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies there are no accounts without passwords.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordPolicy_msid232","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordPolicy_msid232"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordPolicy_msid232","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordPolicy_msid232"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","type":"Microsoft.Authorization/policyDefinitions","name":"3470477a-b35a-49db-aca5-1073d04524fe"},{"properties":{"displayName":"Audit unrestricted network access to storage accounts","policyType":"BuiltIn","mode":"Indexed","description":"Audit @@ -1030,7 +952,7 @@ interactions: Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password can be used before the system requires the user to change - it.","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"MaximumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"MaximumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + it.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"MaximumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"MaximumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","type":"Microsoft.Authorization/policyDefinitions","name":"356a906e-05e5-4625-8729-90771e0ee934"},{"properties":{"displayName":"Audit enablement of encryption of Automation account variables","policyType":"BuiltIn","mode":"All","description":"It @@ -1046,7 +968,31 @@ interactions: Resource Manager based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.classicStorage/storageAccounts"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","type":"Microsoft.Authorization/policyDefinitions","name":"37e0d2fe-28a5-43d6-a273-67d37d1f5606"},{"properties":{"displayName":"Deploy + or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.classicStorage/storageAccounts"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","type":"Microsoft.Authorization/policyDefinitions","name":"37e0d2fe-28a5-43d6-a273-67d37d1f5606"},{"properties":{"displayName":"[Preview]: + Deploy Dependency Agent for Windows VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy + Dependency Agent for Windows VM Scale Sets if the VM Image (OS) is in the + list defined and the agent is not installed. Note: if your scale set upgradePolicy + is set to Manual, you need to apply the extension to the all VMs in the set + by calling upgrade on them. In CLI this would be az vmss update-instances.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"DependencyAgentWindows"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentWindows","vmExtensionTypeHandlerVersion":"9.7"},"resources":[{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","name":"[concat(parameters(''vmName''), + ''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled + extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9","type":"Microsoft.Authorization/policyDefinitions","name":"3be22e3b-d919-47aa-805e-8985dbeb0ad9"},{"properties":{"displayName":"[Preview]: + Deploy Log Analytics Agent for Windows VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy + Log Analytics Agent for Windows VM Scale Sets if the VM Image (OS) is in the + list defined and the agent is not installed. Note: if your scale set upgradePolicy + is set to Manual, you need to apply the extension to the all VMs in the set + by calling upgrade on them. In CLI this would be az vmss update-instances.","metadata":{"category":"Monitoring"},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log + Analytics workspace","description":"Select Log Analytics workspace from dropdown + list. If this workspace is outside of the scope of the assignment you must + manually grant ''Log Analytics Contributor'' permissions (or similar) to the + policy assignment''s principal ID.","strongType":"omsWorkspace"}},"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293","/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"MicrosoftMonitoringAgent"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"MicrosoftMonitoringAgent","vmExtensionTypeHandlerVersion":"1.0"},"resources":[{"name":"[concat(parameters(''vmName''), + ''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachineScaleSets/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''), + ''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''), + ''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled + extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038","type":"Microsoft.Authorization/policyDefinitions","name":"3c1b3629-c8f8-4bf6-862c-037cb9094038"},{"properties":{"displayName":"Deploy default Log Analytics Agent for Ubuntu VMs","policyType":"BuiltIn","mode":"Indexed","description":"This policy deploys the Log Analytics Agent on Ubuntu VMs, and connects to the selected Log Analytics workspace","metadata":{"category":"Compute","deprecated":true},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log @@ -1094,7 +1040,9 @@ interactions: parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71","type":"Microsoft.Authorization/policyDefinitions","name":"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71"},{"properties":{"displayName":"[Preview]: Deploy Dependency Agent for Linux VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined - and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.2-LTS","14.04.3-LTS","14.04.4-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","sles-byos"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentLinux","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''), + and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentLinux","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''), ''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee","type":"Microsoft.Authorization/policyDefinitions","name":"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee"},{"properties":{"displayName":"[Preview]: Audit maximum number of owners for a subscription","policyType":"BuiltIn","mode":"All","description":"It @@ -1108,13 +1056,39 @@ interactions: Audit Windows VM passwords must be at least 14 characters","policyType":"BuiltIn","mode":"Indexed","description":"This security setting determines the least number of characters that a password for a user account may contain.","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","type":"Microsoft.Authorization/policyDefinitions","name":"5aebc8d1-020d-4037-89a0-02043a7524ec"},{"properties":{"displayName":"[Preview]: + Audit Log Analytics Agent Deployment in VMSS - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports + VMSS as non-compliant if the VM Image (OS) is not in the list defined and + the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude_windows":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","type":"Microsoft.Authorization/policyDefinitions","name":"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138"},{"properties":{"displayName":"[Preview]: Audit external accounts with write permissions on a subscription","policyType":"BuiltIn","mode":"All","description":"External accounts with write privileges should be removed from your subscription in order to prevent unmonitored access.","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","type":"Microsoft.Authorization/policyDefinitions","name":"5c607a2e-c700-4744-8254-d77e7c9eb5e4"},{"properties":{"displayName":"Allow + or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","type":"Microsoft.Authorization/policyDefinitions","name":"5c607a2e-c700-4744-8254-d77e7c9eb5e4"},{"properties":{"displayName":"[Preview]: + Audit application inside Windows VMs must be present","policyType":"BuiltIn","mode":"Indexed","description":"This + policy will audit instances of applications running inside Windows virtual + machines, to verify that the application exists.","metadata":{"category":"Guest + Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WhitelistedApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9","type":"Microsoft.Authorization/policyDefinitions","name":"5e393799-e3ca-4e43-a9a5-0ec4648a57d9"},{"properties":{"displayName":"Allow resource creation only in India data centers","policyType":"BuiltIn","description":"Allows resource creation in the following locations only: West India, South India, Central India","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["westindia","southindia","centralindia"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54","type":"Microsoft.Authorization/policyDefinitions","name":"5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54"},{"properties":{"displayName":"[Preview]: + Deploy Log Analytics Agent for Linux VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy + Log Analytics Agent for Linux VM Scale Sets if the VM Image (OS) is in the + list defined and the agent is not installed. Note: if your scale set upgradePolicy + is set to Manual, you need to apply the extension to the all VMs in the set + by calling upgrade on them. In CLI this would be az vmss update-instances.","metadata":{"category":"Monitoring"},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log + Analytics workspace","description":"Select Log Analytics workspace from dropdown + list. If this workspace is outside of the scope of the assignment you must + manually grant ''Log Analytics Contributor'' permissions (or similar) to the + policy assignment''s principal ID.","strongType":"omsWorkspace"}},"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293","/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"OmsAgentForLinux"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"OmsAgentForLinux","vmExtensionTypeHandlerVersion":"1.7"},"resources":[{"name":"[concat(parameters(''vmName''), + ''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachineScaleSets/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''), + ''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''), + ''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled + extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069","type":"Microsoft.Authorization/policyDefinitions","name":"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069"},{"properties":{"displayName":"[Preview]: Audit external accounts with read permissions on a subscription","policyType":"BuiltIn","mode":"All","description":"External accounts with read privileges should be removed from your subscription in order to prevent unmonitored access.","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable @@ -1152,7 +1126,7 @@ interactions: Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the number of unique new passwords that have to be associated with a user account before an old - password can be reused.","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"EnforcePasswordHistory","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"EnforcePasswordHistory"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + password can be reused.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"EnforcePasswordHistory","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"EnforcePasswordHistory"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","type":"Microsoft.Authorization/policyDefinitions","name":"726671ac-c4de-4908-8c7d-6043ae62e3b6"},{"properties":{"displayName":"Allowed storage account SKUs","policyType":"BuiltIn","description":"This policy enables @@ -1168,7 +1142,16 @@ interactions: vulnerabilities detected by Vulnerability Assessment solution and VMs without a Vulnerability Assessment solution in Azure Security Center as recommendations.","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"vulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","type":"Microsoft.Authorization/policyDefinitions","name":"760a85ff-6162-42b3-8d70-698e268f648c"},{"properties":{"displayName":"Audit + or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"vulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","type":"Microsoft.Authorization/policyDefinitions","name":"760a85ff-6162-42b3-8d70-698e268f648c"},{"properties":{"displayName":"[Preview]: + Deploy Dependency Agent for Linux VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy + Dependency Agent for Linux VM Scale Sets if the VM Image (OS) is in the list + defined and the agent is not installed. Note: if your scale set upgradePolicy + is set to Manual, you need to apply the extension to the all VMs in the set + by calling upgrade on them. In CLI this would be az vmss update-instances.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentLinux","vmExtensionTypeHandlerVersion":"9.7"},"resources":[{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","name":"[concat(parameters(''vmName''), + ''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled + extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0","type":"Microsoft.Authorization/policyDefinitions","name":"765266ab-e40e-4c61-bcb2-5a5275d0b7c0"},{"properties":{"displayName":"Audit enabling of diagnostics logs in Service Fabric and Virtual Machine Scale Sets","policyType":"BuiltIn","mode":"Indexed","description":"It is recommended to enable Logs so that activity trail can be recreated when investigations are required in the event of an incident or a compromise.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable @@ -1181,7 +1164,7 @@ interactions: Azure Managed Service Identity, and required content to check settings inside the virtual machine. If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordMustMeetComplexityRequirements","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordMustMeetComplexityRequirements"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordMustMeetComplexityRequirements","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordMustMeetComplexityRequirements"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","type":"Microsoft.Authorization/policyDefinitions","name":"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8"},{"properties":{"displayName":"Audit diagnostic setting","policyType":"BuiltIn","mode":"All","description":"Audit @@ -1195,7 +1178,7 @@ interactions: retention (days)","description":"The required diagnostic logs retention in days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","type":"Microsoft.Authorization/policyDefinitions","name":"83a214f7-d01a-484b-91a9-ed54470c9a6a"},{"properties":{"displayName":"Deploy SQL DB transparent data encryption","policyType":"BuiltIn","mode":"Indexed","description":"Enables - transparent data encryption on SQL databases","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers/databases"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"fullDbName":{"type":"string"}},"resources":[{"name":"[concat(parameters(''fullDbName''), + transparent data encryption on SQL databases","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"fullDbName":{"type":"string"}},"resources":[{"name":"[concat(parameters(''fullDbName''), ''/current'')]","type":"Microsoft.Sql/servers/databases/transparentDataEncryption","apiVersion":"2014-04-01","properties":{"status":"Enabled"}}]},"parameters":{"fullDbName":{"value":"[field(''fullName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f","type":"Microsoft.Authorization/policyDefinitions","name":"86a912f6-9a06-4e26-b447-11b16ba8659f"},{"properties":{"displayName":"[Preview]: Monitor missing system updates in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Missing security system updates on your servers will be monitored by Azure Security @@ -1212,7 +1195,7 @@ interactions: Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines whether the operating system stores passwords using reversible encryption.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"StorePasswordsUsingReversibleEncryption","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"StorePasswordsUsingReversibleEncryption"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"StorePasswordsUsingReversibleEncryption","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"StorePasswordsUsingReversibleEncryption"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","type":"Microsoft.Authorization/policyDefinitions","name":"8ff0b18b-262e-4512-857a-48ad0aeb9a78"},{"properties":{"displayName":"[Preview]: Audit accounts with write permissions who are not MFA enabled on a subscription","policyType":"BuiltIn","mode":"All","description":"Multi-Factor @@ -1304,7 +1287,7 @@ interactions: Azure Managed Service Identity, and required content to audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"AuditSecureProtocol","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AuditSecureProtocol"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"AuditSecureProtocol","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AuditSecureProtocol"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","type":"Microsoft.Authorization/policyDefinitions","name":"b2fc8f91-866d-4434-9089-5ebfe38d6fd8"},{"properties":{"displayName":"Audit enabling of diagnostic logs for Search service","policyType":"BuiltIn","mode":"Indexed","description":"Audit @@ -1363,6 +1346,13 @@ interactions: which do not satisfy the configured baseline will be monitored by Azure Security Center as recommendations","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines","Microsoft.OperationalInsights/workspaces"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"osVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","type":"Microsoft.Authorization/policyDefinitions","name":"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15"},{"properties":{"displayName":"[Preview]: + Audit Dependency Agent Deployment in VMSS - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports + VMSS as non-compliant if the VM Image (OS) is not in the list defined and + the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude_windows":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10","type":"Microsoft.Authorization/policyDefinitions","name":"e2dd799a-a932-4e9d-ac17-d473bc3c6c10"},{"properties":{"displayName":"[Preview]: Audit accounts with read permissions who are not MFA enabled on a subscription","policyType":"BuiltIn","mode":"All","description":"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with read privileges to prevent a breach of accounts or resources.","metadata":{"category":"Security @@ -1391,7 +1381,7 @@ interactions: Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies remote connections from accounts - with empty passwords is disabled.","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordPolicy_msid110","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordPolicy_msid110"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + with empty passwords is disabled.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordPolicy_msid110","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordPolicy_msid110"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","type":"Microsoft.Authorization/policyDefinitions","name":"ec49586f-4939-402d-a29e-6ff502b20592"},{"properties":{"displayName":"[Preview]: Deploy VM extension to audit Linux VM passwd file permissions","policyType":"BuiltIn","mode":"Indexed","description":"Include @@ -1400,7 +1390,7 @@ interactions: the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordPolicy_msid121","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordPolicy_msid121"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordPolicy_msid121","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordPolicy_msid121"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","type":"Microsoft.Authorization/policyDefinitions","name":"f19aa1c1-6b91-4c27-ae6a-970279f03db9"},{"properties":{"displayName":"[Preview]: Audit Log Analytics Workspace for VM - Report Mismatch","policyType":"BuiltIn","mode":"Indexed","description":"Reports @@ -1454,405 +1444,70 @@ interactions: Monitor SQL vulnerability assessment results in Azure Security Center","policyType":"BuiltIn","mode":"Indexed","description":"Monitor Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Sql/servers/databases","Microsoft.Sql/managedinstances/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"sqlVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","type":"Microsoft.Authorization/policyDefinitions","name":"feedbf84-6b99-488c-acc2-71c829aa5ffc"},{"properties":{"displayName":"storage_httpsTrafficOnly","policyType":"Custom","mode":"All","metadata":{"category":"Demo"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly","equals":"True"}}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/023217dd-81bb-461f-93ea-8799caac50c7","type":"Microsoft.Authorization/policyDefinitions","name":"023217dd-81bb-461f-93ea-8799caac50c7"},{"properties":{"displayName":"test_allowedlocation","policyType":"Custom","mode":"All","metadata":{},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources.","strongType":"location"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/05bf225f-806e-496d-802c-9d6bc548b0bc","type":"Microsoft.Authorization/policyDefinitions","name":"05bf225f-806e-496d-802c-9d6bc548b0bc"},{"properties":{"displayName":"akif - incident - 85944710","policyType":"Custom","mode":"All","description":"reproing - incident 85944710\nhttps://icm.ad.msft.net/imp/v3/incidents/details/85944710/home\n","metadata":{"category":"akhe"},"parameters":{"listOfAllowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources.","strongType":"location"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"anyOf":[{"field":"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName","notIn":"[parameters(''listOfAllowedLocations'')]"},{"field":"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName","notIn":"[parameters(''listOfAllowedLocations'')]"},{"field":"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName","notIn":"[parameters(''listOfAllowedLocations'')]"}]}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/0e0d567a-6089-46fc-b12c-ca5af12870bd","type":"Microsoft.Authorization/policyDefinitions","name":"0e0d567a-6089-46fc-b12c-ca5af12870bd"},{"properties":{"displayName":"akhe-incident-86226837-v2","policyType":"Custom","mode":"All","description":"second - attempt to repro this incident. ","metadata":{"category":"akhe"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Sql/servers/firewallRules","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/servers/firewallRules/startIpAddress","equals":"0.0.0.0"},{"field":"Microsoft.Sql/servers/firewallRules/endIpAddress","equals":"0.0.0.0"}]}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/0e0d567a-6089-46fc-b12c-ca5af1287abe","type":"Microsoft.Authorization/policyDefinitions","name":"0e0d567a-6089-46fc-b12c-ca5af1287abe"},{"properties":{"displayName":"testSandipsh - metric alert policy","policyType":"Custom","mode":"All","description":"test","metadata":{"category":"testSandipsh"},"parameters":{"resourceType":{"type":"String","metadata":{"displayName":"Resource - Type","description":"The target resource type."}},"alertNamePrefix":{"type":"String","metadata":{"displayName":"Alert - name prefix","description":"A prefix to be used for the metrics alert."}},"alertDescription":{"type":"String","metadata":{"displayName":"Alert - description.","description":"The description of alert."}},"alertSeverity":{"type":"String","metadata":{"displayName":"alertSeverity","description":"Severity - of alert {0,1,2,3,4}"},"allowedValues":["0","1","2","3","4"]},"isEnabled":{"type":"String","metadata":{"displayName":"isEnabled","description":"Specifies - whether the alert is enabled."},"allowedValues":["true","false"]},"metricName":{"type":"String","metadata":{"displayName":"Metric - name","description":"The metric name."}},"operator":{"type":"String","metadata":{"displayName":"Operator","description":"The - operator comparing the current value with the threshold value."}},"threshold":{"type":"String","metadata":{"displayName":"Threshold","description":"The - threshold value at which the alert is activated."}},"timeAggregation":{"type":"String","metadata":{"displayName":"TimeAggregation","description":"How - the data that is collected should be combined over time."}},"windowSize":{"type":"String","metadata":{"displayName":"Window - size","description":"Period of time used to monitor alert activity based on - the threshold. Must be between five minutes and one day. ISO 8601 duration - format."}},"evaluationFrequency":{"type":"String","metadata":{"displayName":"Evaluation - Frequency","description":"How often the metric alert is evaluated represented - in ISO 8601 duration format"}},"actionGroupId":{"type":"String","metadata":{"displayName":"ActionGroupId","description":"The - ID of the action group that is triggered when the alert is activated or deactivated"}}},"policyRule":{"if":{"field":"type","equals":"[parameters(''resourceType'')]"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Insights/metricAlerts","existenceCondition":{"field":"name","equals":"[concat(parameters(''alertNamePrefix''), - ''-'', resourcegroup().name, ''-'', field(''name''))]"},"existenceScope":"subscription","deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"alertNamePrefix":{"type":"string","minLength":1,"metadata":{"description":"A - prefix to be used for the metrics alert."}},"alertDescription":{"type":"string","defaultValue":"This - is a metric alert","metadata":{"description":"Description of alert"}},"alertSeverity":{"type":"string","defaultValue":"3","allowedValues":["0","1","2","3","4"],"metadata":{"description":"Severity - of alert {0,1,2,3,4}"}},"isEnabled":{"type":"string","defaultValue":"true","metadata":{"description":"Specifies - whether the alert is enabled"}},"metricName":{"type":"string","minLength":1,"metadata":{"description":"Name - of the metric used in the comparison to activate the alert."}},"operator":{"type":"string","defaultValue":"GreaterThan","allowedValues":["Equals","NotEquals","GreaterThan","GreaterThanOrEqual","LessThan","LessThanOrEqual"],"metadata":{"description":"Operator - comparing the current value with the threshold value."}},"threshold":{"type":"string","defaultValue":"0","metadata":{"description":"The - threshold value at which the alert is activated."}},"timeAggregation":{"type":"string","defaultValue":"Average","allowedValues":["Average","Minimum","Maximum","Total"],"metadata":{"description":"How - the data that is collected should be combined over time."}},"windowSize":{"type":"string","defaultValue":"PT5M","metadata":{"description":"Period - of time used to monitor alert activity based on the threshold. Must be between - five minutes and one day. ISO 8601 duration format."}},"evaluationFrequency":{"type":"string","defaultValue":"PT1M","metadata":{"description":"how - often the metric alert is evaluated represented in ISO 8601 duration format"}},"actionGroupId":{"type":"string","defaultValue":"","metadata":{"description":"The - ID of the action group that is triggered when the alert is activated or deactivated"}},"resourceType":{"type":"string","metadata":{"description":"The - resource type of target resource."}},"targetResourceName":{"type":"string","metadata":{"description":"The - target resource name."}}},"variables":{"targetResourceType":"[parameters(''resourceType'')]","resourceIdentifier":"[resourceId(variables(''targetResourceType''), - parameters(''targetResourceName''))]","alertName":"[concat(parameters(''alertNamePrefix''), - ''-'', resourcegroup().name, ''-'', parameters(''targetResourceName''))]"},"resources":[{"name":"[variables(''alertName'')]","type":"Microsoft.Insights/metricAlerts","location":"global","apiVersion":"2018-03-01","tags":{},"properties":{"description":"[parameters(''alertDescription'')]","severity":"[parameters(''alertSeverity'')]","enabled":"[parameters(''isEnabled'')]","scopes":["[variables(''resourceIdentifier'')]"],"evaluationFrequency":"[parameters(''evaluationFrequency'')]","windowSize":"[parameters(''windowSize'')]","criteria":{"odata.type":"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria","allOf":[{"name":"1st - criterion","metricName":"[parameters(''metricName'')]","dimensions":[],"operator":"[parameters(''operator'')]","threshold":"[parameters(''threshold'')]","timeAggregation":"[parameters(''timeAggregation'')]"}]},"actions":[{"actionGroupId":"[parameters(''actionGroupId'')]"}]}}]},"parameters":{"alertNamePrefix":{"value":"[parameters(''alertNamePrefix'')]"},"alertDescription":{"value":"[parameters(''alertDescription'')]"},"alertSeverity":{"value":"[parameters(''alertSeverity'')]"},"isEnabled":{"value":"[parameters(''isEnabled'')]"},"metricName":{"value":"[parameters(''metricName'')]"},"operator":{"value":"[parameters(''operator'')]"},"threshold":{"value":"[parameters(''threshold'')]"},"timeAggregation":{"value":"[parameters(''timeAggregation'')]"},"windowSize":{"value":"[parameters(''windowSize'')]"},"evaluationFrequency":{"value":"[parameters(''evaluationFrequency'')]"},"actionGroupId":{"value":"[parameters(''actionGroupId'')]"},"resourceType":{"value":"[parameters(''resourceType'')]"},"targetResourceName":{"value":"[field(''name'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/123c6354-fc96-4f54-984e-8d49d06a80a3","type":"Microsoft.Authorization/policyDefinitions","name":"123c6354-fc96-4f54-984e-8d49d06a80a3"},{"properties":{"displayName":"jilim-incident-86226837-fix","policyType":"Custom","mode":"all","description":"1 - - reproing the incident: https://icm.ad.msft.net/imp/v3/incidents/details/86226837/home","metadata":{"category":"akhe"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/firewallRules"},{"field":"Microsoft.Sql/servers/firewallRules/startIpAddress","equals":"0.0.0.0"},{"field":"Microsoft.Sql/servers/firewallRules/endIpAddress","equals":"0.0.0.0"}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/15358dd8-671e-4c96-be33-2b668791418f","type":"Microsoft.Authorization/policyDefinitions","name":"15358dd8-671e-4c96-be33-2b668791418f"},{"properties":{"displayName":"Attempt - service bus","policyType":"Custom","mode":"All","metadata":{"category":"camarvin"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Insights/logProfiles"},{"anyOf":[{"field":"Microsoft.Insights/logProfiles/serviceBusRuleId","exists":"false"}]}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/163c640e-681c-445f-92ba-cd434bd8c11c","type":"Microsoft.Authorization/policyDefinitions","name":"163c640e-681c-445f-92ba-cd434bd8c11c"},{"properties":{"displayName":"jilim - exists2","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"not":{"field":"tags.zyx","exists":"false"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/17d43473-870f-4bc8-93c6-3961fa1d91cc","type":"Microsoft.Authorization/policyDefinitions","name":"17d43473-870f-4bc8-93c6-3961fa1d91cc"},{"properties":{"displayName":"inherit - all tags","policyType":"Custom","mode":"All","metadata":{"category":"tags"},"parameters":{},"policyRule":{"if":{"field":"tags","exists":"false"},"then":{"effect":"append","details":[{"field":"tags","value":"[resourceGroup().tags]"}]}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/1e3c9312-c011-40a3-ac40-3bf3ddc24120","type":"Microsoft.Authorization/policyDefinitions","name":"1e3c9312-c011-40a3-ac40-3bf3ddc24120"},{"properties":{"displayName":"Allowed - resource group locations","policyType":"Custom","mode":"All","description":"Allowed - resource group locations","parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources.","strongType":"location"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/1f20036f-28c3-48f3-9266-05d50fe391f4","type":"Microsoft.Authorization/policyDefinitions","name":"1f20036f-28c3-48f3-9266-05d50fe391f4"},{"properties":{"displayName":"docdb_aliases_test","policyType":"Custom","mode":"All","metadata":{},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"field":"Microsoft.DocumentDB/databaseAccounts/isVirtualNetworkFilterEnabled","equals":"false"}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/1f5360b7-fe59-43f7-8af5-825df420d09c","type":"Microsoft.Authorization/policyDefinitions","name":"1f5360b7-fe59-43f7-8af5-825df420d09c"},{"properties":{"displayName":"Deploy - security rule with restricted source IPs","policyType":"Custom","mode":"All","description":"Ovewrites - security rules with IP restrictions at the securityRule level","metadata":{"category":"Port - Lockdown"},"parameters":{"destinationPortRanges":{"type":"Array","metadata":{"displayName":"Destination - port ranges","description":"Destination port ranges requiring IP restrictions. - Limit to one protocol. The most inclusive should come last. I.e. 22;22-22;22-23"}},"sourceAddressPrefixes":{"type":"Array","metadata":{"displayName":"IP - restriction prefixes","description":"The IP ranges incoming traffic will be - restricted to. I.e. 192.4.0.0/8;192.5.0.0/8"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkSecurityGroups/securityRules"},{"allOf":[{"anyOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange","in":"[parameters(''destinationPortRanges'')]"},{"not":{"field":"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]","notIn":"[parameters(''destinationPortRanges'')]"}}]},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/access","equals":"Allow"},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/direction","equals":"Inbound"},{"anyOf":[{"allOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]","exists":"true"},{"not":{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]","notLike":"*"}},{"not":{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]","notIn":["*","Internet"]}},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]","notEquals":"VirtualNetwork"}]},{"allOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix","exists":"true"},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix","notEquals":""},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix","in":["*","Internet"]},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix","notEquals":"VirtualNetwork"}]},{"allOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]","equals":""},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix","equals":""}]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Authorization/policyAssignments","name":"DoesNotExist101","deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"fullRuleName":{"type":"string"},"sourceAddressPrefixes":{"type":"array"},"destinationPortRanges":{"type":"array"},"priority":{"type":"int"}},"resources":[{"name":"[parameters(''fullRuleName'')]","type":"Microsoft.Network/networkSecurityGroups/securityRules","apiVersion":"2018-02-01","properties":{"protocol":"*","sourceAddressPrefixes":"[parameters(''sourceAddressPrefixes'')]","destinationAddressPrefix":"*","sourcePortRange":"*","destinationPortRange":"[last(parameters(''destinationPortRanges''))]","access":"Allow","direction":"Inbound","priority":"[parameters(''priority'')]"}}]},"parameters":{"fullRuleName":{"value":"[field(''fullName'')]"},"sourceAddressPrefixes":{"value":"[parameters(''sourceAddressPrefixes'')]"},"destinationPortRanges":{"value":"[parameters(''destinationPortRanges'')]"},"priority":{"value":"[field(''Microsoft.Network/networksecurityGroups/securityRules/priority'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111","type":"Microsoft.Authorization/policyDefinitions","name":"20c4afd0-8a77-4433-b8b0-4ad06e4c7111"},{"properties":{"displayName":"Deploy - NSGs on Subnets","policyType":"Custom","mode":"All","description":"Enforce - that all subnets have a Network Security Group. If a subnet does not have - one an NSG with the default Internet Exposed Endpoint restrictions will be - created and associated with it.","metadata":{"category":"Port Lockdown"},"parameters":{"nsgPrefix":{"type":"String","metadata":{"displayName":"NSG - name prefix","description":"The prefix string to apply to all automatically - created network security groups."}},"sourceAddressPrefixes":{"type":"Array","metadata":{"displayName":"IP - restriction prefixes","description":"The IP ranges incoming traffic will be - restricted to. I.e. 192.4.0.0/8;192.5.0.0/8"}},"destinationPortRanges":{"type":"Array","metadata":{"displayName":"Destination - port ranges","description":"Destination port ranges requiring IP restrictions. - Ranges must not overlap."}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},{"anyOf":[{"field":"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id","exists":"false"},{"field":"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id","equals":""}]}]},{"allOf":[{"field":"type","equals":"Microsoft.Network/virtualNetworks"},{"anyOf":[{"field":"Microsoft.Network/virtualNetworks/subnets[*].networkSecurityGroup.id","exists":"false"},{"not":{"field":"Microsoft.Network/virtualNetworks/subnets[*].networkSecurityGroup.id","notEquals":"null"}}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Authorization/policyAssignments","name":"DoesNotExist101","deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"fullResourceName":{"type":"string"},"resourceName":{"type":"string"},"location":{"type":"string"},"nsgPrefix":{"type":"string"},"sourceAddressPrefixes":{"type":"array"},"destinationPortRanges":{"type":"array"}},"variables":{"nsgName":"[concat(parameters(''nsgPrefix''), - ''-'', parameters(''location''))]","vnetName":"[split(parameters(''fullResourceName''), - ''/'')[0]]","vnetResourceId":"[resourceId(''Microsoft.Network/virtualNetworks'', - variables(''vnetName''))]","getVnetDeploymentName":"[concat(''getVnet-'', - variables(''vnetName''))]","collectSubnetsDeploymentName":"[concat(''collectSubnets-'', - variables(''vnetName''))]","overwriteVnetDeploymentName":"[concat(''overwriteVnet-'', - variables(''vnetName''))]"},"resources":[{"apiVersion":"2018-02-01","type":"Microsoft.Resources/deployments","name":"[variables(''getVnetDeploymentName'')]","properties":{"mode":"Incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","resources":[],"outputs":{"vnetProperties":{"type":"object","value":"[reference(variables(''vnetResourceId''), - ''2018-03-01'', ''Full'')]"}}}}},{"name":"[variables(''nsgName'')]","type":"Microsoft.Network/networkSecurityGroups","apiVersion":"2018-03-01","location":"[parameters(''location'')]","properties":{"securityRules":[{"name":"PortLockdown_ControlledPorts_Restrict","properties":{"description":"Allow - controlled port connections from specific IP ranges (either corpnet or SAW)","protocol":"*","sourcePortRange":"*","destinationPortRange":"","destinationPortRanges":"[parameters(''destinationPortRanges'')]","sourceAddressPrefix":"","sourceAddressPrefixes":"[parameters(''sourceAddressPrefixes'')]","destinationAddressPrefix":"*","access":"Allow","priority":3997,"direction":"Inbound"}},{"name":"PortLockdown_ControlledPorts_AllowVnet","properties":{"description":"Allow - controlled port connections from within the VNET","protocol":"*","sourcePortRange":"*","destinationPortRange":"","destinationPortRanges":"[parameters(''destinationPortRanges'')]","sourceAddressPrefix":"VirtualNetwork","destinationAddressPrefix":"*","access":"Allow","priority":3998,"direction":"Inbound"}},{"name":"PortLockdown_ControlledPorts_Deny","properties":{"description":"Deny - any controlled port connections that aren''t explicitly allowed in higher - priority rules","protocol":"*","sourcePortRange":"*","destinationPortRange":"","destinationPortRanges":"[parameters(''destinationPortRanges'')]","sourceAddressPrefix":"*","destinationAddressPrefix":"*","access":"Deny","priority":3999,"direction":"Inbound"}},{"name":"PortLockdown_AllowAll","properties":{"description":"Allow - all inbound traffic that isn''t explicitly blocked by Port Lockdown restrictions","protocol":"*","sourcePortRange":"*","destinationPortRange":"*","sourceAddressPrefix":"*","destinationAddressPrefix":"*","access":"Allow","priority":4000,"direction":"Inbound"}}]}},{"apiVersion":"2018-02-01","type":"Microsoft.Resources/deployments","name":"[variables(''collectSubnetsDeploymentName'')]","properties":{"mode":"Incremental","templateLink":{"uri":"https://portlockdown.blob.core.windows.net/portlockdown-templates/Subnet_OverwriteWithNsg_collectSubnets_template.json","contentVersion":"1.0.0.0"},"parameters":{"vnetProperties":{"value":"[reference(variables(''getVnetDeploymentName'')).outputs.vnetProperties.value]"},"nsgResourceId":{"value":"[resourceid(''Microsoft.Network/networkSecurityGroups'', - variables(''nsgName''))]"},"vnetName":{"value":"[variables(''vnetName'')]"}}}},{"dependsOn":["[variables(''nsgName'')]"],"apiVersion":"2018-02-01","type":"Microsoft.Resources/deployments","name":"[variables(''overwriteVnetDeploymentName'')]","properties":{"mode":"Incremental","templateLink":{"uri":"https://portlockdown.blob.core.windows.net/portlockdown-templates/Subnet_OverwriteWithNsg_overwriteVnet_template.json","contentVersion":"1.0.0.0"},"parameters":{"vnetProperties":{"value":"[reference(variables(''getVnetDeploymentName'')).outputs.vnetProperties.value]"},"location":{"value":"[parameters(''location'')]"},"updatedSubnets":{"value":"[reference(variables(''collectSubnetsDeploymentName'')).outputs.updatedSubnets.value]"},"vnetName":{"value":"[variables(''vnetName'')]"}}}}]},"parameters":{"fullResourceName":{"value":"[field(''fullName'')]"},"resourceName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"nsgPrefix":{"value":"[parameters(''nsgPrefix'')]"},"sourceAddressPrefixes":{"value":"[parameters(''sourceAddressPrefixes'')]"},"destinationPortRanges":{"value":"[parameters(''destinationPortRanges'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/210ed8bd-6b07-4d5e-a62c-c34f07293288","type":"Microsoft.Authorization/policyDefinitions","name":"210ed8bd-6b07-4d5e-a62c-c34f07293288"},{"properties":{"displayName":"Audit - existence of a tag2","policyType":"Custom","mode":"All","description":"Audits - that a required tag is present on resources","metadata":{},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag - Name","description":null}}},"policyRule":{"if":{"field":"tags","notcontainsKey":"[parameters(''tagName'')]"},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/24813039-7534-408a-9842-eb99f45721b1","type":"Microsoft.Authorization/policyDefinitions","name":"24813039-7534-408a-9842-eb99f45721b1"},{"properties":{"displayName":"camarvin - oms vm linux parameterized effect","policyType":"Custom","mode":"all","metadata":{},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log - Analytics workspace","description":"Select Log Analytics workspace from dropdown - list","strongType":"omsWorkspace"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Select - Log Analytics workspace from dropdown list","strongType":"omsWorkspace"},"allowedValues":["deployIfNotExists","disabled"],"defaultValue":"deployIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"OmsAgentForLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"resources":[{"name":"[concat(parameters(''vmName''),''/omsPolicy'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2017-12-01","properties":{"publisher":"Microsoft.EnterpriseCloud.Monitoring","type":"OmsAgentForLinux","typeHandlerVersion":"1.4","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''), - ''2015-03-20'').customerId]"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''), - ''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled - monitoring for Linux VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/263f13f4-6b88-4788-bead-34beedde70ce","type":"Microsoft.Authorization/policyDefinitions","name":"263f13f4-6b88-4788-bead-34beedde70ce"},{"properties":{"displayName":"akhe-incident-85944710-v2","policyType":"Custom","mode":"all","description":"2nd - attempt on this policy. ","metadata":{"category":"akhe"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources."}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"field":"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName","notIn":"[parameters(''allowedLocations'')]"}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/290b38e4-eff9-434b-b4d3-3ddd60841400","type":"Microsoft.Authorization/policyDefinitions","name":"290b38e4-eff9-434b-b4d3-3ddd60841400"},{"properties":{"displayName":"akhe-incident-85944710-combined","policyType":"Custom","mode":"all","description":"the - combined policy attempt for both cosmos db cases. ","metadata":{},"parameters":{"locationNames":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources."}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"anyOf":[{"allOf":[{"field":"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName","exists":"true"},{"not":{"field":"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName","In":"[parameters(''locationNames'')]"}}]},{"allOf":[{"field":"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName","exists":"true"},{"not":{"field":"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName","In":"[parameters(''locationNames'')]"}}]},{"allOf":[{"field":"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName","exists":"true"},{"not":{"field":"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName","In":"[parameters(''locationNames'')]"}}]},{"allOf":[{"field":"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName","exists":"true"},{"not":{"field":"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName","In":"[parameters(''locationNames'')]"}}]}]}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/290b38e4-eff9-434b-b4d3-3ddd6084180f","type":"Microsoft.Authorization/policyDefinitions","name":"290b38e4-eff9-434b-b4d3-3ddd6084180f"},{"properties":{"displayName":"storage - ip rules append 2","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"}]},"then":{"effect":"append","details":[{"field":"Microsoft.Storage/storageAccounts/networkAcls.ipRules","value":[{"value":"8.8.8.8","action":"Allow"}]}]}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/2b2317a7-ab02-47b5-8159-eb7e6227709f","type":"Microsoft.Authorization/policyDefinitions","name":"2b2317a7-ab02-47b5-8159-eb7e6227709f"},{"properties":{"displayName":"[demo] - Enforce KeyVault diagnostic log storage","policyType":"Custom","mode":"all","description":"Ensures - that AuditEvents are collected from all Key Vaults in the subscription and - stored in a specific storage account for 30 days.","metadata":{"category":"Key - Vault"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"},"roleDefinitionIds":["/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","variables":{"storageName":"[tolower(concat(''cheggkv'', - parameters(''location'')))]"},"resources":[{"type":"Microsoft.KeyVault/vaults/providers/diagnosticSettings","name":"[concat(parameters(''vaultName''),''/Microsoft.Insights/setbypolicy'')]","apiVersion":"2017-05-01-preview","location":"[parameters(''location'')]","properties":{"storageAccountId":"[resourceid(''cheggremdemo'', - ''Microsoft.Storage/storageAccounts'', variables(''storageName''))]","logs":[{"category":"AuditEvent","enabled":true,"retentionPolicy":{"enabled":true,"days":30}}]}}],"parameters":{"vaultName":{"type":"string"},"location":{"type":"string"}}},"parameters":{"vaultName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/332ce4ac-9200-4573-8c66-92b85fc82c8d","type":"Microsoft.Authorization/policyDefinitions","name":"332ce4ac-9200-4573-8c66-92b85fc82c8d"},{"properties":{"displayName":"audit_cosmosdb_enableAutomaticFailover","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"allof":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"field":"Microsoft.DocumentDB/databaseAccounts/enableAutomaticFailover","equals":"false"}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0a0","type":"Microsoft.Authorization/policyDefinitions","name":"37501145-d01b-4bc8-92d0-c795a19fd0a0"},{"properties":{"displayName":"audit_cosmosdb_defaultConsistencyLevel","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"allof":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"not":{"field":"Microsoft.DocumentDB/databaseAccounts/consistencyPolicy.defaultConsistencyLevel","equals":"lalala"}}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0b7","type":"Microsoft.Authorization/policyDefinitions","name":"37501145-d01b-4bc8-92d0-c795a19fd0b7"},{"properties":{"displayName":"audit_cosmosdb_readLocations","policyType":"Custom","mode":"All","metadata":{},"parameters":{},"policyRule":{"if":{"allof":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"not":{"allof":[{"field":"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName","equals":"lalala"}]}}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0bd","type":"Microsoft.Authorization/policyDefinitions","name":"37501145-d01b-4bc8-92d0-c795a19fd0bd"},{"properties":{"displayName":"audit_cosmosdb_writeLocations","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"allof":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"not":{"allof":[{"field":"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName","equals":"lalala"}]}}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0ce","type":"Microsoft.Authorization/policyDefinitions","name":"37501145-d01b-4bc8-92d0-c795a19fd0ce"},{"properties":{"displayName":"audit_cosmosdb_failoverPolicies","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"allof":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"not":{"allof":[{"field":"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName","equals":"lalala"}]}}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd160","type":"Microsoft.Authorization/policyDefinitions","name":"37501145-d01b-4bc8-92d0-c795a19fd160"},{"properties":{"displayName":"jilim - recovery services vaults test","policyType":"Custom","mode":"all","metadata":{"category":"Test"},"parameters":{"vault":{"type":"String","metadata":{"displayName":"Recovery - Services Vault","description":"The Recovery Services Vault.","strongType":"Microsoft.RecoveryServices/vaults"}},"vaults":{"type":"Array","metadata":{"displayName":"Recovery - Services Vaults","description":"The list of Recovery Services Vaults.","strongType":"Microsoft.RecoveryServices/vaults"}}},"policyRule":{"if":{"allOf":[{"field":"location","equals":"[parameters(''vault'')]"},{"field":"location","in":"[parameters(''vaults'')]"}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3b2c1b0f-63c5-4943-8578-6d37fbe411bb","type":"Microsoft.Authorization/policyDefinitions","name":"3b2c1b0f-63c5-4943-8578-6d37fbe411bb"},{"properties":{"displayName":"Name - should have prefix and suffix","policyType":"Custom","description":"Name should - have prefix and suffix","parameters":{"prefix":{"type":"String","metadata":{"displayName":"The - prefix","description":"The name prefix"},"allowedValues":[]},"suffix":{"type":"String","metadata":{"displayName":"The - suffix","description":"The name suffix."},"allowedValues":[]}},"policyRule":{"if":{"not":{"field":"name","like":"[concat(parameters(''prefix''), - ''*'', parameters(''suffix''))]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3e275e2e-a157-4ade-8f91-43b3ea370007","type":"Microsoft.Authorization/policyDefinitions","name":"3e275e2e-a157-4ade-8f91-43b3ea370007"},{"properties":{"displayName":"Restrict - VM skus","policyType":"Custom","mode":"All","description":"Restricts allowed - VM skus to a predefined regex","parameters":{"allowedSkuTemplate":{"type":"String","metadata":{"displayName":"Allowed - VM sku template","description":"The VM sku template. Supports wildcards via - ''*''"}}},"policyRule":{"if":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/sku.name","like":"[parameters(''allowedSkuTemplate'')]"},{"field":"type","equals":"Microsoft.Compute/virtualMachines"}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e34c8","type":"Microsoft.Authorization/policyDefinitions","name":"3e3807c1-65c9-49e0-a406-82d8ae3e34c8"},{"properties":{"displayName":"Audit - storage account SKU","policyType":"Custom","mode":"All","description":"Audits - the use of storage account SKUs that don''t meet organizational cost policy.","parameters":{"listOfAllowedSkus":{"type":"Array","metadata":{"displayName":"List - of allowed SKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/sku.name","in":"[parameters(''listOfAllowedSkus'')]"}}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e3682","type":"Microsoft.Authorization/policyDefinitions","name":"3e3807c1-65c9-49e0-a406-82d8ae3e3682"},{"properties":{"displayName":"RobgaDataFactoryTest1","policyType":"Custom","mode":"all","description":"RobgaDataFactoryTest","metadata":{},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataFactory/factories"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"field":"Microsoft.Insights/diagnosticSettings/workspaceId","equals":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/robgatestworkspace/providers/Microsoft.OperationalInsights/workspaces/robgatestworkspace"}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3ffb9f8c-fdaa-41b0-ad4b-b0f55e2860c9","type":"Microsoft.Authorization/policyDefinitions","name":"3ffb9f8c-fdaa-41b0-ad4b-b0f55e2860c9"},{"properties":{"displayName":"Enforce - autoUpgrade on VM/VMSS extensions","policyType":"Custom","mode":"All","description":"Denies - any VM or VMSS extensions that do not have autoUpgradeMinorVersion set to - true.","metadata":{},"parameters":{},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines/extensions"},{"field":"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion","notEquals":"true"}]},{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets/extensions"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion","notEquals":"true"}]}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f772","type":"Microsoft.Authorization/policyDefinitions","name":"41f9e24d-1586-455f-811a-92a2ca39f772"},{"properties":{"displayName":"Append - autoUpgrade to VM extensions","policyType":"Custom","mode":"All","description":"Automatically - enabled autoUpgradeMinorVersion on VM extensions","metadata":{},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines/extensions"},{"field":"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion","exists":"false"}]},"then":{"effect":"append","details":[{"field":"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion","value":"true"}]}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f783","type":"Microsoft.Authorization/policyDefinitions","name":"41f9e24d-1586-455f-811a-92a2ca39f783"},{"properties":{"displayName":"Append - autoUpgrade to VM scale set extensions","policyType":"Custom","mode":"All","description":"Automatically - appends autoUpgradeMinorVersion=true to VMSS extensions","metadata":{},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets/extensions"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion","exists":"false"}]},"then":{"effect":"append","details":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion","value":"true"}]}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f7a3","type":"Microsoft.Authorization/policyDefinitions","name":"41f9e24d-1586-455f-811a-92a2ca39f7a3"},{"properties":{"displayName":"MSIT - - AppService must use serverFarm","policyType":"Custom","mode":"All","metadata":{},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"anyOf":[{"field":"Microsoft.Web/sites/serverFarmId","exists":"false"},{"field":"Microsoft.Web/sites/serverFarmId","equals":""}]}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39fc12","type":"Microsoft.Authorization/policyDefinitions","name":"41f9e24d-1586-455f-811a-92a2ca39fc12"},{"properties":{"displayName":"MSIT - - AppService serverFarm must have capacity > 1","policyType":"Custom","mode":"All","metadata":{},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/serverFarms"},{"field":"Microsoft.Web/serverFarms/sku.capacity","in":["0","1"]}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39fc23","type":"Microsoft.Authorization/policyDefinitions","name":"41f9e24d-1586-455f-811a-92a2ca39fc23"},{"properties":{"displayName":"rohitbh: - Definition to be deleted.","policyType":"Custom","mode":"indexed","description":"This - policy will deploy a key vault named KV_B if a key vault named KV_A does not - exist.","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.KeyVault/vaults","existenceCondition":{"field":"name","equals":"KV_B"},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","resources":[{"apiVersion":"2016-10-01","name":"KV_A","type":"Microsoft.KeyVault/vaults","location":"eastus2","properties":{"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","sku":{"family":"A","name":"standard"},"accessPolicies":[]}}]}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/48ba81c1-0012-4796-8166-c2efb4304190","type":"Microsoft.Authorization/policyDefinitions","name":"48ba81c1-0012-4796-8166-c2efb4304190"},{"properties":{"displayName":"Do_Not_Delete","policyType":"Custom","mode":"All","description":"This - policy is used for unit tests. Please do not delete it.","parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources."}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4a0425e4-97bf-4ad0-ab36-145b94083c60","type":"Microsoft.Authorization/policyDefinitions","name":"4a0425e4-97bf-4ad0-ab36-145b94083c60"},{"properties":{"displayName":"ICM - 83686598","policyType":"Custom","mode":"All","description":"deny the creation - of storage if supportsHttpsTrafficOnly is false","metadata":{},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly","equals":"True"}}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4c03a3e3-e038-4a55-a6a6-abf8e7bb9175","type":"Microsoft.Authorization/policyDefinitions","name":"4c03a3e3-e038-4a55-a6a6-abf8e7bb9175"},{"properties":{"displayName":"detect - ''allow All'' NSG rule","policyType":"Custom","mode":"All","metadata":{},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkSecurityGroups/securityRules"},{"allOf":[{"anyOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange","equals":"*"},{"not":{"field":"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]","notEquals":"*"}}]},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/access","equals":"Allow"},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/direction","equals":"Inbound"},{"anyOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix","in":["*","Internet"]},{"not":{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]","notIn":["*","Internet"]}}]}]}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4c915617-16f0-4c62-b021-e66d5409d11d","type":"Microsoft.Authorization/policyDefinitions","name":"4c915617-16f0-4c62-b021-e66d5409d11d"},{"properties":{"displayName":"rohitbh: - Deploy Auditing on SQL servers without role definitions","policyType":"Custom","mode":"indexed","description":"This - policy ensures that Auditing is enabled on SQL Servers for enhanced security - and compliance. It will automatically create a storage account in the same - region as the SQL server to store audit records.","metadata":{"category":"rohitbh"},"parameters":{"retentionDays":{"type":"String","metadata":{"displayName":"Retention - days (optional, 180 days if unspecified)","description":"The value in days - of the retention period (0 indicates unlimited retention)"},"defaultValue":"180"},"storageAccountsResourceGroup":{"type":"String","metadata":{"displayName":"Resource - group name for storage accounts","description":"Auditing writes database events - to an audit log in your Azure Storage account (a storage account will be created - in each region where a SQL Server is created that will be shared by all servers - in that region). Important - for proper operation of Auditing do not delete - or rename the resource group or the storage accounts.","strongType":"existingResourceGroups"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"Default","existenceCondition":{"field":"Microsoft.Sql/auditingSettings.state","equals":"Enabled"},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"serverName":{"type":"string"},"auditRetentionDays":{"type":"string"},"storageAccountsResourceGroup":{"type":"string"},"location":{"type":"string"}},"variables":{"retentionDays":"[int(parameters(''auditRetentionDays''))]","subscriptionId":"[subscription().subscriptionId]","uniqueStorage":"[uniqueString(variables(''subscriptionId''), - parameters(''location''), parameters(''storageAccountsResourceGroup''))]","locationCode":"[substring(parameters(''location''), - 0, 3)]","storageName":"[tolower(concat(''sqlaudit'', variables(''locationCode''), - variables(''uniqueStorage'')))]","createStorageAccountDeploymentName":"[concat(''sqlServerAuditingStorageAccount-'', - uniqueString(variables(''locationCode''), parameters(''serverName'')))]"},"resources":[{"apiVersion":"2017-05-10","name":"[variables(''createStorageAccountDeploymentName'')]","type":"Microsoft.Resources/deployments","resourceGroup":"[parameters(''storageAccountsResourceGroup'')]","properties":{"mode":"Incremental","parameters":{"location":{"value":"[parameters(''location'')]"},"storageName":{"value":"[variables(''storageName'')]"}},"templateLink":{"uri":"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json","contentVersion":"1.0.0.0"}}},{"name":"[concat(parameters(''serverName''), - ''/Default'')]","type":"Microsoft.Sql/servers/auditingSettings","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","storageEndpoint":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountEndPoint.value]","storageAccountAccessKey":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountKey.value]","retentionDays":"[variables(''retentionDays'')]","auditActionsAndGroups":null,"storageAccountSubscriptionId":"[subscription().subscriptionId]","isStorageSecondaryKeyInUse":false}}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"auditRetentionDays":{"value":"[parameters(''retentionDays'')]"},"storageAccountsResourceGroup":{"value":"[parameters(''storageAccountsResourceGroup'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf332195","type":"Microsoft.Authorization/policyDefinitions","name":"4cf9b9fd-45d3-4126-8ba7-cc9adf332195"},{"properties":{"displayName":"rohitbh: - Deploy Auditing on SQL servers with role definitions","policyType":"Custom","mode":"indexed","description":"This - policy ensures that Auditing is enabled on SQL Servers for enhanced security - and compliance. It will automatically create a storage account in the same - region as the SQL server to store audit records.","metadata":{"category":"Test"},"parameters":{"retentionDays":{"type":"String","metadata":{"displayName":"Retention - days (optional, 180 days if unspecified)","description":"The value in days - of the retention period (0 indicates unlimited retention)"},"defaultValue":"180"},"storageAccountsResourceGroup":{"type":"String","metadata":{"displayName":"Resource - group name for storage accounts","description":"Auditing writes database events - to an audit log in your Azure Storage account (a storage account will be created - in each region where a SQL Server is created that will be shared by all servers - in that region). Important - for proper operation of Auditing do not delete - or rename the resource group or the storage accounts.","strongType":"existingResourceGroups"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"Default","existenceCondition":{"field":"Microsoft.Sql/auditingSettings.state","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3","/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"serverName":{"type":"string"},"auditRetentionDays":{"type":"string"},"storageAccountsResourceGroup":{"type":"string"},"location":{"type":"string"}},"variables":{"retentionDays":"[int(parameters(''auditRetentionDays''))]","subscriptionId":"[subscription().subscriptionId]","uniqueStorage":"[uniqueString(variables(''subscriptionId''), - parameters(''location''), parameters(''storageAccountsResourceGroup''))]","locationCode":"[substring(parameters(''location''), - 0, 3)]","storageName":"[tolower(concat(''sqlaudit'', variables(''locationCode''), - variables(''uniqueStorage'')))]","createStorageAccountDeploymentName":"[concat(''sqlServerAuditingStorageAccount-'', - uniqueString(variables(''locationCode''), parameters(''serverName'')))]"},"resources":[{"apiVersion":"2017-05-10","name":"[variables(''createStorageAccountDeploymentName'')]","type":"Microsoft.Resources/deployments","resourceGroup":"[parameters(''storageAccountsResourceGroup'')]","properties":{"mode":"Incremental","parameters":{"location":{"value":"[parameters(''location'')]"},"storageName":{"value":"[variables(''storageName'')]"}},"templateLink":{"uri":"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json","contentVersion":"1.0.0.0"}}},{"name":"[concat(parameters(''serverName''), - ''/Default'')]","type":"Microsoft.Sql/servers/auditingSettings","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","storageEndpoint":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountEndPoint.value]","storageAccountAccessKey":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountKey.value]","retentionDays":"[variables(''retentionDays'')]","auditActionsAndGroups":null,"storageAccountSubscriptionId":"[subscription().subscriptionId]","isStorageSecondaryKeyInUse":false}}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"auditRetentionDays":{"value":"[parameters(''retentionDays'')]"},"storageAccountsResourceGroup":{"value":"[parameters(''storageAccountsResourceGroup'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf332199","type":"Microsoft.Authorization/policyDefinitions","name":"4cf9b9fd-45d3-4126-8ba7-cc9adf332199"},{"properties":{"displayName":"rohitbh: - Audit VMs that do not use managed disks without role definitions","policyType":"Custom","mode":"all","description":"This - policy audits VMs that do not use managed disks","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/virtualMachines/osDisk.uri","exists":"True"}]},{"allOf":[{"field":"type","equals":"Microsoft.Compute/VirtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers","exists":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl","exists":"True"}]}]}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf33219f","type":"Microsoft.Authorization/policyDefinitions","name":"4cf9b9fd-45d3-4126-8ba7-cc9adf33219f"},{"properties":{"displayName":"rohitbh: - Audit VMs that do not use managed disks with role definitions","policyType":"Custom","mode":"all","description":"This - policy audits VMs that do not use managed disks","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/virtualMachines/osDisk.uri","exists":"True"}]},{"allOf":[{"field":"type","equals":"Microsoft.Compute/VirtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers","exists":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl","exists":"True"}]}]}]},"then":{"effect":"audit","details":{"type":"Microsoft.Sql/servers/auditingSettings","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3"]}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf3321a3","type":"Microsoft.Authorization/policyDefinitions","name":"4cf9b9fd-45d3-4126-8ba7-cc9adf3321a3"},{"properties":{"displayName":"Ensure - auto-created NSG rules exist","policyType":"Custom","mode":"All","description":"Ensures - that security rules created in auto-created PortLockdown NSGs are not tampered - with","metadata":{"category":"Port Lockdown"},"parameters":{"nsgPrefix":{"type":"String","metadata":{"displayName":"NSG - name prefix","description":"The prefix string applied to automatically created - network security groups."}},"sourceAddressPrefixes":{"type":"Array","metadata":{"displayName":"Expected - IP restriction prefixes","description":"The IP ranges incoming traffic will - be restricted to in the expected security rule. I.e. 192.4.0.0/8;192.5.0.0/8 - or *"}},"destinationPortRanges":{"type":"Array","metadata":{"displayName":"Expected - destination port ranges","description":"Destination port ranges requiring - IP restrictions in the expected security rule"}},"priority":{"type":"String","metadata":{"displayName":"Expected - priority","description":"The priority of the expected security rule."}},"access":{"type":"String","metadata":{"displayName":"Expected - access","description":"The access (allow/deny) of the expected security rule."},"allowedValues":["Allow","Deny"]},"name":{"type":"String","metadata":{"displayName":"Expected - name","description":"The name of the expected security rule."}}},"policyRule":{"if":{"allOf":[{"field":"name","equals":"[concat(parameters(''nsgPrefix''), - ''-'', field(''location''))]"},{"field":"type","equals":"Microsoft.Network/networkSecurityGroups"}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Network/networkSecurityGroups/securityRules","existenceCondition":{"allOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/priority","equals":"[parameters(''priority'')]"},{"anyOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]","in":"[parameters(''sourceAddressPrefixes'')]"},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix","in":"[parameters(''sourceAddressPrefixes'')]"}]},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]","in":"[parameters(''destinationPortRanges'')]"},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/access","equals":"[parameters(''access'')]"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"sourceAddressPrefixes":{"type":"array"},"destinationPortRanges":{"type":"array"},"name":{"type":"string"},"priority":{"type":"string"},"access":{"type":"string"},"nsgName":{"type":"string"}},"variables":{"isSinglePrefix":"[equals(count(parameters(''sourceAddressPrefixes'')), - 1)]","isSinglePortRange":"[equals(count(parameters(''destinationPortRanges'')), - 1)]"},"resources":[{"name":"[concat(parameters(''nsgName''), ''/'', parameters(''name''))]","type":"Microsoft.Network/networkSecurityGroups/securityRules","apiVersion":"2018-03-01","properties":{"description":"Rule - auto-created by Internet Exposed Endpoints protection","protocol":"*","sourcePortRange":"*","destinationPortRange":"[if(variables(''isSinglePortRange''), - first(parameters(''destinationPortRanges'')), '''')]","destinationPortRanges":"[if(not(variables(''isSinglePortRange'')), - parameters(''destinationPortRanges''), json(''[]''))]","sourceAddressPrefix":"[if(variables(''isSinglePrefix''), - first(parameters(''sourceAddressPrefixes'')), '''')]","sourceAddressPrefixes":"[if(not(variables(''isSinglePrefix'')), - parameters(''sourceAddressPrefixes''), json(''[]''))]","destinationAddressPrefix":"*","access":"[parameters(''access'')]","priority":"[int(parameters(''priority''))]","direction":"Inbound"}}]},"parameters":{"sourceAddressPrefixes":{"value":"[parameters(''sourceAddressPrefixes'')]"},"destinationPortRanges":{"value":"[parameters(''destinationPortRanges'')]"},"name":{"value":"[parameters(''name'')]"},"priority":{"value":"[parameters(''priority'')]"},"access":{"value":"[parameters(''access'')]"},"nsgName":{"value":"[field(''name'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115","type":"Microsoft.Authorization/policyDefinitions","name":"4f283ec4-25a9-46df-bbf2-806ed5a3e115"},{"properties":{"displayName":"rohitbh: - Deploy key vault KV_B if key vault KV_A does not exist.","policyType":"Custom","mode":"indexed","description":"This - policy will deploy a key vault named KV_B if a key vault named KV_A does not - exist.","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.KeyVault/vaults","existenceCondition":{"field":"name","equals":"KV_B"},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","resources":[{"apiVersion":"2016-10-01","name":"KV_A","type":"Microsoft.KeyVault/vaults","location":"eastus2","properties":{"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","sku":{"family":"A","name":"standard"},"accessPolicies":[]}}]}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/50e2972e-143c-4edf-9ef6-bee0f84212d6","type":"Microsoft.Authorization/policyDefinitions","name":"50e2972e-143c-4edf-9ef6-bee0f84212d6"},{"properties":{"displayName":"GokmenhAuditLocation","policyType":"Custom","mode":"all","description":"Audit - if not west us","metadata":{},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["eastus"]}},"then":{"effect":"Audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5948d091-78b7-4d3b-a404-cc6a0329b0c6","type":"Microsoft.Authorization/policyDefinitions","name":"5948d091-78b7-4d3b-a404-cc6a0329b0c6"},{"properties":{"displayName":"deployifnotexist - template alias tests - redis","policyType":"Custom","mode":"all","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Cache/Redis"},{"field":"Microsoft.Cache/Redis/sku.family","equals":"C"}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Resources/links","existenceCondition":{"field":"name","like":"Whatever*"},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"skuFamily":{"type":"string"},"enableNonSslPort":{"type":"string"},"nameField":{"type":"string"}},"resources":[],"outputs":{"skuFamilyOut":{"value":"[parameters(''skuFamily'')]","type":"string"},"enableNonSslPortOut":{"value":"[parameters(''enableNonSslPort'')]","type":"string"},"nameFieldOut":{"value":"[parameters(''nameField'')]","type":"string"}}},"parameters":{"skuFamily":{"value":"[field(''Microsoft.Cache/Redis/sku.family'')]"},"enableNonSslPort":{"value":"[field(''Microsoft.Cache/Redis/enableNonSslPort'')]"},"nameField":{"value":"[field(''name'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5a8a68e8-ae1c-420a-9639-a94ebeb3c0c8","type":"Microsoft.Authorization/policyDefinitions","name":"5a8a68e8-ae1c-420a-9639-a94ebeb3c0c8"},{"properties":{"displayName":"akhe-incident-86226837","policyType":"Custom","mode":"All","description":"reproing - the incident: https://icm.ad.msft.net/imp/v3/incidents/details/86226837/home","metadata":{"category":"akhe"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers"},{"field":"Microsoft.Sql/servers/firewallRules/startIpAddress","exists":"false"},{"field":"Microsoft.Sql/servers/firewallRules/endIpAddress","exists":" - false"}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca376","type":"Microsoft.Authorization/policyDefinitions","name":"5b02be71-b0a4-4942-a376-9dc88d9ca376"},{"properties":{"displayName":"akhe-incident-86318519","policyType":"Custom","mode":"all","description":"reproing - incident 86318519","metadata":{"category":"akhe"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/firewallrules"},{"field":"name","equals":"AllowAllWindowsAzureIps"}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca600","type":"Microsoft.Authorization/policyDefinitions","name":"5b02be71-b0a4-4942-a376-9dc88d9ca600"},{"properties":{"displayName":"akhe-incident-86230190","policyType":"Custom","mode":"All","description":"reproing - incident 86230190, https://icm.ad.msft.net/imp/v3/incidents/details/86230190/home\n\nAudits - if a resource doesn''t have a lock","metadata":{"category":"akhe"},"parameters":{},"policyRule":{"if":{"field":"type","exists":"true"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Authorization/locks","existenceCondition":{"field":"Microsoft.Authorization/locks/level","notIn":["ReadOnly","CanNotDelete"]}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca8d6","type":"Microsoft.Authorization/policyDefinitions","name":"5b02be71-b0a4-4942-a376-9dc88d9ca8d6"},{"properties":{"displayName":"Test - storage alias","policyType":"Custom","mode":"all","description":"Test storage - alias","metadata":{"category":"camarvin"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Storage/storageAccounts"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Authorization/policyAssignments","name":"DoesNotExist101","deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"httpsOnly":{"type":"string"},"encrypt":{"type":"string"},"accessTier":{"type":"string"},"skuName":{"type":"string"}},"resources":[],"outputs":{"skuNameOut":{"type":"string","value":"[parameters(''skuName'')]"},"accessTierOut":{"type":"string","value":"[parameters(''accessTier'')]"},"httpsOnlyOut":{"type":"String","value":"[parameters(''httpsOnly'')]"},"encryptOut":{"type":"String","value":"[parameters(''encrypt'')]"}}},"parameters":{"httpsOnly":{"value":"[field(''Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly'')]"},"encrypt":{"value":"[field(''Microsoft.Storage/storageAccounts/enableBlobEncryption'')]"},"accessTier":{"value":"[field(''Microsoft.Storage/storageAccounts/accessTier'')]"},"skuName":{"value":"[field(''Microsoft.Storage/storageAccounts/sku.name'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5fa69139-9a49-464e-90b5-0d243a469138","type":"Microsoft.Authorization/policyDefinitions","name":"5fa69139-9a49-464e-90b5-0d243a469138"},{"properties":{"displayName":"testSandipsh - metric alert policy1","policyType":"Custom","mode":"All","metadata":{"category":"testSandipsh"},"parameters":{"resourceType":{"type":"String","metadata":{"displayName":"Resource - Type","description":"The target resource type."}},"alertNamePrefix":{"type":"String","metadata":{"displayName":"Alert - name prefix","description":"A prefix to be used for the metrics alert."}},"alertDescription":{"type":"String","metadata":{"displayName":"Alert - description.","description":null}},"alertSeverity":{"type":"String","metadata":{"displayName":"alertSeverity","description":"Severity - of alert {0,1,2,3,4}"},"allowedValues":["0","1","2","3","4"],"defaultValue":"3"},"isEnabled":{"type":"String","metadata":{"displayName":"isEnabled","description":"Specifies - whether the alert is enabled."},"allowedValues":["true","false"],"defaultValue":"true"},"metricName":{"type":"String","metadata":{"displayName":"Metric - name","description":"Metric name."}},"operator":{"type":"String","metadata":{"displayName":"Operator","description":"The - metric operator."}},"threshold":{"type":"String","metadata":{"displayName":"Threshold","description":"The - threshold."}},"timeAggregation":{"type":"String","metadata":{"displayName":"TimeAggregation","description":"The - timeAggregation."}},"windowSize":{"type":"String","metadata":{"displayName":"Window - size","description":"The window size."}},"evaluationFrequency":{"type":"String","metadata":{"displayName":"Evaluation - Frequency","description":"The evaluation frequency."}},"actionGroupId":{"type":"String","metadata":{"displayName":"ActionGroupId","description":"The - action group id."}}},"policyRule":{"if":{"field":"type","equals":"[parameters(''resourceType'')]"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Insights/metricAlerts","existenceCondition":{"field":"name","like":"[concat(parameters(''alertNamePrefix''), - ''*'')]"},"existenceScope":"subscription","deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"alertNamePrefix":{"type":"string","minLength":1,"metadata":{"description":"A - prefix to be used for the metrics alert."}},"alertDescription":{"type":"string","defaultValue":"This - is a metric alert","metadata":{"description":"Description of alert"}},"alertSeverity":{"type":"string","defaultValue":"3","allowedValues":["0","1","2","3","4"],"metadata":{"description":"Severity - of alert {0,1,2,3,4}"}},"isEnabled":{"type":"string","defaultValue":"true","metadata":{"description":"Specifies - whether the alert is enabled"}},"metricName":{"type":"string","minLength":1,"metadata":{"description":"Name - of the metric used in the comparison to activate the alert."}},"operator":{"type":"string","defaultValue":"GreaterThan","allowedValues":["Equals","NotEquals","GreaterThan","GreaterThanOrEqual","LessThan","LessThanOrEqual"],"metadata":{"description":"Operator - comparing the current value with the threshold value."}},"threshold":{"type":"string","defaultValue":"0","metadata":{"description":"The - threshold value at which the alert is activated."}},"timeAggregation":{"type":"string","defaultValue":"Average","allowedValues":["Average","Minimum","Maximum","Total"],"metadata":{"description":"How - the data that is collected should be combined over time."}},"windowSize":{"type":"string","defaultValue":"PT5M","metadata":{"description":"Period - of time used to monitor alert activity based on the threshold. Must be between - five minutes and one day. ISO 8601 duration format."}},"evaluationFrequency":{"type":"string","defaultValue":"PT1M","metadata":{"description":"how - often the metric alert is evaluated represented in ISO 8601 duration format"}},"actionGroupId":{"type":"string","defaultValue":"","metadata":{"description":"The - ID of the action group that is triggered when the alert is activated or deactivated"}},"resourceType":{"type":"string","metadata":{"description":"The - resource type of target resource."}},"targetResourceName":{"type":"string","metadata":{"description":"The - target resource name."}}},"variables":{"targetResourceType":"[parameters(''resourceType'')]","resourceIdentifier":"[resourceId(variables(''targetResourceType''), - parameters(''targetResourceName''))]","alertName":"[concat(toLower(parameters(''alertNamePrefix'')), - uniqueString(resourceGroup().id))]"},"resources":[{"name":"[variables(''alertName'')]","type":"Microsoft.Insights/metricAlerts","location":"global","apiVersion":"2018-03-01","tags":{},"properties":{"description":"[parameters(''alertDescription'')]","severity":"[parameters(''alertSeverity'')]","enabled":"[parameters(''isEnabled'')]","scopes":["[variables(''resourceIdentifier'')]"],"evaluationFrequency":"[parameters(''evaluationFrequency'')]","windowSize":"[parameters(''windowSize'')]","criteria":{"odata.type":"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria","allOf":[{"name":"1st - criterion","metricName":"[parameters(''metricName'')]","dimensions":[],"operator":"[parameters(''operator'')]","threshold":"[parameters(''threshold'')]","timeAggregation":"[parameters(''timeAggregation'')]"}]},"actions":[{"actionGroupId":"[parameters(''actionGroupId'')]"}]}}]},"parameters":{"alertNamePrefix":{"value":"[parameters(''alertNamePrefix'')]"},"alertDescription":{"value":"[parameters(''alertDescription'')]"},"alertSeverity":{"value":"[parameters(''alertSeverity'')]"},"isEnabled":{"value":"[parameters(''isEnabled'')]"},"metricName":{"value":"[parameters(''metricName'')]"},"operator":{"value":"[parameters(''operator'')]"},"threshold":{"value":"[parameters(''threshold'')]"},"timeAggregation":{"value":"[parameters(''timeAggregation'')]"},"windowSize":{"value":"[parameters(''windowSize'')]"},"evaluationFrequency":{"value":"[parameters(''evaluationFrequency'')]"},"actionGroupId":{"value":"[parameters(''actionGroupId'')]"},"resourceType":{"value":"[parameters(''resourceType'')]"},"targetResourceName":{"value":"[field(''name'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/6f2c6354-fc96-4f54-984e-8d49d06a80a3","type":"Microsoft.Authorization/policyDefinitions","name":"6f2c6354-fc96-4f54-984e-8d49d06a80a3"},{"properties":{"displayName":"testImageId","policyType":"Custom","mode":"All","metadata":{"category":"css"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.Compute/VirtualMachineScaleSets"]},{"not":{"field":"Microsoft.Compute/imageId","contains":"resourceGroups/testSandipsh"}}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/70dc1e8d-61c9-4089-8bf5-895b227c1298","type":"Microsoft.Authorization/policyDefinitions","name":"70dc1e8d-61c9-4089-8bf5-895b227c1298"},{"properties":{"displayName":"Policy - tracked resources SDK tests","policyType":"Custom","mode":"all","metadata":{"category":""},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkSecurityGroups"},{"field":"name","equals":"policyTrackedResources-sdk-tests"}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Network/networkSecurityGroups/securityRules","existenceCondition":{"field":"name","notIn":["policyTrackedResources-sdk-tests-rule1","policyTrackedResources-sdk-tests-rule2"]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"nsgName":{"type":"string"}},"resources":[{"apiVersion":"2018-08-01","type":"Microsoft.Network/networkSecurityGroups/securityRules","name":"[concat(parameters(''nsgName''), - ''/policyTrackedResources-sdk-tests-rule1'')]","properties":{"description":"Test - Rule","protocol":"Tcp","sourcePortRange":"*","destinationPortRange":"*","sourceAddressPrefix":"*","destinationAddressPrefix":"*","access":"Allow","priority":2000,"direction":"Outbound"}},{"apiVersion":"2018-08-01","type":"Microsoft.Network/networkSecurityGroups/securityRules","name":"[concat(parameters(''nsgName''), - ''/policyTrackedResources-sdk-tests-rule2'')]","properties":{"description":"Test - Rule","protocol":"Tcp","sourcePortRange":"*","destinationPortRange":"*","sourceAddressPrefix":"*","destinationAddressPrefix":"*","access":"Allow","priority":2001,"direction":"Outbound"}}]},"parameters":{"nsgName":{"value":"[field(''name'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/71289c53-22e7-4f31-a6dd-780b532380c2","type":"Microsoft.Authorization/policyDefinitions","name":"71289c53-22e7-4f31-a6dd-780b532380c2"},{"properties":{"displayName":"Deny - if blob is not encrypted","policyType":"Custom","mode":"All","parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"True"}}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/74d5cf40-7293-46a4-a285-7ea971e3719a","type":"Microsoft.Authorization/policyDefinitions","name":"74d5cf40-7293-46a4-a285-7ea971e3719a"},{"properties":{"displayName":"[cstack] - Location restriction","policyType":"Custom","mode":"All","description":"Policy - to force allocations to a set of given locations","metadata":{"category":"cstack"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources.","strongType":"location"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/763dcd1d-a4a9-46a8-8bd3-357c4533a335","type":"Microsoft.Authorization/policyDefinitions","name":"763dcd1d-a4a9-46a8-8bd3-357c4533a335"},{"properties":{"displayName":"ICM - 83577342 deny proxy resource location","policyType":"Custom","mode":"All","description":"https://icm.ad.msft.net/imp/v3/incidents/details/83577342/home","metadata":{},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"location","notEquals":"eastus"},{"field":"type","equals":"Microsoft.StreamAnalytics/streamingjobs/transformations"}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/77429b44-aac1-4417-a53e-6900c07e11ac","type":"Microsoft.Authorization/policyDefinitions","name":"77429b44-aac1-4417-a53e-6900c07e11ac"},{"properties":{"displayName":"akhe-incident-86230190-v2","policyType":"Custom","mode":"all","description":"reproing - incident 86230190, https://icm.ad.msft.net/imp/v3/incidents/details/86230190/home\n\nAudits - if a resource doesn''t have a lock v2","metadata":{"category":"akhe"},"parameters":{},"policyRule":{"if":{"not":{"field":"type","equals":"Microsoft.Authorization/locks"}},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Authorization/locks","existenceCondition":{"field":"Microsoft.Authorization/locks/level","in":["ReadOnly","CanNotDelete"]}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/83daa8ee-7c9a-470c-81a8-5a99ac09d134","type":"Microsoft.Authorization/policyDefinitions","name":"83daa8ee-7c9a-470c-81a8-5a99ac09d134"},{"properties":{"displayName":"Parameterized - effect (if location != eastus)","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The - policy effect."}}},"policyRule":{"if":{"not":{"field":"location","equals":"eastus"}},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2","type":"Microsoft.Authorization/policyDefinitions","name":"885f1dcb-a9c5-4c8c-8996-2702db44a2d2"},{"properties":{"displayName":"jilim - exists","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"not":{"field":"tags.xyz","exists":false}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/8959fd87-c1dd-4831-9034-a4f876bee1cc","type":"Microsoft.Authorization/policyDefinitions","name":"8959fd87-c1dd-4831-9034-a4f876bee1cc"},{"properties":{"displayName":"audit_cosmosdb_ipRangeFilter","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"allof":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"not":{"field":"Microsoft.DocumentDB/databaseAccounts/ipRangeFilter","equals":"lalala"}}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/9012b1cd-b045-46c6-a510-6137e06a009c","type":"Microsoft.Authorization/policyDefinitions","name":"9012b1cd-b045-46c6-a510-6137e06a009c"},{"properties":{"displayName":"chegg: - Remediation powershell test policy","policyType":"Custom","mode":"indexed","description":"This - policy is used in policyinsights powershell testing","metadata":{"category":""},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"location":{"type":"string"}},"resources":[],"outputs":{"location":{"type":"string","value":"[parameters(''location'')]"}}},"parameters":{"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/9934be7a-0e18-454d-a738-a1d9bcb0c202","type":"Microsoft.Authorization/policyDefinitions","name":"9934be7a-0e18-454d-a738-a1d9bcb0c202"},{"properties":{"displayName":"akhe - - Subscription Lvl test","policyType":"Custom","mode":"All","description":"Subscriptionlevel - auditIfNotExist policy","metadata":{"category":"akhe"},"parameters":{},"policyRule":{"if":{"source":"action","equals":"Microsoft.Resources/subscriptions/write"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Authorization/locks","existenceCondition":{"field":"name","equals":"testlock"}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a1b067c8-2970-4c0b-b0da-31ae7f33d1de","type":"Microsoft.Authorization/policyDefinitions","name":"a1b067c8-2970-4c0b-b0da-31ae7f33d1de"},{"properties":{"displayName":"[cstack] - Noop","policyType":"Custom","mode":"All","description":"Don''t do anything","metadata":{},"parameters":{},"policyRule":{"if":{"field":"type","in":["yabba","dabba","doo"]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a309ad64-0bae-48d9-a6b1-d99c0b4218b6","type":"Microsoft.Authorization/policyDefinitions","name":"a309ad64-0bae-48d9-a6b1-d99c0b4218b6"},{"properties":{"displayName":"HTTPS - For Web Apps","policyType":"Custom","mode":"all","description":"CSS","metadata":{"category":"WebApps"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"anyof":[{"not":{"field":"Microsoft.Web/sites/httpsOnly","exists":"true"}},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a337c781-c7d8-4e12-ae69-1951c7e74378","type":"Microsoft.Authorization/policyDefinitions","name":"a337c781-c7d8-4e12-ae69-1951c7e74378"},{"properties":{"displayName":"Ensure - https traffic only for storage account","policyType":"Custom","mode":"all","description":"Ensure - https traffic only for storage account","metadata":{},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly","equals":"true"}}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a5f66345-5fb9-4dfd-864a-e3464ee6c0c4","type":"Microsoft.Authorization/policyDefinitions","name":"a5f66345-5fb9-4dfd-864a-e3464ee6c0c4"},{"properties":{"displayName":"add - subscription name tag","policyType":"Custom","mode":"All","description":"add - subscription name tag","metadata":{"category":"camarvin"},"parameters":{},"policyRule":{"if":{"field":"tags.subscriptionname","exists":"false"},"then":{"effect":"append","details":[{"field":"tags.subscriptionname","value":"[subscription().displayName]"}]}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d82a2","type":"Microsoft.Authorization/policyDefinitions","name":"a752f8cb-6498-4e40-8431-b658ca4d82a2"},{"properties":{"displayName":"Add - subscription \"id\" tag","policyType":"Custom","mode":"All","metadata":{"category":"camarvin"},"parameters":{},"policyRule":{"if":{"field":"tags.id","exists":"false"},"then":{"effect":"append","details":[{"field":"tags.id","value":"[subscription().id]"}]}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d8339","type":"Microsoft.Authorization/policyDefinitions","name":"a752f8cb-6498-4e40-8431-b658ca4d8339"},{"properties":{"displayName":"add - subscriptionId tag","policyType":"Custom","mode":"All","metadata":{"category":"camarvin"},"parameters":{},"policyRule":{"if":{"field":"tags.subscriptionId","exists":"false"},"then":{"effect":"append","details":[{"field":"tags.subscriptionId","value":"[subscription().subscriptionId]"}]}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d8635","type":"Microsoft.Authorization/policyDefinitions","name":"a752f8cb-6498-4e40-8431-b658ca4d8635"},{"properties":{"displayName":"Allowed - Location Indexed","policyType":"Custom","mode":"Indexed","description":"hackathon - policy","parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources."}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/Allowed-Locations-Indexed","type":"Microsoft.Authorization/policyDefinitions","name":"Allowed-Locations-Indexed"},{"properties":{"displayName":"Audit - if antiMalware extension does not exist","policyType":"Custom","description":"This - policy audits if the anti malware extension .","policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Security"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"IaaSAntimalware"}]}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/antiMalwareExtensionExists","type":"Microsoft.Authorization/policyDefinitions","name":"antiMalwareExtensionExists"},{"properties":{"displayName":"Web - socket must be disabled on App Services","policyType":"Custom","description":"Ensures - web sockets are disabled on App Services.","policyRule":{"if":{"field":"location","equals":"foo"},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/AppServiceWebSockets","type":"Microsoft.Authorization/policyDefinitions","name":"AppServiceWebSockets"},{"properties":{"displayName":"Azure - Security Center must be enabled","policyType":"Custom","description":"Ensures - Azure Security Center is enabled.","policyRule":{"if":{"field":"location","equals":"foo"},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ASCEnabled","type":"Microsoft.Authorization/policyDefinitions","name":"ASCEnabled"},{"properties":{"displayName":"Audit - a tag and it''s value","policyType":"Custom","description":"Audits if a tag - and it''s value doesn''t exist for a given resource","parameters":{"tagName":{"type":"String","metadata":{"displayName":"The - name for the tag","description":"The name for the tag."},"allowedValues":[]},"tagValue":{"type":"String","metadata":{"displayName":"The - value for the tag","description":"The value for the tag"},"allowedValues":[]}},"policyRule":{"if":{"not":{"field":"[concat(''tags.'',parameters(''tagName''))]","equals":"[parameters(''tagValue'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/Audit - a tag and it''s value","type":"Microsoft.Authorization/policyDefinitions","name":"Audit - a tag and it''s value"},{"properties":{"displayName":"Audit a tag and it''s - value","policyType":"Custom","description":"Audits if a tag and it''s value - doesn''t exist for a given resource","parameters":{"tagName":{"type":"String","metadata":{"displayName":"The - name for the tag","description":"The name for the tag."},"allowedValues":[]},"tagValue":{"type":"String","metadata":{"displayName":"The - value for the tag","description":"The value for the tag"},"allowedValues":[]}},"policyRule":{"if":{"not":{"field":"[concat(''tags.'',parameters(''tagName''))]","equals":"[parameters(''tagValue'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/Audit - a tag and its value","type":"Microsoft.Authorization/policyDefinitions","name":"Audit - a tag and its value"},{"properties":{"displayName":"Audit if extension does - not exist","policyType":"Custom","mode":"All","description":"This policy audits - if a required extension doesn''t exist.","parameters":{"publisher":{"type":"String","metadata":{"description":"The - publisher of the extension","displayName":"Extension Publisher"}},"type":{"type":"String","metadata":{"description":"The - type of the extension","displayName":"Extension Type"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","in":["MicrosoftWindowsServer"]},{"field":"Microsoft.Compute/imageOffer","in":["WindowsServer"]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"[parameters(''publisher'')]"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"[parameters(''type'')]"}]}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/audit-vm-extension","type":"Microsoft.Authorization/policyDefinitions","name":"audit-vm-extension"},{"properties":{"displayName":"CanCrudPolicyAssignment - Policy Definition $[Auto Test]","policyType":"Custom","policyRule":{"if":{"source":"action","equals":"ResourceProviderTestHost/TestResourceType/TestResourceTypeNestedOne/write"},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azsmnet6487","type":"Microsoft.Authorization/policyDefinitions","name":"azsmnet6487"},{"properties":{"displayName":"makharchtest","policyType":"Custom","mode":"All","description":"policy","metadata":{"category":""},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources.","strongType":"location"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/b36f6195-0fc5-4a41-bbce-875248400f5f","type":"Microsoft.Authorization/policyDefinitions","name":"b36f6195-0fc5-4a41-bbce-875248400f5f"},{"properties":{"displayName":"NSG - Rules exists test","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"allof":[{"field":"type","equals":"Microsoft.Network/networkSecurityGroups"},{"not":{"field":"Microsoft.Network/networkSecurityGroups/securityRules[*].protocol","notLike":"*"}}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/bb6a78ae-8737-41e0-9c41-cc777c8c00a0","type":"Microsoft.Authorization/policyDefinitions","name":"bb6a78ae-8737-41e0-9c41-cc777c8c00a0"},{"properties":{"displayName":"Audit - allowed locations","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources.","strongType":"location"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c0f586f1-abe5-4801-8588-7332e49e60c9","type":"Microsoft.Authorization/policyDefinitions","name":"c0f586f1-abe5-4801-8588-7332e49e60c9"},{"properties":{"displayName":"akhe - resource group auditIfNotExists","policyType":"Custom","mode":"All","metadata":{"category":""},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Authorization/locks","existenceCondition":{"field":"name","equals":"testlock"}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c7b9982d-2f50-4730-935f-5c241982a441","type":"Microsoft.Authorization/policyDefinitions","name":"c7b9982d-2f50-4730-935f-5c241982a441"},{"properties":{"displayName":"jilim - allowed resource types","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{"allowedTypes":{"type":"Array","metadata":{"displayName":"Allowed - resource types","description":"The list of allowed resource types","strongType":"resourceTypes"}}},"policyRule":{"if":{"not":{"field":"type","in":"[parameters(''allowedTypes'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c872f951-1c5d-4c61-89dd-aee2350a11ba","type":"Microsoft.Authorization/policyDefinitions","name":"c872f951-1c5d-4c61-89dd-aee2350a11ba"},{"properties":{"displayName":"Audit - location","policyType":"Custom","mode":"All","parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources."}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474","type":"Microsoft.Authorization/policyDefinitions","name":"c8b79b49-a579-4045-984e-1b249ab8b474"},{"properties":{"displayName":"camarvin - empty string","policyType":"Custom","mode":"all","description":"Ensure resource - names meet the like condition for a pattern.","metadata":{},"parameters":{"namePattern":{"type":"String","metadata":{"displayName":"namePattern","description":"Pattern - to use for names. Can include wildcard (*)."},"allowedValues":["","one","two"],"defaultValue":""}},"policyRule":{"if":{"not":{"field":"name","equals":"[parameters(''namePattern'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/camarvin-test-empty-assign","type":"Microsoft.Authorization/policyDefinitions","name":"camarvin-test-empty-assign"},{"properties":{"displayName":"elpere - append ''test'' tag","policyType":"Custom","mode":"all","metadata":{},"parameters":{},"policyRule":{"if":{"field":"name","equals":"elpereKv"},"then":{"effect":"append","details":[{"field":"tags.test","value":"1"}]}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ced59ff0-9061-49dd-94de-093b33a640cf","type":"Microsoft.Authorization/policyDefinitions","name":"ced59ff0-9061-49dd-94de-093b33a640cf"},{"properties":{"displayName":"elpere - deny on ''test'' tag","policyType":"Custom","mode":"all","metadata":{},"parameters":{},"policyRule":{"if":{"field":"tags.test","equals":"1"},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ced59ff0-9061-49dd-94de-093b33a640d7","type":"Microsoft.Authorization/policyDefinitions","name":"ced59ff0-9061-49dd-94de-093b33a640d7"},{"properties":{"displayName":"Resource - name contains resource group name","policyType":"Custom","mode":"Indexed","description":"Require - resources to contain the resource group''s name","policyRule":{"if":{"field":"name","notContains":"[resourceGroup().name]"},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/contain-resource-group-name","type":"Microsoft.Authorization/policyDefinitions","name":"contain-resource-group-name"},{"properties":{"displayName":"akhe-incident-86226837-v3","policyType":"Custom","mode":"all","description":"third - attempt to repro this incident. ","metadata":{"category":"akhe"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Sql/servers/firewallRules"}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d03e03ca-6424-4e28-8842-5796dc0b5002","type":"Microsoft.Authorization/policyDefinitions","name":"d03e03ca-6424-4e28-8842-5796dc0b5002"},{"properties":{"displayName":"akhe-incident-86230190-deployIfNotExists","policyType":"Custom","mode":"all","description":"deploys - a delete lock for a resource ","metadata":{"category":"akhe"},"parameters":{},"policyRule":{"if":{"not":{"field":"type","equals":"Microsoft.Authorization/locks"}},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Authorization/locks","roleDefinitionIds":["/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635"],"existenceCondition":{"field":"Microsoft.Authorization/locks/level","in":["CanNotDelete"]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{},"variables":{},"resources":[{"type":"Microsoft.Authorization/locks","apiVersion":"2015-01-01","name":"DeleteLock","properties":{"level":"CanNotDelete","notes":"prevent - deletion"}}],"outputs":{}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d03e03ca-6424-4e28-8842-5796dc0b5632","type":"Microsoft.Authorization/policyDefinitions","name":"d03e03ca-6424-4e28-8842-5796dc0b5632"},{"properties":{"displayName":"Enforce - KeyVault diagnostic log storage (elpere)","policyType":"Custom","mode":"all","description":"Ensures - that AuditEvents are collected from all Key Vaults in the subscription and - stored in a specific storage account for 30 days.","metadata":{"category":"Key - Vault"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"},"roleDefinitionIds":["/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","variables":{"storageName":"elperetest"},"resources":[{"type":"Microsoft.KeyVault/vaults/providers/diagnosticSettings","name":"[concat(parameters(''vaultName''),''/Microsoft.Insights/setbypolicy'')]","apiVersion":"2017-05-01-preview","location":"[parameters(''location'')]","properties":{"storageAccountId":"[resourceid(''elpere'', - ''Microsoft.Storage/storageAccounts'', variables(''storageName''))]","logs":[{"category":"AuditEvent","enabled":true,"retentionPolicy":{"enabled":true,"days":30}}]}}],"parameters":{"vaultName":{"type":"string"},"location":{"type":"string"}}},"parameters":{"vaultName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d0d9349d-843c-443a-9f27-5ce84f08c37e","type":"Microsoft.Authorization/policyDefinitions","name":"d0d9349d-843c-443a-9f27-5ce84f08c37e"},{"properties":{"displayName":"elpere - deny test","policyType":"Custom","mode":"all","description":"","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"field":"name","equals":"elpereKv"},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d1c0e77c-53b4-4c4d-a1f5-c535a370b0c5","type":"Microsoft.Authorization/policyDefinitions","name":"d1c0e77c-53b4-4c4d-a1f5-c535a370b0c5"},{"properties":{"displayName":"Access - KV as part of remidiation deployment test (elpere)","policyType":"Custom","mode":"all","description":"","metadata":{"category":"Key - Vault"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"hello"},"deployment":{"properties":{"mode":"Incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json","contentVersion":"1.0.0.0","resources":[],"parameters":{"testSecret":{"type":"string"}},"outputs":{"testSecretOutput":{"type":"string","value":"[parameters(''testSecret'')]"}}},"parameters":{"testSecret":{"reference":{"keyVault":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.KeyVault/vaults/elpereKv"},"secretName":"test"}}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d35ce9be-f51b-4d3e-bc7f-dde2936381b0","type":"Microsoft.Authorization/policyDefinitions","name":"d35ce9be-f51b-4d3e-bc7f-dde2936381b0"},{"properties":{"displayName":"Deploy - security rule with restricted source IPs (NSG level)","policyType":"Custom","mode":"All","description":"Overwrites - security rules with IP restrictions at the NSG level","metadata":{"category":"Port - Lockdown"},"parameters":{"destinationPortRanges":{"type":"Array","metadata":{"displayName":"Destination - port ranges","description":"Destination port ranges requiring IP restrictions. - Ranges may overlap."}},"sourceAddressPrefixes":{"type":"Array","metadata":{"displayName":"IP - restriction prefixes","description":"The IP ranges incoming traffic will be - restricted to. I.e. 192.4.0.0/8;192.5.0.0/8"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkSecurityGroups"},{"anyOf":[{"not":{"field":"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange","notIn":"[parameters(''destinationPortRanges'')]"}},{"not":{"field":"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]","notIn":"[parameters(''destinationPortRanges'')]"}}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Network/networkSecurityGroups/securityRules","existenceCondition":{"allOf":[{"anyOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange","in":"[parameters(''destinationPortRanges'')]"},{"not":{"field":"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]","notIn":"[parameters(''destinationPortRanges'')]"}}]},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/access","equals":"Allow"},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/direction","equals":"Inbound"},{"anyOf":[{"allOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]","exists":"true"},{"not":{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]","notLike":"*"}},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]","notIn":["*","Internet"]}]},{"allOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix","exists":"true"},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix","notEquals":""},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix","notIn":["*","Internet"]}]}]}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"nsgName":{"type":"string"},"location":{"type":"string"},"destinationPortRanges":{"type":"array"},"sourceAddressPrefixes":{"type":"array"}},"variables":{"getNsgDeploymentName":"[concat(''getNSGContent-'', - parameters(''nsgName''))]","collectorDeploymentName":"[concat(''collectRules-'', - parameters(''nsgName''))]","overwriteNsgDeploymentName":"[concat(''overwriteNsg-'', - parameters(''nsgName''))]","nsgResourceId":"[resourceId(subscription().subscriptionId, - resourceGroup().name, ''Microsoft.Network/networkSecurityGroups'', parameters(''nsgName''))]"},"resources":[{"apiVersion":"2018-02-01","type":"Microsoft.Resources/deployments","name":"[variables(''getNsgDeploymentName'')]","properties":{"mode":"Incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","resources":[],"outputs":{"nsgProperties":{"type":"object","value":"[reference(variables(''nsgResourceId''), - ''2018-03-01'', ''Full'')]"}}}}},{"apiVersion":"2018-02-01","type":"Microsoft.Resources/deployments","name":"[variables(''collectorDeploymentName'')]","properties":{"mode":"Incremental","templateLink":{"uri":"https://portlockdown.blob.core.windows.net/portlockdown-templates/SecurityRule_NSGLevel_collectRules_template.json","contentVersion":"1.0.0.0"},"parameters":{"nsgProperties":{"value":"[reference(variables(''getNsgDeploymentName'')).outputs.nsgProperties.value]"},"nsgName":{"value":"[parameters(''nsgName'')]"},"location":{"value":"[parameters(''location'')]"},"portRangesToRestrict":{"value":"[parameters(''destinationPortRanges'')]"},"sourceAddressPrefixes":{"value":"[parameters(''sourceAddressPrefixes'')]"}}}},{"apiVersion":"2018-02-01","type":"Microsoft.Resources/deployments","name":"[variables(''overwriteNsgDeploymentName'')]","properties":{"mode":"Incremental","templateLink":{"uri":"https://portlockdown.blob.core.windows.net/portlockdown-templates/SecurityRule_NSGLevel_overwriteNSG_template.json","contentVersion":"1.0.0.0"},"parameters":{"originalNsgProperties":{"value":"[reference(variables(''getNsgDeploymentName'')).outputs.nsgProperties.value]"},"updatedSecurityRules":{"value":"[reference(variables(''collectorDeploymentName'')).outputs.updatedSecurityRules.value]"},"nsgName":{"value":"[parameters(''nsgName'')]"},"location":{"value":"[parameters(''location'')]"}}}}]},"parameters":{"nsgName":{"value":"[field(''name'')]"},"sourceAddressPrefixes":{"value":"[parameters(''sourceAddressPrefixes'')]"},"destinationPortRanges":{"value":"[parameters(''destinationPortRanges'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d7b13c30-e6aa-47e1-b50a-8e33f152d086","type":"Microsoft.Authorization/policyDefinitions","name":"d7b13c30-e6aa-47e1-b50a-8e33f152d086"},{"properties":{"displayName":"Audit - storage account SKUs","policyType":"Custom","mode":"All","metadata":{"category":"Demo - 323"},"parameters":{"listOfAllowedSKUs":{"type":"Array","metadata":{"displayName":"Audited - skus","description":"The list of skus.","strongType":"storageSkus"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/dbe1e663-7265-4cf4-96b5-7435b21e90ee","type":"Microsoft.Authorization/policyDefinitions","name":"dbe1e663-7265-4cf4-96b5-7435b21e90ee"},{"properties":{"displayName":"Audit - virtual machines SKUs","policyType":"Custom","mode":"All","metadata":{"category":"Demo - 323"},"parameters":{"listOfAllowedSKUs":{"type":"Array","metadata":{"displayName":"List - Of Allowed SKUs","description":"The list of allowed locations for resources.","strongType":"vmSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"field":"Microsoft.Compute/virtualMachines/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/dbe1e663-7265-4cf4-96b5-7435b21e9170","type":"Microsoft.Authorization/policyDefinitions","name":"dbe1e663-7265-4cf4-96b5-7435b21e9170"},{"properties":{"displayName":"[elpere] - deployIfNotExists Runners test","policyType":"Custom","mode":"all","metadata":{},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Network/networkSecurityGroups"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Network/networkSecurityGroups/securityRules","name":"deployIfNotExistsTestsRule","deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"nsgName":{"type":"string"}},"resources":[{"apiVersion":"2018-08-01","type":"Microsoft.Network/networkSecurityGroups/securityRules","name":"[concat(parameters(''nsgName''), - ''/deployIfNotExistsTestsRule'')]","properties":{"protocol":"Tcp","sourcePortRange":"*","destinationPortRange":"*","sourceAddressPrefix":"*","destinationAddressPrefix":"*","access":"Deny","priority":2000,"direction":"Outbound"}}]},"parameters":{"nsgName":{"value":"[field(''name'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/dbfa9fc0-5202-4001-8759-1aa2387f825b","type":"Microsoft.Authorization/policyDefinitions","name":"dbfa9fc0-5202-4001-8759-1aa2387f825b"},{"properties":{"displayName":"allowedOS","policyType":"Custom","mode":"All","metadata":{"category":"test_sandipsh"},"parameters":{"listOfAllowedWindows":{"type":"Array","metadata":{"displayName":"Allowed - Windows VMs","description":"The list of allowed VMs for Windows."}},"listOfAllowedUbuntus":{"type":"Array","metadata":{"displayName":"Allowed - Ubuntu VMs","description":"The list of allowed VMs for Ubuntu."}}},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Compute/disks","Microsoft.Compute/virtualMachines","Microsoft.Compute/VirtualMachineScaleSets"]},{"not":{"allOf":[{"field":"Microsoft.Compute/imagePublisher","in":["Canonical"]},{"field":"Microsoft.Compute/imageOffer","in":["UbuntuServer"]},{"field":"Microsoft.Compute/imageSku","in":"[parameters(''listOfAllowedUbuntus'')]"},{"field":"Microsoft.Compute/imageVersion","in":["latest"]}]}},{"not":{"allOf":[{"field":"Microsoft.Compute/imagePublisher","in":["MicrosoftWindowsServer"]},{"field":"Microsoft.Compute/imageOffer","in":["WindowsServer"]},{"field":"Microsoft.Compute/imageSku","in":"[parameters(''listOfAllowedWindows'')]"},{"field":"Microsoft.Compute/imageVersion","in":["latest"]}]}}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e2bdec61-8c05-4ad6-b8bf-cd1b0a87c091","type":"Microsoft.Authorization/policyDefinitions","name":"e2bdec61-8c05-4ad6-b8bf-cd1b0a87c091"},{"properties":{"displayName":"jilim - recovery services backup policies","policyType":"Custom","mode":"all","metadata":{"category":"Test"},"parameters":{"policies":{"type":"Array","metadata":{"displayName":"Allowed - Recovery Services backup policies","description":"The list of allowed Recovery - Services backup policies.","strongType":"Microsoft.RecoveryServices/vaults/backupPolicies"}},"policy":{"type":"String","metadata":{"displayName":"Allowed - Recovery Services backup policy","description":"Allowed Recovery Services - backup policy.","strongType":"Microsoft.RecoveryServices/vaults/backupPolicies"}}},"policyRule":{"if":{"allOf":[{"not":{"field":"location","in":"[parameters(''policies'')]"}},{"not":{"field":"location","equals":"[parameters(''policy'')]"}}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e3f9a624-b17d-4dc8-9649-65814d3241bb","type":"Microsoft.Authorization/policyDefinitions","name":"e3f9a624-b17d-4dc8-9649-65814d3241bb"},{"properties":{"displayName":"defaultValue: - all parameters","policyType":"Custom","mode":"All","metadata":{"category":"defaultValue"},"parameters":{"locations":{"type":"Array","metadata":{"displayName":"Strong - type (no scope, array)","description":"The list of locations for resources.","strongType":"location"},"defaultValue":["eastus","westus"]},"location":{"type":"String","metadata":{"displayName":"Strong - type (no scope, string)","description":"The location for resources.","strongType":"location"},"defaultValue":"eastus"},"resourceGroups":{"type":"Array","metadata":{"displayName":"Strong - type (array)","description":"The list of resource groups.","strongType":"existingResourceGroups"},"defaultValue":["camarvin"]},"resourceGroup":{"type":"String","metadata":{"displayName":"Strong - type (string)","description":"The resource group.","strongType":"existingResourceGroups"},"defaultValue":"camarvin"},"tags":{"type":"Array","metadata":{"displayName":"Non - strong type (array)","description":"The list of tags."},"defaultValue":[]},"tag":{"type":"String","metadata":{"displayName":"Non - strong type (string)","description":"The tag."},"defaultValue":""},"allowedLocations":{"type":"Array","metadata":{"displayName":"Strong - type (no scope, array, av)","description":"The list of allowed locations for - resources.","strongType":"location"},"allowedValues":["eastus","westus","southus"],"defaultValue":["eastus"]},"allowedLocation":{"type":"String","metadata":{"displayName":"Strong - type (no scope, string, av)","description":"The allowed location for resources.","strongType":"location"},"allowedValues":["eastus","westus","southus"],"defaultValue":"eastus"},"allowedStorageSKUs":{"type":"Array","metadata":{"displayName":"Strong - type (array, av)","description":"The list of allowed storage SKUs for resources.","strongType":"storageSkus"},"allowedValues":["Standard_LRS","Standard_ZRS","Standard_GRS"],"defaultValue":["Standard_LRS","Standard_ZRS","Standard_GRS"]},"allowedStorageSKU":{"type":"String","metadata":{"displayName":"Strong - type (string, av)","description":"The allowed storage SKU for resources.","strongType":"storageSkus"},"allowedValues":["Standard_LRS","Standard_ZRS","Standard_GRS"],"defaultValue":"Standard_LRS"},"allowedTags":{"type":"Array","metadata":{"displayName":"Non - strong type (array, av)","description":"The list of allowed tags."},"allowedValues":["FirstName","LastName","Age"],"defaultValue":["FirstName","LastName","Age"]},"allowedTag":{"type":"String","metadata":{"displayName":"Non - strong type (string, av)","description":"The allowed tag."},"allowedValues":["FirstName","LastName","Age"],"defaultValue":"FirstName"}},"policyRule":{"if":{"allOf":[{"field":"location","in":"[parameters(''locations'')]"},{"field":"location","equals":"[parameters(''location'')]"},{"field":"location","in":"[parameters(''resourceGroups'')]"},{"field":"location","equals":"[parameters(''resourceGroup'')]"},{"field":"location","in":"[parameters(''tags'')]"},{"field":"location","equals":"[parameters(''tag'')]"},{"field":"location","in":"[parameters(''allowedLocations'')]"},{"field":"location","equals":"[parameters(''allowedLocation'')]"},{"field":"location","in":"[parameters(''allowedStorageSkus'')]"},{"field":"location","Equals":"[parameters(''allowedStorageSku'')]"},{"field":"location","in":"[parameters(''allowedTags'')]"},{"field":"location","NotEquals":"[parameters(''allowedTag'')]"}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ea1688b3-022e-4add-af39-2fe60689a3b0","type":"Microsoft.Authorization/policyDefinitions","name":"ea1688b3-022e-4add-af39-2fe60689a3b0"},{"properties":{"displayName":"Deny - \"Allow All\" NSG rules","policyType":"Custom","mode":"All","description":"Denies - the creation of sourceAddressPrefix=\"*\", destinationPortRange=\"*\" NSG - security rules","metadata":{"category":"Port Lockdown"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkSecurityGroups/securityRules"},{"field":"name","notEquals":"PortLockdown_AllowAll"},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/priority","notEquals":"4000"},{"allOf":[{"anyOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange","equals":"*"},{"not":{"field":"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]","notEquals":"*"}}]},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/access","equals":"Allow"},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/direction","equals":"Inbound"},{"anyOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix","in":["*","Internet"]},{"not":{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]","notIn":["*","Internet"]}}]}]}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ebcd21e9-b89f-4a22-8654-dd3a4d8b9321","type":"Microsoft.Authorization/policyDefinitions","name":"ebcd21e9-b89f-4a22-8654-dd3a4d8b9321"},{"properties":{"displayName":"Audit - allowed locations","policyType":"Custom","description":"This policy enables - you to audit your location.","parameters":{"listOfAllowedLocations":{"type":"Array","metadata":{"description":"The - list of locations that can be specified when deploying resources.","strongType":"location","displayName":"Allowed - locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''listOfAllowedLocations'')]"}},"then":{"effect":"Audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/LocationAuditDefinition","type":"Microsoft.Authorization/policyDefinitions","name":"LocationAuditDefinition"},{"properties":{"policyType":"Custom","parameters":{},"policyRule":{"if":{"field":"location","equals":"northeurope"},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","type":"Microsoft.Authorization/policyDefinitions","name":"policy2"},{"properties":{"policyType":"Custom","mode":"All","description":"test - policy","parameters":{"resourceType":{"type":"String","metadata":{"displayName":"Resource - Type","description":"The target resource type."}},"alertNamePrefix":{"type":"String","metadata":{"displayName":"Alert - name prefix","description":"A prefix to be used for the metrics alert."}},"alertDescription":{"type":"String","metadata":{"displayName":"Alert - description.","description":"The description of alert."}},"alertSeverity":{"type":"String","metadata":{"displayName":"alertSeverity","description":"Severity - of alert {0,1,2,3,4}"},"allowedValues":["0","1","2","3","4"]},"isEnabled":{"type":"String","metadata":{"displayName":"isEnabled","description":"Specifies - whether the alert is enabled."},"allowedValues":["true","false"]},"metricName":{"type":"String","metadata":{"displayName":"Metric - name","description":"The metric name."}},"operator":{"type":"String","metadata":{"displayName":"Operator","description":"The - operator comparing the current value with the threshold value."}},"threshold":{"type":"String","metadata":{"displayName":"Threshold","description":"The - threshold value at which the alert is activated."}},"timeAggregation":{"type":"String","metadata":{"displayName":"TimeAggregation","description":"How - the data that is collected should be combined over time."}},"windowSize":{"type":"String","metadata":{"displayName":"Window - size","description":"Period of time used to monitor alert activity based on - the threshold. Must be between five minutes and one day. ISO 8601 duration - format."}},"evaluationFrequency":{"type":"String","metadata":{"displayName":"Evaluation - Frequency","description":"How often the metric alert is evaluated represented - in ISO 8601 duration format"}},"actionGroupId":{"type":"String","metadata":{"displayName":"ActionGroupId","description":"The - ID of the action group that is triggered when the alert is activated or deactivated"}}},"policyRule":{"if":{"field":"type","equals":"[parameters(''resourceType'')]"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Insights/metricAlerts","existenceCondition":{"field":"name","equals":"[concat(parameters(''alertNamePrefix''), - ''-'', resourcegroup().name, ''-'', field(''name''))]"},"existenceScope":"subscription","deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"alertNamePrefix":{"type":"string","minLength":1,"metadata":{"description":"A - prefix to be used for the metrics alert."}},"alertDescription":{"type":"string","defaultValue":"This - is a metric alert","metadata":{"description":"Description of alert"}},"alertSeverity":{"type":"string","defaultValue":"3","allowedValues":["0","1","2","3","4"],"metadata":{"description":"Severity - of alert {0,1,2,3,4}"}},"isEnabled":{"type":"string","defaultValue":"true","metadata":{"description":"Specifies - whether the alert is enabled"}},"metricName":{"type":"string","minLength":1,"metadata":{"description":"Name - of the metric used in the comparison to activate the alert."}},"operator":{"type":"string","defaultValue":"GreaterThan","allowedValues":["Equals","NotEquals","GreaterThan","GreaterThanOrEqual","LessThan","LessThanOrEqual"],"metadata":{"description":"Operator - comparing the current value with the threshold value."}},"threshold":{"type":"string","defaultValue":"0","metadata":{"description":"The - threshold value at which the alert is activated."}},"timeAggregation":{"type":"string","defaultValue":"Average","allowedValues":["Average","Minimum","Maximum","Total"],"metadata":{"description":"How - the data that is collected should be combined over time."}},"windowSize":{"type":"string","defaultValue":"PT5M","metadata":{"description":"Period - of time used to monitor alert activity based on the threshold. Must be between - five minutes and one day. ISO 8601 duration format."}},"evaluationFrequency":{"type":"string","defaultValue":"PT1M","metadata":{"description":"how - often the metric alert is evaluated represented in ISO 8601 duration format"}},"actionGroupId":{"type":"string","defaultValue":"","metadata":{"description":"The - ID of the action group that is triggered when the alert is activated or deactivated"}},"resourceType":{"type":"string","metadata":{"description":"The - resource type of target resource."}},"targetResourceName":{"type":"string","metadata":{"description":"The - target resource name."}}},"variables":{"targetResourceType":"[parameters(''resourceType'')]","resourceIdentifier":"[resourceId(variables(''targetResourceType''), - parameters(''targetResourceName''))]","alertName":"[concat(parameters(''alertNamePrefix''), - ''-'', resourcegroup().name, ''-'', parameters(''targetResourceName''))]"},"resources":[{"name":"[variables(''alertName'')]","type":"Microsoft.Insights/metricAlerts","location":"global","apiVersion":"2018-03-01","tags":{},"properties":{"description":"[parameters(''alertDescription'')]","severity":"[parameters(''alertSeverity'')]","enabled":"[parameters(''isEnabled'')]","scopes":["[variables(''resourceIdentifier'')]"],"evaluationFrequency":"[parameters(''evaluationFrequency'')]","windowSize":"[parameters(''windowSize'')]","criteria":{"odata.type":"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria","allOf":[{"name":"1st - criterion","metricName":"[parameters(''metricName'')]","dimensions":[],"operator":"[parameters(''operator'')]","threshold":"[parameters(''threshold'')]","timeAggregation":"[parameters(''timeAggregation'')]"}]},"actions":[{"actionGroupId":"[parameters(''actionGroupId'')]"}]}}]},"parameters":{"alertNamePrefix":{"value":"[parameters(''alertNamePrefix'')]"},"alertDescription":{"value":"[parameters(''alertDescription'')]"},"alertSeverity":{"value":"[parameters(''alertSeverity'')]"},"isEnabled":{"value":"[parameters(''isEnabled'')]"},"metricName":{"value":"[parameters(''metricName'')]"},"operator":{"value":"[parameters(''operator'')]"},"threshold":{"value":"[parameters(''threshold'')]"},"timeAggregation":{"value":"[parameters(''timeAggregation'')]"},"windowSize":{"value":"[parameters(''windowSize'')]"},"evaluationFrequency":{"value":"[parameters(''evaluationFrequency'')]"},"actionGroupId":{"value":"[parameters(''actionGroupId'')]"},"resourceType":{"value":"[parameters(''resourceType'')]"},"targetResourceName":{"value":"[field(''name'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/testSandipsh.draft","type":"Microsoft.Authorization/policyDefinitions","name":"testSandipsh.draft"},{"properties":{"displayName":"testtest","policyType":"Custom","description":"testtest","parameters":{"tagName":{"type":"String","metadata":{"displayName":"The - name for the tag","description":"The name for the tag."},"allowedValues":[]},"tagValue":{"type":"String","metadata":{"displayName":"The - value for the tag","description":"The value for the tag"},"allowedValues":[]}},"policyRule":{"if":{"not":{"field":"[concat(''tags.'',parameters(''tagName''))]","equals":"[parameters(''tagValue'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/testtest","type":"Microsoft.Authorization/policyDefinitions","name":"testtest"}]}'} + or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Sql/servers/databases","Microsoft.Sql/managedinstances/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"sqlVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","type":"Microsoft.Authorization/policyDefinitions","name":"feedbf84-6b99-488c-acc2-71c829aa5ffc"},{"properties":{"displayName":"test_policy3ulbefgq5","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy5rxcsbgyu","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy5rxcsbgyu"},{"properties":{"displayName":"test_policyvrud2j572","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy6rmvrx2ug","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy6rmvrx2ug"},{"properties":{"displayName":"test_policyeezgnn3tf","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy72fpbk6om","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy72fpbk6om"},{"properties":{"displayName":"test_policylzld56g3c","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy75lhjp2qz","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy75lhjp2qz"},{"properties":{"displayName":"test_policy4leaozaze","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyafjaspbln","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyafjaspbln"},{"properties":{"displayName":"test_policytz5xijuco","policyType":"Custom","description":"desc_for_test_policy_123","parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","displayName":"Allowed + locations","strongType":"location"}}},"policyRule":{"if":{"not":{"in":"[parameters(''allowedLocations'')]","field":"location"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyaip6dvuui","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyaip6dvuui"},{"properties":{"displayName":"test_policyk2ipvteje","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policycc24wg2ai","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policycc24wg2ai"},{"properties":{"displayName":"test_policynek2j6dvx","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyebyt2or2s","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyebyt2or2s"},{"properties":{"displayName":"test_policyo57mbgttt","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyf4gvztvgz","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyf4gvztvgz"},{"properties":{"displayName":"test_policyry7ktdqpn","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyfneqctrjx","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyfneqctrjx"},{"properties":{"displayName":"test_policypq5w4fcp5","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyhavmopeay","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyhavmopeay"},{"properties":{"displayName":"test_policyzhxn622hb","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyhb6kmyq63","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyhb6kmyq63"},{"properties":{"displayName":"test_policyzbi2xb6y7","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyismcbfzwf","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyismcbfzwf"},{"properties":{"displayName":"test_policyyulsilxiw","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyjp2hqpyxg","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyjp2hqpyxg"},{"properties":{"displayName":"test_policym7v6bzkep","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyl5e3igsku","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyl5e3igsku"},{"properties":{"displayName":"test_policyr5ivz4uoy","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policylw4dif6k4","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policylw4dif6k4"},{"properties":{"displayName":"test_policyp2yhkolhg","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policymxx4vzibo","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policymxx4vzibo"},{"properties":{"displayName":"test_policyt252aa3in","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyose3kehj3","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyose3kehj3"},{"properties":{"displayName":"test_policyg5g7wrd63","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyqcexugiyb","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyqcexugiyb"},{"properties":{"displayName":"test_policy5u5ook2zf","policyType":"Custom","description":"desc_for_test_policy_123","parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyrs5zxfokx","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyrs5zxfokx"},{"properties":{"displayName":"test_policyepxuvmnrs","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyrtseayuym","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyrtseayuym"},{"properties":{"displayName":"test_policyeglfwi2os","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyrzih7n7ws","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyrzih7n7ws"},{"properties":{"displayName":"test_policyeop2lxcb7","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policytaxuus2zo","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policytaxuus2zo"},{"properties":{"displayName":"test_policymichd2ukj","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policytrkoh7vio","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policytrkoh7vio"},{"properties":{"displayName":"test_policymhqqjyizg","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyunv6j3gfp","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyunv6j3gfp"},{"properties":{"displayName":"test_policyf2qzg3ba4","policyType":"Custom","description":"desc_for_test_policy_123_new","parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","displayName":"Allowed + locations","strongType":"location"}}},"policyRule":{"if":{"not":{"in":"[parameters(''allowedLocations'')]","field":"location"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyv3qavzpbx","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyv3qavzpbx"},{"properties":{"displayName":"test_policy5koxubsg5","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyv53qgvql6","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyv53qgvql6"},{"properties":{"displayName":"test_policy7t2i6ysv7","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyvpb2ircbl","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyvpb2ircbl"},{"properties":{"displayName":"test_policyif4bjggk7","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyyuuoin4oc","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyyuuoin4oc"}]}'} headers: cache-control: [no-cache] - content-length: ['299217'] + content-length: ['237106'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:28 GMT'] + date: ['Tue, 27 Nov 2018 05:05:25 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -1869,9 +1524,10 @@ interactions: Connection: [keep-alive] Content-Length: ['0'] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 + ParameterSetName: [--name --yes --no-wait] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 msrest_azure/0.4.34 resourcemanagementclient/2.0.0 Azure-SDK-For-Python - AZURECLI/2.0.48] + AZURECLI/2.0.52] accept-language: [en-US] method: DELETE uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_policyset000001?api-version=2018-05-01 @@ -1880,9 +1536,9 @@ interactions: headers: cache-control: [no-cache] content-length: ['0'] - date: ['Mon, 22 Oct 2018 19:38:28 GMT'] + date: ['Tue, 27 Nov 2018 05:05:26 GMT'] expires: ['-1'] - location: ['https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/operationresults/eyJqb2JJZCI6IlJFU09VUkNFR1JPVVBERUxFVElPTkpPQi1DTEk6NUZURVNUOjVGUE9MSUNZU0VURVdXU0taRUJMVkxZRFVFTDdRTUVNSlJWQnxBNTg4OTJDNDgxOEQ5ODFCLVdFU1RVUyIsImpvYkxvY2F0aW9uIjoid2VzdHVzIn0?api-version=2018-05-01'] + location: ['https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/operationresults/eyJqb2JJZCI6IlJFU09VUkNFR1JPVVBERUxFVElPTkpPQi1DTEk6NUZURVNUOjVGUE9MSUNZU0VUVFI2V0w0QzVNQTU0WFE3VDJPRURRT0g2Q3w2QTAwMTg2Q0QyMkZCMTFDLVdFU1RVUyIsImpvYkxvY2F0aW9uIjoid2VzdHVzIn0?api-version=2018-05-01'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] x-content-type-options: [nosniff] diff --git a/src/command_modules/azure-cli-resource/azure/cli/command_modules/resource/tests/latest/recordings/test_resource_policyset_management_group.yaml b/src/command_modules/azure-cli-resource/azure/cli/command_modules/resource/tests/latest/recordings/test_resource_policyset_management_group.yaml index ce6ba640fc7..318615588ee 100644 --- a/src/command_modules/azure-cli-resource/azure/cli/command_modules/resource/tests/latest/recordings/test_resource_policyset_management_group.yaml +++ b/src/command_modules/azure-cli-resource/azure/cli/command_modules/resource/tests/latest/recordings/test_resource_policyset_management_group.yaml @@ -1,7 +1,7 @@ interactions: - request: body: '{"location": "westus", "tags": {"product": "azurecli", "cause": "automation", - "date": "2018-10-22T19:40:05Z"}}' + "date": "2018-11-27T05:08:02Z"}}' headers: Accept: [application/json] Accept-Encoding: ['gzip, deflate'] @@ -9,543 +9,278 @@ interactions: Connection: [keep-alive] Content-Length: ['110'] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 + ParameterSetName: [--location --name --tag] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 msrest_azure/0.4.34 resourcemanagementclient/2.0.0 Azure-SDK-For-Python - AZURECLI/2.0.48] + AZURECLI/2.0.52] accept-language: [en-US] method: PUT uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_policyset_management_group000001?api-version=2018-05-01 response: - body: {string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policyset_management_group000001","name":"cli_test_policyset_management_group000001","location":"westus","tags":{"product":"azurecli","cause":"automation","date":"2018-10-22T19:40:05Z"},"properties":{"provisioningState":"Succeeded"}}'} + body: {string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/cli_test_policyset_management_group000001","name":"cli_test_policyset_management_group000001","location":"westus","tags":{"product":"azurecli","cause":"automation","date":"2018-11-27T05:08:02Z"},"properties":{"provisioningState":"Succeeded"}}'} headers: cache-control: [no-cache] content-length: ['384'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:40:06 GMT'] + date: ['Tue, 27 Nov 2018 05:08:04 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] x-content-type-options: [nosniff] - x-ms-ratelimit-remaining-subscription-writes: ['1199'] + x-ms-ratelimit-remaining-subscription-writes: ['1198'] status: {code: 201, message: Created} - request: - body: 'b''{"properties": {"displayName": "test_policy000003", "description": "desc_for_test_policy_123", - "policyRule": {"if": {"not": {"field": "location", "in": "[parameters(\''allowedLocations\'')]"}}, - "then": {"effect": "deny"}}, "parameters": {"allowedLocations": {"type": "array", - "metadata": {"description": "The list of locations that can be specified when - deploying resources", "strongType": "location", "displayName": "Allowed locations"}}}}}''' + body: null headers: Accept: [application/json] Accept-Encoding: ['gzip, deflate'] - CommandName: [policy definition create] + CommandName: [account management-group create] Connection: [keep-alive] - Content-Length: ['440'] + Content-Length: ['0'] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 resourcemanagementclient/2.0.0 Azure-SDK-For-Python + AZURECLI/2.0.52] accept-language: [en-US] - method: PUT - uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/AzGovTest8/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002?api-version=2018-03-01 + method: POST + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Management/register?api-version=2018-05-01 response: - body: {string: '{"properties":{"displayName":"test_policy000003","policyType":"Custom","description":"desc_for_test_policy_123","parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The - list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed - locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementgroups/AzGovTest8/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"}'} + body: {string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Management","namespace":"Microsoft.Management","authorization":{"applicationId":"f2c304cf-8e7e-4c3f-8164-16299ad9d272","roleDefinitionId":"c1cf3708-588a-4647-be7f-f400bbe214cf"},"resourceTypes":[{"resourceType":"resources","locations":[],"apiVersions":["2017-11-01-preview","2017-08-31-preview","2017-06-30-preview","2017-05-31-preview"]},{"resourceType":"managementGroups","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview","2017-11-01-preview","2017-08-31-preview","2017-06-30-preview","2017-05-31-preview"]},{"resourceType":"getEntities","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview"]},{"resourceType":"checkNameAvailability","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview"]},{"resourceType":"operationResults","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview","2017-11-01-preview","2017-08-31-preview","2017-06-30-preview","2017-05-31-preview"]},{"resourceType":"tenantBackfillStatus","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta"]},{"resourceType":"startTenantBackfill","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta"]}],"registrationState":"Registered"}'} headers: cache-control: [no-cache] - content-length: ['678'] + content-length: ['1468'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:40:08 GMT'] + date: ['Tue, 27 Nov 2018 05:08:06 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] + transfer-encoding: [chunked] + vary: [Accept-Encoding] x-content-type-options: [nosniff] - x-ms-ratelimit-remaining-tenant-writes: ['1199'] - status: {code: 201, message: Created} + x-ms-ratelimit-remaining-subscription-writes: ['1199'] + status: {code: 200, message: OK} - request: - body: 'b''b\''{"properties": {"displayName": "test_policyset000005", "description": - "desc_for_test_policyset_123", "policyDefinitions": [{"policyDefinitionId": - "/providers/Microsoft.Management/managementgroups/AzGovTest8/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002", - "parameters": {"allowedLocations": {"value": ["australiaeast", "eastus", "japaneast", - "westus"]}}}]}}\''''' + body: null headers: Accept: [application/json] Accept-Encoding: ['gzip, deflate'] - CommandName: [policy set-definition create] + CommandName: [account management-group create] Connection: [keep-alive] - Content-Length: ['393'] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 resourcemanagementclient/2.0.0 Azure-SDK-For-Python + AZURECLI/2.0.52] accept-language: [en-US] - method: PUT - uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/AzGovTest8/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000004?api-version=2018-03-01 + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Management?api-version=2018-05-01 response: - body: {string: '{"properties":{"displayName":"test_policyset000005","policyType":"Custom","description":"desc_for_test_policyset_123","policyDefinitions":[{"policyDefinitionReferenceId":"6384218192010757028","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/AzGovTest8/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}}]},"id":"/providers/Microsoft.Management/managementgroups/AzGovTest8/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000004","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000004"}'} + body: {string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Management","namespace":"Microsoft.Management","authorization":{"applicationId":"f2c304cf-8e7e-4c3f-8164-16299ad9d272","roleDefinitionId":"c1cf3708-588a-4647-be7f-f400bbe214cf"},"resourceTypes":[{"resourceType":"resources","locations":[],"apiVersions":["2017-11-01-preview","2017-08-31-preview","2017-06-30-preview","2017-05-31-preview"]},{"resourceType":"managementGroups","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview","2017-11-01-preview","2017-08-31-preview","2017-06-30-preview","2017-05-31-preview"]},{"resourceType":"getEntities","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview"]},{"resourceType":"checkNameAvailability","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview"]},{"resourceType":"operationResults","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview","2017-11-01-preview","2017-08-31-preview","2017-06-30-preview","2017-05-31-preview"]},{"resourceType":"tenantBackfillStatus","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta"]},{"resourceType":"startTenantBackfill","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta"]}],"registrationState":"Registered"}'} headers: cache-control: [no-cache] - content-length: ['700'] + content-length: ['1468'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:40:09 GMT'] + date: ['Tue, 27 Nov 2018 05:08:16 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] + vary: [Accept-Encoding] x-content-type-options: [nosniff] - x-ms-ratelimit-remaining-tenant-writes: ['1199'] - status: {code: 201, message: Created} + status: {code: 200, message: OK} - request: - body: null + body: 'b''{"properties": {"details": {"parent": {}}}, "name": "cli-test-mgmt-group000002"}''' headers: Accept: [application/json] Accept-Encoding: ['gzip, deflate'] - CommandName: [policy set-definition update] + Cache-Control: [no-cache] + CommandName: [account management-group create] Connection: [keep-alive] + Content-Length: ['85'] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 azure-mgmt-managementgroups/0.1.0 Azure-SDK-For-Python + AZURECLI/2.0.52] accept-language: [en-US] - method: GET - uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/AzGovTest8/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000004?api-version=2018-03-01 + method: PUT + uri: https://management.azure.com/providers/Microsoft.Management/managementGroups/cli-test-mgmt-group000002?api-version=2018-03-01-preview response: - body: {string: '{"properties":{"displayName":"test_policyset000005","policyType":"Custom","description":"desc_for_test_policyset_123","policyDefinitions":[{"policyDefinitionReferenceId":"6384218192010757028","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/AzGovTest8/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}}]},"id":"/providers/Microsoft.Management/managementgroups/AzGovTest8/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000004","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000004"}'} + body: {string: '{"id":"/providers/Microsoft.Management/managementGroups/cli-test-mgmt-group000002","type":"/providers/Microsoft.Management/managementGroups","name":"cli-test-mgmt-group000002","status":"NotStarted"}'} headers: cache-control: [no-cache] - content-length: ['700'] + content-length: ['208'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:40:10 GMT'] + date: ['Tue, 27 Nov 2018 05:08:18 GMT'] expires: ['-1'] + location: ['https://management.azure.com/providers/Microsoft.Management/operationResults/create/managementGroups/cli-test-mgmt-group000002?api-version=2018-03-01-preview'] pragma: [no-cache] + request-id: [369bc0c2-203d-455d-99be-4264b8c7addd] + server: [Microsoft-IIS/8.5] strict-transport-security: [max-age=31536000; includeSubDomains] - transfer-encoding: [chunked] - vary: ['Accept-Encoding,Accept-Encoding'] + x-aspnet-version: [4.0.30319] + x-ba-restapi: [1.0.3.1223] x-content-type-options: [nosniff] - status: {code: 200, message: OK} + x-ms-ratelimit-remaining-tenant-writes: ['1199'] + x-powered-by: [ASP.NET] + status: {code: 202, message: Accepted} - request: - body: 'b''b\''{"properties": {"displayName": "test_policyset000005_new", "description": - "desc_for_test_policyset_123_new", "policyDefinitions": [{"policyDefinitionId": - "/providers/Microsoft.Management/managementgroups/AzGovTest8/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002", - "parameters": {"allowedLocations": {"value": ["australiaeast", "eastus", "japaneast", - "westus"]}}}]}}\''''' + body: null headers: Accept: [application/json] Accept-Encoding: ['gzip, deflate'] - CommandName: [policy set-definition update] + CommandName: [account management-group create] Connection: [keep-alive] - Content-Length: ['401'] - Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] - accept-language: [en-US] - method: PUT - uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/AzGovTest8/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000004?api-version=2018-03-01 + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 azure-mgmt-managementgroups/0.1.0 Azure-SDK-For-Python + AZURECLI/2.0.52] + method: GET + uri: https://management.azure.com/providers/Microsoft.Management/operationResults/create/managementGroups/cli-test-mgmt-group000002?api-version=2018-03-01-preview response: - body: {string: '{"properties":{"displayName":"test_policyset000005_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","policyDefinitions":[{"policyDefinitionReferenceId":"6384218192010757028","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/AzGovTest8/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}}]},"id":"/providers/Microsoft.Management/managementgroups/AzGovTest8/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000004","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000004"}'} + body: {string: '{"id":"/providers/Microsoft.Management/managementGroups/cli-test-mgmt-group000002","type":"/providers/Microsoft.Management/managementGroups","name":"cli-test-mgmt-group000002","status":"Running"}'} headers: cache-control: [no-cache] - content-length: ['708'] + content-length: ['205'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:40:10 GMT'] + date: ['Tue, 27 Nov 2018 05:08:28 GMT'] expires: ['-1'] + location: ['https://management.azure.com/providers/Microsoft.Management/operationResults/create/managementGroups/cli-test-mgmt-group000002?api-version=2018-03-01-preview'] pragma: [no-cache] + request-id: [f0738241-751d-4584-b686-e8effafc35e5] + server: [Microsoft-IIS/8.5] strict-transport-security: [max-age=31536000; includeSubDomains] - transfer-encoding: [chunked] - vary: ['Accept-Encoding,Accept-Encoding'] + x-aspnet-version: [4.0.30319] + x-ba-restapi: [1.0.3.1223] x-content-type-options: [nosniff] - x-ms-ratelimit-remaining-tenant-writes: ['1199'] - status: {code: 200, message: OK} + x-powered-by: [ASP.NET] + status: {code: 202, message: Accepted} - request: body: null headers: Accept: [application/json] Accept-Encoding: ['gzip, deflate'] - CommandName: [policy set-definition list] + CommandName: [account management-group create] Connection: [keep-alive] - Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] - accept-language: [en-US] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 azure-mgmt-managementgroups/0.1.0 Azure-SDK-For-Python + AZURECLI/2.0.52] method: GET - uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/AzGovTest8/providers/Microsoft.Authorization/policySetDefinitions?api-version=2018-03-01 + uri: https://management.azure.com/providers/Microsoft.Management/operationResults/create/managementGroups/cli-test-mgmt-group000002?api-version=2018-03-01-preview response: - body: {string: '{"value":[{"properties":{"displayName":"[Preview]: Enable Monitoring - in Azure Security Center","policyType":"BuiltIn","description":"Monitor all - the available security recommendations in Azure Security Center. This is the - default policy for Azure Security Center.","metadata":{"category":"Security - Center"},"parameters":{"systemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - system updates","description":"Enable or disable reporting of system updates"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"systemConfigurationsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - OS vulnerabilities","description":"Enable or disable OS vulnerabilities monitoring - (based on a configured baseline)"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"endpointProtectionMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - endpoint protection","description":"Enable or disable endpoint protection - monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diskEncryptionMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - disk encryption","description":"Enable or disable the monitoring for VM disk - encryption"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"networkSecurityGroupsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - network security groups","description":"Enable or disable monitoring of network - security groups with permissive rules"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webApplicationFirewallMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - web application firewall","description":"Enable or disable the monitoring - of unprotected web applications"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"nextGenerationFirewallMonitoringEffect":{"type":"String","metadata":{"displayName":"Enable - Next Generation Firewall (NGFW) monitoring","description":"Enable or disable - monitoring network endpoints without a Next Generation Firewall"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vulnerabilityAssesmentMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - vulnerability assesment","description":"Enable or disable the detection of - VM vulnerabilities by a vulnerability assessment solution"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"storageEncryptionMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - storage blob encryption","description":"Enable or disable the monitoring of - blob encryption for storage accounts"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"jitNetworkAccessMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - JIT network access","description":"Enable or disable the monitoring of network - just In time access"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"adaptiveApplicationControlsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - application whitelisting","description":"Enable or disable the monitoring - of application whitelisting in Azure Security Center"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"sqlAuditingMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - SQL auditing","description":"Enable or disable the monitoring of unaudited - SQL databases"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"sqlEncryptionMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - SQL encryption","description":"Enable or disable the monitoring of unencrypted - SQL databases"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"sqlDbEncryptionMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - SQL encryption","description":"Enable or disable the monitoring of unencrypted - SQL databases"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"sqlServerAuditingMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - SQL Servers auditing","description":"Enable or disable the monitoring of unaudited - SQL Servers"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInAppServiceMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - diagnostic logs in Azure App Services","description":"Enable or disable the - monitoring of diagnostics logs in Azure App Services"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"encryptionOfAutomationAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - encryption of automation accounts","description":"Enable or disable the monitoring - of automation account encryption"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInBatchAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - diagnostic logs in Batch accounts","description":"Enable or disable the monitoring - of diagnostic logs in Batch accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInBatchAccountRetentionDays":{"type":"String","metadata":{"displayName":"Required - retention (in days) for logs in Batch accounts","description":"The required - diagnostic logs retention period in days"},"defaultValue":"365"},"metricAlertsInBatchAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - metric alerts in Batch accounts","description":"Enable or disable the monitoring - of metric alerts in Batch accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"classicComputeVMsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - classic compute VMs","description":"Enable or disable the monitoring of classic - compute VMs"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"classicStorageAccountsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - classic storage accounts","description":"Enable or disable the monitoring - of classic storage accounts"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInDataLakeAnalyticsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - diagnostic logs in Data Lake Analytics accounts","description":"Enable or - disable the monitoring of diagnostic logs in Data Lake Analytics accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInDataLakeAnalyticsRetentionDays":{"type":"String","metadata":{"displayName":"Required - retention (in days) of logs in Data Lake Analytics accounts","description":"The - required diagnostic logs retention period in days"},"defaultValue":"365"},"diagnosticsLogsInDataLakeStoreMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - diagnostic logs in Data Lake Store accounts","description":"Enable or disable - the monitoring of diagnostic logs in Data Lake Store accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInDataLakeStoreRetentionDays":{"type":"String","metadata":{"displayName":"Required - retention (in days) of logs in Data Lake Store accounts","description":"The - required diagnostic logs retention period in days"},"defaultValue":"365"},"diagnosticsLogsInEventHubMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - diagnostic logs in Event Hub accounts","description":"Enable or disable the - monitoring of diagnostic logs in Event Hub accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInEventHubRetentionDays":{"type":"String","metadata":{"displayName":"Required - retention (in days) of logs in Event Hub accounts","description":"The required - diagnostic logs retention period in days"},"defaultValue":"365"},"diagnosticsLogsInKeyVaultMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - diagnostic logs in Key Vault vaults","description":"Enable or disable the - monitoring of diagnostic logs in Key Vault vaults"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInKeyVaultRetentionDays":{"type":"String","metadata":{"displayName":"Required - retention (in days) of logs in Key Vault vaults","description":"The required - diagnostic logs retention period in days"},"defaultValue":"365"},"diagnosticsLogsInLogicAppsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - diagnostic logs in Logic Apps workflows","description":"Enable or disable - the monitoring of diagnostic logs in Logic Apps workflows"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInLogicAppsRetentionDays":{"type":"String","metadata":{"displayName":"Required - retention (in days) of logs in Logic Apps workflows","description":"The required - diagnostic logs retention period in days"},"defaultValue":"365"},"diagnosticsLogsInRedisCacheMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - diagnostic logs in Azure Redis Cache","description":"Enable or disable the - monitoring of diagnostic logs in Azure Redis Cache"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInSearchServiceMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - diagnostic logs in Azure Search service","description":"Enable or disable - the monitoring of diagnostic logs in Azure Search service"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInSearchServiceRetentionDays":{"type":"String","metadata":{"displayName":"Required - retention (in days) of logs in Azure Search service","description":"The required - diagnostic logs retention period in days"},"defaultValue":"365"},"aadAuthenticationInServiceFabricMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - Azure Active Directory authentication in Service Fabric","description":"Enable - or disable the monitoring of Azure Active Directory for client authentication - in Service Fabric"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"clusterProtectionLevelInServiceFabricMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - cluster protection level in Service Fabric","description":"Enable or disable - the monitoring of cluster protection level in Service Fabric"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInServiceBusMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - diagnostic logs in Service Bus","description":"Enable or disable the monitoring - of diagnostic logs in Service Bus"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInServiceBusRetentionDays":{"type":"String","metadata":{"displayName":"Required - retention (in days) of logs in Service Bus","description":"The required diagnostic - logs retention period in days"},"defaultValue":"365"},"namespaceAuthorizationRulesInServiceBusMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - Service Bus namespace authorization rules","description":"Enable or disable - the monitoring of Service Bus namespace authorization rules"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"aadAuthenticationInSqlServerMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - the provisioning of an Azure AD admininistrator for SQL server","description":"Enable - or disable the monitoring of an Azure AD admininistrator for SQL server"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"secureTransferToStorageAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - the secure transfer to storage account","description":"Enable or disable the - monitoring of secure transfer to storage account"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInStreamAnalyticsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - diagnostic logs in Stream Analytics","description":"Enable or disable the - monitoring of diagnostic logs in Stream Analytics"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInStreamAnalyticsRetentionDays":{"type":"String","metadata":{"displayName":"Required - retention (in days) of logs in Stream Analytics","description":"The required - diagnostic logs retention period in days"},"defaultValue":"365"},"useRbacRulesMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - of using built-in RBAC rules","description":"Enable or disable the monitoring - of using built-in RBAC rules"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"disableUnrestrictedNetworkToStorageAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - disabling of unrestricted network access to storage account","description":"Enable - or disable the monitoring of network access to storage account"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInServiceFabricMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - diagnostic logs in Service Fabric","description":"Enable or disable the monitoring - of diagnostic logs in Service Fabric"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"accessRulesInEventHubNamespaceMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - access rules in Event Hub namespaces","description":"Enable or disable the - monitoring of access rules in Event Hub namespaces"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"accessRulesInEventHubMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - access rules in Event Hubs","description":"Enable or disable the monitoring - of access rules in Event Hubs"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"sqlDbVulnerabilityAssesmentMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - SQL vulnerability assessment results","description":"Enable or disable the - monitoring of Vulnerability Assessment scan results and recommendations for - how to remediate database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityDesignateLessThanOwnersMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - maximum number of owners","description":"Enable or disable the monitoring - of maximum owners in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityDesignateMoreThanOneOwnerMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - minimus number of owners","description":"Enable or disable the monitoring - of minimum owners in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityEnableMFAForOwnerPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - MFA for accounts with owner permissions","description":"Enable or disable - the monitoring of MFA for accounts with owner permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityEnableMFAForWritePermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - MFA for accounts with write permissions","description":"Enable or disable - the monitoring of MFA for accounts with write permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityEnableMFAForReadPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - MFA for accounts with read permissions","description":"Enable or disable the - monitoring of MFA for accounts with read permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - remove deprecated accounts with owner permissions","description":"Enable or - disable the monitoring of deprecated acounts with owner permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveDeprecatedAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - remove deprecated accounts","description":"Enable or disable the monitoring - of deprecated acounts in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - remove external accounts with owner permissions","description":"Enable or - disable the monitoring of external acounts with owner permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - remove external accounts with write permissions","description":"Enable or - disable the monitoring of external acounts with write permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - remove external accounts with read permissions","description":"Enable or disable - the monitoring of external acounts with read permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"diagnosticsLogsInServiceFabricMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"accessRulesInEventHubNamespaceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7","parameters":{"effect":{"value":"[parameters(''accessRulesInEventHubNamespaceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"accessRulesInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d","parameters":{"effect":{"value":"[parameters(''accessRulesInEventHubMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''disableUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"useRbacRulesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{"effect":{"value":"[parameters(''useRbacRulesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInStreamAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"secureTransferToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''secureTransferToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInSqlServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInSqlServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"namespaceAuthorizationRulesInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","parameters":{"effect":{"value":"[parameters(''namespaceAuthorizationRulesInServiceBusMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceBusMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInServiceBusRetentionDays'')]"}}},{"policyDefinitionReferenceId":"clusterProtectionLevelInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{"effect":{"value":"[parameters(''clusterProtectionLevelInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSearchServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSearchServiceMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInSearchServiceRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInRedisCacheMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInRedisCacheMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInLogicAppsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInLogicAppsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInLogicAppsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInKeyVaultMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInKeyVaultMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInKeyVaultRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInEventHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInEventHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeStoreMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"classicStorageAccountsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{"effect":{"value":"[parameters(''classicStorageAccountsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"classicComputeVMsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{"effect":{"value":"[parameters(''classicComputeVMsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"metricAlertsInBatchAccountPoolDeleteStart","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7","parameters":{"effect":{"value":"[parameters(''metricAlertsInBatchAccountMonitoringEffect'')]"},"metricName":{"value":"PoolDeleteStartEvent"}}},{"policyDefinitionReferenceId":"metricAlertsInBatchAccountPoolDeleteComplete","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7","parameters":{"effect":{"value":"[parameters(''metricAlertsInBatchAccountMonitoringEffect'')]"},"metricName":{"value":"PoolDeleteCompleteEvent"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInBatchAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInBatchAccountMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInBatchAccountRetentionDays'')]"}}},{"policyDefinitionReferenceId":"encryptionOfAutomationAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{"effect":{"value":"[parameters(''encryptionOfAutomationAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInAppServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInAppServiceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''sqlDbEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAuditingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16","parameters":{"effect":{"value":"[parameters(''sqlEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlAuditingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d","parameters":{"effect":{"value":"[parameters(''sqlAuditingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"storageEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759","parameters":{"effect":{"value":"[parameters(''storageEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"jitNetworkAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''jitNetworkAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemConfigurationsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{"effect":{"value":"[parameters(''systemConfigurationsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"endpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{"effect":{"value":"[parameters(''endpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webApplicationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{"effect":{"value":"[parameters(''webApplicationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"nextGenerationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{"effect":{"value":"[parameters(''nextGenerationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{"effect":{"value":"[parameters(''sqlDbVulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateLessThanOwnersMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{"effect":{"value":"[parameters(''identityDesignateLessThanOwnersMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateMoreThanOneOwnerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{"effect":{"value":"[parameters(''identityDesignateMoreThanOneOwnerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithReadPermissionsMonitoringEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8","type":"Microsoft.Authorization/policySetDefinitions","name":"1f3afdf9-d0c9-4c3d-847f-89da613e70a8"},{"properties":{"displayName":"[Preview]: - Audit Password security settings inside Linux and Windows virtual machines","policyType":"BuiltIn","description":"http://aka.ms/gcpol. - This policy will audit password security settings inside Linux and Windows - virtual machines. For a list of individual settings, please follow the aka.ms - link to Azure Policy documentation.","metadata":{"category":"Guest Configuration"},"policyDefinitions":[{"policyDefinitionReferenceId":"Audit_PasswordPolicy_msid110","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83"},{"policyDefinitionReferenceId":"Deploy_PasswordPolicy_msid110","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592"},{"policyDefinitionReferenceId":"Audit_PasswordPolicy_msid121","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b"},{"policyDefinitionReferenceId":"Deploy_PasswordPolicy_msid121","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9"},{"policyDefinitionReferenceId":"Audit_PasswordPolicy_msid232","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05"},{"policyDefinitionReferenceId":"Deploy_PasswordPolicy_msid232","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe"},{"policyDefinitionReferenceId":"Audit_MaximumPasswordAge","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc"},{"policyDefinitionReferenceId":"Deploy_MaximumPasswordAge","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934"},{"policyDefinitionReferenceId":"Audit_MinimumPasswordAge","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7"},{"policyDefinitionReferenceId":"Deploy_MinimumPasswordAge","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df"},{"policyDefinitionReferenceId":"Audit_PasswordMustMeetComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb"},{"policyDefinitionReferenceId":"Deploy_PasswordMustMeetComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8"},{"policyDefinitionReferenceId":"Audit_StorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6"},{"policyDefinitionReferenceId":"Deploy_StorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78"},{"policyDefinitionReferenceId":"Audit_EnforcePasswordHistory","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293"},{"policyDefinitionReferenceId":"Deploy_EnforcePasswordHistory","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6"},{"policyDefinitionReferenceId":"Audit_MinimumPasswordLength","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec"},{"policyDefinitionReferenceId":"Deploy_MinimumPasswordLength","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6","type":"Microsoft.Authorization/policySetDefinitions","name":"3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6"},{"properties":{"displayName":"[Preview]: - Enable Azure Monitor for VMs","policyType":"BuiltIn","description":"Enable - Azure Monitor for the Virtual Machines (VMs) in the specified scope (Management - group, Subscription or resource group). Takes Log Analytics workspace as parameter.","metadata":{"category":"Monitoring"},"parameters":{"logAnalytics_1":{"type":"String","metadata":{"displayName":"Log - Analytics workspace","description":"Select Log Analytics workspace from dropdown - list. If this workspace is outside of the scope of the assignment you must - manually grant ''Log Analytics Contributor'' permissions (or similar) to the - policy assignment''s principal ID.","strongType":"omsWorkspace"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"LogAnalyticsExtension_Windows_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c","parameters":{"logAnalytics":{"value":"[parameters(''logAnalytics_1'')]"}}},{"policyDefinitionReferenceId":"LogAnalyticsExtension_Linux_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77","parameters":{"logAnalytics":{"value":"[parameters(''logAnalytics_1'')]"}}},{"policyDefinitionReferenceId":"DependencyAgentExtension_Windows_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04","parameters":{}},{"policyDefinitionReferenceId":"DependencyAgentExtension_Linux_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee","parameters":{}},{"policyDefinitionReferenceId":"LogAnalytics_OSImage_Audit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"DependencyAgent_OSImage_Audit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/55f3eceb-5573-4f18-9695-226972c6d74a","type":"Microsoft.Authorization/policySetDefinitions","name":"55f3eceb-5573-4f18-9695-226972c6d74a"},{"properties":{"displayName":"[Preview]: - Audit web server security settings inside Windows VMs","policyType":"BuiltIn","description":"http://aka.ms/gcpol. - This initiative will both deploy the VM extension and audit web server security - settings inside Windows VMs.","metadata":{"category":"Guest Configuration"},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_WindowsTLS","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8"},{"policyDefinitionReferenceId":"Audit_WindowsTLS","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/8bc55e6b-e9d5-4266-8dac-f688d151ec9c","type":"Microsoft.Authorization/policySetDefinitions","name":"8bc55e6b-e9d5-4266-8dac-f688d151ec9c"},{"properties":{"displayName":"[Preview]: - Enable Data Protection Suite","policyType":"BuiltIn","description":"Enable - data protection for SQL servers. This initiative is assigned automatically - by Azure Security Center Standard Tier.","metadata":{"category":"Security - Center"},"parameters":{},"policyDefinitions":[{"policyDefinitionReferenceId":"deployThreatDetectionOnSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97","type":"Microsoft.Authorization/policySetDefinitions","name":"9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97"},{"properties":{"displayName":"test_policyset000005_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","policyDefinitions":[{"policyDefinitionReferenceId":"6384218192010757028","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/AzGovTest8/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}}]},"id":"/providers/Microsoft.Management/managementgroups/AzGovTest8/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000004","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000004"}]}'} + body: {string: '{"id":"/providers/Microsoft.Management/managementGroups/cli-test-mgmt-group000002","type":"/providers/Microsoft.Management/managementGroups","name":"cli-test-mgmt-group000002","status":"Succeeded","properties":{"tenantId":"54826b22-38d6-4fb2-bad9-b7b93a3e9c5a","displayName":"cli-test-mgmt-group000002","details":{"version":1,"updatedTime":"2018-11-27T05:08:36.4213938Z","updatedBy":"89ed5be8-ff97-41b5-ab11-055e1e3cc34b","parent":{"id":"/providers/Microsoft.Management/managementGroups/54826b22-38d6-4fb2-bad9-b7b93a3e9c5a","name":"54826b22-38d6-4fb2-bad9-b7b93a3e9c5a","displayName":"54826b22-38d6-4fb2-bad9-b7b93a3e9c5a"}}}}'} headers: cache-control: [no-cache] - content-length: ['42142'] + content-length: ['642'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:40:11 GMT'] + date: ['Tue, 27 Nov 2018 05:08:39 GMT'] expires: ['-1'] pragma: [no-cache] + request-id: [a5d6b1f1-9124-4a67-bd39-f46704ed59c2] + server: [Microsoft-IIS/8.5] strict-transport-security: [max-age=31536000; includeSubDomains] transfer-encoding: [chunked] vary: ['Accept-Encoding,Accept-Encoding'] + x-aspnet-version: [4.0.30319] + x-ba-restapi: [1.0.3.1223] x-content-type-options: [nosniff] + x-powered-by: [ASP.NET] status: {code: 200, message: OK} - request: - body: null + body: 'b''{"properties": {"description": "desc_for_test_policy_123", "policyRule": + {"if": {"not": {"field": "location", "in": "[parameters(\''allowedLocations\'')]"}}, + "then": {"effect": "deny"}}, "displayName": "test_policy000004", "parameters": + {"allowedLocations": {"metadata": {"description": "The list of locations that + can be specified when deploying resources", "strongType": "location", "displayName": + "Allowed locations"}, "type": "array"}}}}''' headers: Accept: [application/json] Accept-Encoding: ['gzip, deflate'] - CommandName: [policy set-definition show] + CommandName: [policy definition create] Connection: [keep-alive] + Content-Length: ['440'] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n --rules --params --display-name --description --management-group] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] - method: GET - uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/AzGovTest8/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000004?api-version=2018-03-01 + method: PUT + uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003?api-version=2018-03-01 response: - body: {string: '{"properties":{"displayName":"test_policyset000005_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","policyDefinitions":[{"policyDefinitionReferenceId":"6384218192010757028","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/AzGovTest8/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}}]},"id":"/providers/Microsoft.Management/managementgroups/AzGovTest8/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000004","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000004"}'} + body: {string: '{"error":{"code":"AuthorizationFailed","message":"The client ''yugangw@microsoft.com'' + with object id ''89ed5be8-ff97-41b5-ab11-055e1e3cc34b'' does not have authorization + to perform action ''Microsoft.Authorization/policyDefinitions/write'' over + scope ''/providers/Microsoft.Management/managementgroups/cli-test-mgmt-group000002/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000003''."}}'} headers: cache-control: [no-cache] - content-length: ['708'] + connection: [close] + content-length: ['414'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:40:12 GMT'] + date: ['Tue, 27 Nov 2018 05:08:40 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] - transfer-encoding: [chunked] - vary: ['Accept-Encoding,Accept-Encoding'] x-content-type-options: [nosniff] - status: {code: 200, message: OK} + x-ms-failure-cause: [gateway] + status: {code: 403, message: Forbidden} - request: body: null headers: Accept: [application/json] Accept-Encoding: ['gzip, deflate'] - CommandName: [policy set-definition delete] + CommandName: [account management-group delete] Connection: [keep-alive] Content-Length: ['0'] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 resourcemanagementclient/2.0.0 Azure-SDK-For-Python + AZURECLI/2.0.52] accept-language: [en-US] - method: DELETE - uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/AzGovTest8/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000004?api-version=2018-03-01 + method: POST + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Management/register?api-version=2018-05-01 response: - body: {string: '{"properties":{"displayName":"test_policyset000005_new","policyType":"Custom","description":"desc_for_test_policyset_123_new","policyDefinitions":[{"policyDefinitionReferenceId":"6384218192010757028","policyDefinitionId":"/providers/Microsoft.Management/managementgroups/AzGovTest8/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","parameters":{"allowedLocations":{"value":["australiaeast","eastus","japaneast","westus"]}}}]},"id":"/providers/Microsoft.Management/managementgroups/AzGovTest8/providers/Microsoft.Authorization/policySetDefinitions/azure-cli-test-policyset000004","type":"Microsoft.Authorization/policySetDefinitions","name":"azure-cli-test-policyset000004"}'} + body: {string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Management","namespace":"Microsoft.Management","authorization":{"applicationId":"f2c304cf-8e7e-4c3f-8164-16299ad9d272","roleDefinitionId":"c1cf3708-588a-4647-be7f-f400bbe214cf"},"resourceTypes":[{"resourceType":"resources","locations":[],"apiVersions":["2017-11-01-preview","2017-08-31-preview","2017-06-30-preview","2017-05-31-preview"]},{"resourceType":"managementGroups","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview","2017-11-01-preview","2017-08-31-preview","2017-06-30-preview","2017-05-31-preview"]},{"resourceType":"getEntities","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview"]},{"resourceType":"checkNameAvailability","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview"]},{"resourceType":"operationResults","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview","2017-11-01-preview","2017-08-31-preview","2017-06-30-preview","2017-05-31-preview"]},{"resourceType":"tenantBackfillStatus","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta"]},{"resourceType":"startTenantBackfill","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta"]}],"registrationState":"Registered"}'} headers: cache-control: [no-cache] - content-length: ['708'] + content-length: ['1468'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:40:12 GMT'] + date: ['Tue, 27 Nov 2018 05:08:42 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] transfer-encoding: [chunked] - vary: ['Accept-Encoding,Accept-Encoding'] + vary: [Accept-Encoding] x-content-type-options: [nosniff] - x-ms-ratelimit-remaining-tenant-writes: ['1199'] + x-ms-ratelimit-remaining-subscription-writes: ['1199'] status: {code: 200, message: OK} - request: body: null headers: Accept: [application/json] Accept-Encoding: ['gzip, deflate'] - CommandName: [policy set-definition list] + CommandName: [account management-group delete] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 resourcemanagementclient/2.0.0 Azure-SDK-For-Python + AZURECLI/2.0.52] accept-language: [en-US] method: GET - uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/AzGovTest8/providers/Microsoft.Authorization/policySetDefinitions?api-version=2018-03-01 + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Management?api-version=2018-05-01 response: - body: {string: '{"value":[{"properties":{"displayName":"[Preview]: Enable Monitoring - in Azure Security Center","policyType":"BuiltIn","description":"Monitor all - the available security recommendations in Azure Security Center. This is the - default policy for Azure Security Center.","metadata":{"category":"Security - Center"},"parameters":{"systemUpdatesMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - system updates","description":"Enable or disable reporting of system updates"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"systemConfigurationsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - OS vulnerabilities","description":"Enable or disable OS vulnerabilities monitoring - (based on a configured baseline)"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"endpointProtectionMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - endpoint protection","description":"Enable or disable endpoint protection - monitoring"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diskEncryptionMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - disk encryption","description":"Enable or disable the monitoring for VM disk - encryption"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"networkSecurityGroupsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - network security groups","description":"Enable or disable monitoring of network - security groups with permissive rules"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"webApplicationFirewallMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - web application firewall","description":"Enable or disable the monitoring - of unprotected web applications"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"nextGenerationFirewallMonitoringEffect":{"type":"String","metadata":{"displayName":"Enable - Next Generation Firewall (NGFW) monitoring","description":"Enable or disable - monitoring network endpoints without a Next Generation Firewall"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"vulnerabilityAssesmentMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - vulnerability assesment","description":"Enable or disable the detection of - VM vulnerabilities by a vulnerability assessment solution"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"storageEncryptionMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - storage blob encryption","description":"Enable or disable the monitoring of - blob encryption for storage accounts"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"jitNetworkAccessMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - JIT network access","description":"Enable or disable the monitoring of network - just In time access"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"adaptiveApplicationControlsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - application whitelisting","description":"Enable or disable the monitoring - of application whitelisting in Azure Security Center"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"sqlAuditingMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - SQL auditing","description":"Enable or disable the monitoring of unaudited - SQL databases"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"sqlEncryptionMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - SQL encryption","description":"Enable or disable the monitoring of unencrypted - SQL databases"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"sqlDbEncryptionMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - SQL encryption","description":"Enable or disable the monitoring of unencrypted - SQL databases"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"sqlServerAuditingMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - SQL Servers auditing","description":"Enable or disable the monitoring of unaudited - SQL Servers"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInAppServiceMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - diagnostic logs in Azure App Services","description":"Enable or disable the - monitoring of diagnostics logs in Azure App Services"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"encryptionOfAutomationAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - encryption of automation accounts","description":"Enable or disable the monitoring - of automation account encryption"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInBatchAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - diagnostic logs in Batch accounts","description":"Enable or disable the monitoring - of diagnostic logs in Batch accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInBatchAccountRetentionDays":{"type":"String","metadata":{"displayName":"Required - retention (in days) for logs in Batch accounts","description":"The required - diagnostic logs retention period in days"},"defaultValue":"365"},"metricAlertsInBatchAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - metric alerts in Batch accounts","description":"Enable or disable the monitoring - of metric alerts in Batch accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"classicComputeVMsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - classic compute VMs","description":"Enable or disable the monitoring of classic - compute VMs"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"classicStorageAccountsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - classic storage accounts","description":"Enable or disable the monitoring - of classic storage accounts"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInDataLakeAnalyticsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - diagnostic logs in Data Lake Analytics accounts","description":"Enable or - disable the monitoring of diagnostic logs in Data Lake Analytics accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInDataLakeAnalyticsRetentionDays":{"type":"String","metadata":{"displayName":"Required - retention (in days) of logs in Data Lake Analytics accounts","description":"The - required diagnostic logs retention period in days"},"defaultValue":"365"},"diagnosticsLogsInDataLakeStoreMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - diagnostic logs in Data Lake Store accounts","description":"Enable or disable - the monitoring of diagnostic logs in Data Lake Store accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInDataLakeStoreRetentionDays":{"type":"String","metadata":{"displayName":"Required - retention (in days) of logs in Data Lake Store accounts","description":"The - required diagnostic logs retention period in days"},"defaultValue":"365"},"diagnosticsLogsInEventHubMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - diagnostic logs in Event Hub accounts","description":"Enable or disable the - monitoring of diagnostic logs in Event Hub accounts"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInEventHubRetentionDays":{"type":"String","metadata":{"displayName":"Required - retention (in days) of logs in Event Hub accounts","description":"The required - diagnostic logs retention period in days"},"defaultValue":"365"},"diagnosticsLogsInKeyVaultMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - diagnostic logs in Key Vault vaults","description":"Enable or disable the - monitoring of diagnostic logs in Key Vault vaults"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInKeyVaultRetentionDays":{"type":"String","metadata":{"displayName":"Required - retention (in days) of logs in Key Vault vaults","description":"The required - diagnostic logs retention period in days"},"defaultValue":"365"},"diagnosticsLogsInLogicAppsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - diagnostic logs in Logic Apps workflows","description":"Enable or disable - the monitoring of diagnostic logs in Logic Apps workflows"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInLogicAppsRetentionDays":{"type":"String","metadata":{"displayName":"Required - retention (in days) of logs in Logic Apps workflows","description":"The required - diagnostic logs retention period in days"},"defaultValue":"365"},"diagnosticsLogsInRedisCacheMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - diagnostic logs in Azure Redis Cache","description":"Enable or disable the - monitoring of diagnostic logs in Azure Redis Cache"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInSearchServiceMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - diagnostic logs in Azure Search service","description":"Enable or disable - the monitoring of diagnostic logs in Azure Search service"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInSearchServiceRetentionDays":{"type":"String","metadata":{"displayName":"Required - retention (in days) of logs in Azure Search service","description":"The required - diagnostic logs retention period in days"},"defaultValue":"365"},"aadAuthenticationInServiceFabricMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - Azure Active Directory authentication in Service Fabric","description":"Enable - or disable the monitoring of Azure Active Directory for client authentication - in Service Fabric"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"clusterProtectionLevelInServiceFabricMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - cluster protection level in Service Fabric","description":"Enable or disable - the monitoring of cluster protection level in Service Fabric"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInServiceBusMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - diagnostic logs in Service Bus","description":"Enable or disable the monitoring - of diagnostic logs in Service Bus"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInServiceBusRetentionDays":{"type":"String","metadata":{"displayName":"Required - retention (in days) of logs in Service Bus","description":"The required diagnostic - logs retention period in days"},"defaultValue":"365"},"namespaceAuthorizationRulesInServiceBusMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - Service Bus namespace authorization rules","description":"Enable or disable - the monitoring of Service Bus namespace authorization rules"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"aadAuthenticationInSqlServerMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - the provisioning of an Azure AD admininistrator for SQL server","description":"Enable - or disable the monitoring of an Azure AD admininistrator for SQL server"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"secureTransferToStorageAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - the secure transfer to storage account","description":"Enable or disable the - monitoring of secure transfer to storage account"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInStreamAnalyticsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - diagnostic logs in Stream Analytics","description":"Enable or disable the - monitoring of diagnostic logs in Stream Analytics"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"diagnosticsLogsInStreamAnalyticsRetentionDays":{"type":"String","metadata":{"displayName":"Required - retention (in days) of logs in Stream Analytics","description":"The required - diagnostic logs retention period in days"},"defaultValue":"365"},"useRbacRulesMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - of using built-in RBAC rules","description":"Enable or disable the monitoring - of using built-in RBAC rules"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"disableUnrestrictedNetworkToStorageAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - disabling of unrestricted network access to storage account","description":"Enable - or disable the monitoring of network access to storage account"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"diagnosticsLogsInServiceFabricMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - diagnostic logs in Service Fabric","description":"Enable or disable the monitoring - of diagnostic logs in Service Fabric"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"accessRulesInEventHubNamespaceMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - access rules in Event Hub namespaces","description":"Enable or disable the - monitoring of access rules in Event Hub namespaces"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"},"accessRulesInEventHubMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - access rules in Event Hubs","description":"Enable or disable the monitoring - of access rules in Event Hubs"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"sqlDbVulnerabilityAssesmentMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - SQL vulnerability assessment results","description":"Enable or disable the - monitoring of Vulnerability Assessment scan results and recommendations for - how to remediate database vulnerabilities."},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityDesignateLessThanOwnersMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - maximum number of owners","description":"Enable or disable the monitoring - of maximum owners in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityDesignateMoreThanOneOwnerMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - minimus number of owners","description":"Enable or disable the monitoring - of minimum owners in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityEnableMFAForOwnerPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - MFA for accounts with owner permissions","description":"Enable or disable - the monitoring of MFA for accounts with owner permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityEnableMFAForWritePermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - MFA for accounts with write permissions","description":"Enable or disable - the monitoring of MFA for accounts with write permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityEnableMFAForReadPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - MFA for accounts with read permissions","description":"Enable or disable the - monitoring of MFA for accounts with read permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - remove deprecated accounts with owner permissions","description":"Enable or - disable the monitoring of deprecated acounts with owner permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveDeprecatedAccountMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - remove deprecated accounts","description":"Enable or disable the monitoring - of deprecated acounts in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - remove external accounts with owner permissions","description":"Enable or - disable the monitoring of external acounts with owner permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - remove external accounts with write permissions","description":"Enable or - disable the monitoring of external acounts with write permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect":{"type":"String","metadata":{"displayName":"Monitor - remove external accounts with read permissions","description":"Enable or disable - the monitoring of external acounts with read permissions in subscription"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyDefinitions":[{"policyDefinitionReferenceId":"diagnosticsLogsInServiceFabricMonitoringEffect","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"accessRulesInEventHubNamespaceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7","parameters":{"effect":{"value":"[parameters(''accessRulesInEventHubNamespaceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"accessRulesInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d","parameters":{"effect":{"value":"[parameters(''accessRulesInEventHubMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"disableUnrestrictedNetworkToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","parameters":{"effect":{"value":"[parameters(''disableUnrestrictedNetworkToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"useRbacRulesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","parameters":{"effect":{"value":"[parameters(''useRbacRulesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInStreamAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInStreamAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"secureTransferToStorageAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","parameters":{"effect":{"value":"[parameters(''secureTransferToStorageAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInSqlServerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInSqlServerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"namespaceAuthorizationRulesInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","parameters":{"effect":{"value":"[parameters(''namespaceAuthorizationRulesInServiceBusMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInServiceBusMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInServiceBusMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInServiceBusRetentionDays'')]"}}},{"policyDefinitionReferenceId":"clusterProtectionLevelInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","parameters":{"effect":{"value":"[parameters(''clusterProtectionLevelInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"aadAuthenticationInServiceFabricMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","parameters":{"effect":{"value":"[parameters(''aadAuthenticationInServiceFabricMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInSearchServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInSearchServiceMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInSearchServiceRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInRedisCacheMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInRedisCacheMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInLogicAppsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInLogicAppsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInLogicAppsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInKeyVaultMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInKeyVaultMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInKeyVaultRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInEventHubMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInEventHubMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInEventHubRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeStoreMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeStoreRetentionDays'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInDataLakeAnalyticsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInDataLakeAnalyticsRetentionDays'')]"}}},{"policyDefinitionReferenceId":"classicStorageAccountsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","parameters":{"effect":{"value":"[parameters(''classicStorageAccountsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"classicComputeVMsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","parameters":{"effect":{"value":"[parameters(''classicComputeVMsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"metricAlertsInBatchAccountPoolDeleteStart","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7","parameters":{"effect":{"value":"[parameters(''metricAlertsInBatchAccountMonitoringEffect'')]"},"metricName":{"value":"PoolDeleteStartEvent"}}},{"policyDefinitionReferenceId":"metricAlertsInBatchAccountPoolDeleteComplete","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7","parameters":{"effect":{"value":"[parameters(''metricAlertsInBatchAccountMonitoringEffect'')]"},"metricName":{"value":"PoolDeleteCompleteEvent"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInBatchAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInBatchAccountMonitoringEffect'')]"},"requiredRetentionDays":{"value":"[parameters(''diagnosticsLogsInBatchAccountRetentionDays'')]"}}},{"policyDefinitionReferenceId":"encryptionOfAutomationAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","parameters":{"effect":{"value":"[parameters(''encryptionOfAutomationAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diagnosticsLogsInAppServiceMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac","parameters":{"effect":{"value":"[parameters(''diagnosticsLogsInAppServiceMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","parameters":{"effect":{"value":"[parameters(''sqlDbEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlServerAuditingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","parameters":{"effect":{"value":"[parameters(''sqlServerAuditingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16","parameters":{"effect":{"value":"[parameters(''sqlEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlAuditingMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d","parameters":{"effect":{"value":"[parameters(''sqlAuditingMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemUpdatesMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","parameters":{"effect":{"value":"[parameters(''systemUpdatesMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"storageEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759","parameters":{"effect":{"value":"[parameters(''storageEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"jitNetworkAccessMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","parameters":{"effect":{"value":"[parameters(''jitNetworkAccessMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"adaptiveApplicationControlsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","parameters":{"effect":{"value":"[parameters(''adaptiveApplicationControlsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"networkSecurityGroupsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed","parameters":{"effect":{"value":"[parameters(''networkSecurityGroupsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"systemConfigurationsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","parameters":{"effect":{"value":"[parameters(''systemConfigurationsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"endpointProtectionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","parameters":{"effect":{"value":"[parameters(''endpointProtectionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"diskEncryptionMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","parameters":{"effect":{"value":"[parameters(''diskEncryptionMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"vulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","parameters":{"effect":{"value":"[parameters(''vulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"webApplicationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","parameters":{"effect":{"value":"[parameters(''webApplicationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"nextGenerationFirewallMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","parameters":{"effect":{"value":"[parameters(''nextGenerationFirewallMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"sqlDbVulnerabilityAssesmentMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","parameters":{"effect":{"value":"[parameters(''sqlDbVulnerabilityAssesmentMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateLessThanOwnersMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","parameters":{"effect":{"value":"[parameters(''identityDesignateLessThanOwnersMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityDesignateMoreThanOneOwnerMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","parameters":{"effect":{"value":"[parameters(''identityDesignateMoreThanOneOwnerMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityEnableMFAForReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","parameters":{"effect":{"value":"[parameters(''identityEnableMFAForReadPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveDeprecatedAccountMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","parameters":{"effect":{"value":"[parameters(''identityRemoveDeprecatedAccountMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithOwnerPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithWritePermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithWritePermissionsMonitoringEffect'')]"}}},{"policyDefinitionReferenceId":"identityRemoveExternalAccountWithReadPermissionsMonitoring","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","parameters":{"effect":{"value":"[parameters(''identityRemoveExternalAccountWithReadPermissionsMonitoringEffect'')]"}}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8","type":"Microsoft.Authorization/policySetDefinitions","name":"1f3afdf9-d0c9-4c3d-847f-89da613e70a8"},{"properties":{"displayName":"[Preview]: - Audit Password security settings inside Linux and Windows virtual machines","policyType":"BuiltIn","description":"http://aka.ms/gcpol. - This policy will audit password security settings inside Linux and Windows - virtual machines. For a list of individual settings, please follow the aka.ms - link to Azure Policy documentation.","metadata":{"category":"Guest Configuration"},"policyDefinitions":[{"policyDefinitionReferenceId":"Audit_PasswordPolicy_msid110","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83"},{"policyDefinitionReferenceId":"Deploy_PasswordPolicy_msid110","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592"},{"policyDefinitionReferenceId":"Audit_PasswordPolicy_msid121","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b"},{"policyDefinitionReferenceId":"Deploy_PasswordPolicy_msid121","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9"},{"policyDefinitionReferenceId":"Audit_PasswordPolicy_msid232","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05"},{"policyDefinitionReferenceId":"Deploy_PasswordPolicy_msid232","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe"},{"policyDefinitionReferenceId":"Audit_MaximumPasswordAge","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc"},{"policyDefinitionReferenceId":"Deploy_MaximumPasswordAge","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934"},{"policyDefinitionReferenceId":"Audit_MinimumPasswordAge","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7"},{"policyDefinitionReferenceId":"Deploy_MinimumPasswordAge","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df"},{"policyDefinitionReferenceId":"Audit_PasswordMustMeetComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb"},{"policyDefinitionReferenceId":"Deploy_PasswordMustMeetComplexityRequirements","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8"},{"policyDefinitionReferenceId":"Audit_StorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6"},{"policyDefinitionReferenceId":"Deploy_StorePasswordsUsingReversibleEncryption","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78"},{"policyDefinitionReferenceId":"Audit_EnforcePasswordHistory","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293"},{"policyDefinitionReferenceId":"Deploy_EnforcePasswordHistory","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6"},{"policyDefinitionReferenceId":"Audit_MinimumPasswordLength","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec"},{"policyDefinitionReferenceId":"Deploy_MinimumPasswordLength","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6","type":"Microsoft.Authorization/policySetDefinitions","name":"3fa7cbf5-c0a4-4a59-85a5-cca4d996d5a6"},{"properties":{"displayName":"[Preview]: - Enable Azure Monitor for VMs","policyType":"BuiltIn","description":"Enable - Azure Monitor for the Virtual Machines (VMs) in the specified scope (Management - group, Subscription or resource group). Takes Log Analytics workspace as parameter.","metadata":{"category":"Monitoring"},"parameters":{"logAnalytics_1":{"type":"String","metadata":{"displayName":"Log - Analytics workspace","description":"Select Log Analytics workspace from dropdown - list. If this workspace is outside of the scope of the assignment you must - manually grant ''Log Analytics Contributor'' permissions (or similar) to the - policy assignment''s principal ID.","strongType":"omsWorkspace"}}},"policyDefinitions":[{"policyDefinitionReferenceId":"LogAnalyticsExtension_Windows_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c","parameters":{"logAnalytics":{"value":"[parameters(''logAnalytics_1'')]"}}},{"policyDefinitionReferenceId":"LogAnalyticsExtension_Linux_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77","parameters":{"logAnalytics":{"value":"[parameters(''logAnalytics_1'')]"}}},{"policyDefinitionReferenceId":"DependencyAgentExtension_Windows_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04","parameters":{}},{"policyDefinitionReferenceId":"DependencyAgentExtension_Linux_VM_Deploy","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee","parameters":{}},{"policyDefinitionReferenceId":"LogAnalytics_OSImage_Audit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","parameters":{}},{"policyDefinitionReferenceId":"DependencyAgent_OSImage_Audit","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/55f3eceb-5573-4f18-9695-226972c6d74a","type":"Microsoft.Authorization/policySetDefinitions","name":"55f3eceb-5573-4f18-9695-226972c6d74a"},{"properties":{"displayName":"[Preview]: - Audit web server security settings inside Windows VMs","policyType":"BuiltIn","description":"http://aka.ms/gcpol. - This initiative will both deploy the VM extension and audit web server security - settings inside Windows VMs.","metadata":{"category":"Guest Configuration"},"policyDefinitions":[{"policyDefinitionReferenceId":"Deploy_WindowsTLS","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8"},{"policyDefinitionReferenceId":"Audit_WindowsTLS","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c"}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/8bc55e6b-e9d5-4266-8dac-f688d151ec9c","type":"Microsoft.Authorization/policySetDefinitions","name":"8bc55e6b-e9d5-4266-8dac-f688d151ec9c"},{"properties":{"displayName":"[Preview]: - Enable Data Protection Suite","policyType":"BuiltIn","description":"Enable - data protection for SQL servers. This initiative is assigned automatically - by Azure Security Center Standard Tier.","metadata":{"category":"Security - Center"},"parameters":{},"policyDefinitions":[{"policyDefinitionReferenceId":"deployThreatDetectionOnSqlServers","policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5","parameters":{}}]},"id":"/providers/Microsoft.Authorization/policySetDefinitions/9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97","type":"Microsoft.Authorization/policySetDefinitions","name":"9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97"}]}'} + body: {string: '{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Management","namespace":"Microsoft.Management","authorization":{"applicationId":"f2c304cf-8e7e-4c3f-8164-16299ad9d272","roleDefinitionId":"c1cf3708-588a-4647-be7f-f400bbe214cf"},"resourceTypes":[{"resourceType":"resources","locations":[],"apiVersions":["2017-11-01-preview","2017-08-31-preview","2017-06-30-preview","2017-05-31-preview"]},{"resourceType":"managementGroups","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview","2017-11-01-preview","2017-08-31-preview","2017-06-30-preview","2017-05-31-preview"]},{"resourceType":"getEntities","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview"]},{"resourceType":"checkNameAvailability","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview"]},{"resourceType":"operationResults","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview"]},{"resourceType":"operations","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta","2018-01-01-preview","2017-11-01-preview","2017-08-31-preview","2017-06-30-preview","2017-05-31-preview"]},{"resourceType":"tenantBackfillStatus","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta"]},{"resourceType":"startTenantBackfill","locations":[],"apiVersions":["2018-03-01-preview","2018-03-01-beta"]}],"registrationState":"Registered"}'} headers: cache-control: [no-cache] - content-length: ['41433'] + content-length: ['1468'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:40:22 GMT'] + date: ['Tue, 27 Nov 2018 05:08:53 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] - transfer-encoding: [chunked] - vary: ['Accept-Encoding,Accept-Encoding'] + vary: [Accept-Encoding] x-content-type-options: [nosniff] status: {code: 200, message: OK} - request: @@ -553,714 +288,68 @@ interactions: headers: Accept: [application/json] Accept-Encoding: ['gzip, deflate'] - CommandName: [policy definition delete] + Cache-Control: [no-cache] + CommandName: [account management-group delete] Connection: [keep-alive] Content-Length: ['0'] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 azure-mgmt-managementgroups/0.1.0 Azure-SDK-For-Python + AZURECLI/2.0.52] accept-language: [en-US] method: DELETE - uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/AzGovTest8/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002?api-version=2018-03-01 + uri: https://management.azure.com/providers/Microsoft.Management/managementGroups/cli-test-mgmt-group000002?api-version=2018-03-01-preview response: - body: {string: '{"properties":{"displayName":"test_policy000003","policyType":"Custom","description":"desc_for_test_policy_123","parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The - list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed - locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementgroups/AzGovTest8/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy000002","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy000002"}'} + body: {string: '{"id":"/providers/Microsoft.Management/managementGroups/cli-test-mgmt-group000002","type":"/providers/Microsoft.Management/managementGroups","name":"cli-test-mgmt-group000002","status":"NotStarted"}'} headers: cache-control: [no-cache] - content-length: ['678'] + content-length: ['208'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:40:24 GMT'] + date: ['Tue, 27 Nov 2018 05:08:55 GMT'] expires: ['-1'] + location: ['https://management.azure.com/providers/Microsoft.Management/operationResults/delete/managementGroups/cli-test-mgmt-group000002?api-version=2018-03-01-preview'] pragma: [no-cache] + request-id: [ac3bdae2-58b8-4305-9fbd-a4d46f4a3b73] + server: [Microsoft-IIS/8.5] strict-transport-security: [max-age=31536000; includeSubDomains] - transfer-encoding: [chunked] - vary: ['Accept-Encoding,Accept-Encoding'] + x-aspnet-version: [4.0.30319] + x-ba-restapi: [1.0.3.1223] x-content-type-options: [nosniff] - x-ms-ratelimit-remaining-tenant-writes: ['1199'] - status: {code: 200, message: OK} + x-ms-ratelimit-remaining-tenant-writes: ['1198'] + x-powered-by: [ASP.NET] + status: {code: 202, message: Accepted} - request: body: null headers: Accept: [application/json] Accept-Encoding: ['gzip, deflate'] - CommandName: [policy definition list] + CommandName: [account management-group delete] Connection: [keep-alive] - Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] - accept-language: [en-US] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 azure-mgmt-managementgroups/0.1.0 Azure-SDK-For-Python + AZURECLI/2.0.52] method: GET - uri: https://management.azure.com/providers/Microsoft.Management/managementgroups/AzGovTest8/providers/Microsoft.Authorization/policyDefinitions?api-version=2018-03-01 + uri: https://management.azure.com/providers/Microsoft.Management/operationResults/delete/managementGroups/cli-test-mgmt-group000002?api-version=2018-03-01-preview response: - body: {string: '{"value":[{"properties":{"displayName":"[Preview]: Deploy Log - Analytics Agent for Linux VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy - Log Analytics Agent for Linux VMs if the VM Image (OS) is in the list defined - and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log - Analytics workspace","description":"Select Log Analytics workspace from dropdown - list. If this workspace is outside of the scope of the assignment you must - manually grant ''Log Analytics Contributor'' permissions (or similar) to the - policy assignment''s principal ID.","strongType":"omsWorkspace"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","sles-byos"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"OmsAgentForLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"OmsAgentForLinux","vmExtensionTypeHandlerVersion":"1.7"},"resources":[{"name":"[concat(parameters(''vmName''), - ''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''), - ''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''), - ''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled - extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77","type":"Microsoft.Authorization/policyDefinitions","name":"053d3325-282c-4e5c-b944-24faffd30d77"},{"properties":{"displayName":"Audit - enabling of diagnostic logs in Azure Data Lake Store","policyType":"BuiltIn","mode":"Indexed","description":"Audit - enabling of logs and retain them up to a year. This enables you to recreate - activity trails for investigation purposes when a security incident occurs - or your network is compromised","metadata":{"category":"Data Lake"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required - retention (days)","description":"The required diagnostic logs retention in - days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","type":"Microsoft.Authorization/policyDefinitions","name":"057ef27e-665e-4328-8ea3-04b3122bd9fb"},{"properties":{"displayName":"Audit - SQL DB Level Audit Setting","policyType":"BuiltIn","mode":"All","description":"Audit - DB level audit setting for SQL databases","metadata":{"category":"SQL","deprecated":true},"parameters":{"setting":{"type":"String","metadata":{"displayName":"Audit - Setting"},"allowedValues":["enabled","disabled"]}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers/databases"},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Sql/servers/databases/auditingSettings","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/auditingSettings.state","equals":"[parameters(''setting'')]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"Audit - VMs that do not use managed disks","policyType":"BuiltIn","mode":"All","description":"This - policy audits VMs that do not use managed disks","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/virtualMachines/osDisk.uri","exists":"True"}]},{"allOf":[{"field":"type","equals":"Microsoft.Compute/VirtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers","exists":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl","exists":"True"}]}]}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a4d"},{"properties":{"displayName":"[Preview]: - Deploy Log Analytics Agent for Windows VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy - Log Analytics Agent for Windows VMs if the VM Image (OS) is in the list defined - and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log - Analytics workspace","description":"Select Log Analytics workspace from dropdown - list. If this workspace is outside of the scope of the assignment you must - manually grant ''Log Analytics Contributor'' permissions (or similar) to the - policy assignment''s principal ID.","strongType":"omsWorkspace"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"MicrosoftMonitoringAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"MicrosoftMonitoringAgent","vmExtensionTypeHandlerVersion":"1.0"},"resources":[{"name":"[concat(parameters(''vmName''), - ''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''), - ''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''), - ''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled - extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c","type":"Microsoft.Authorization/policyDefinitions","name":"0868462e-646c-4fe3-9ced-a733534b6a2c"},{"properties":{"displayName":"[Preview]: - Audit minimum number of owners for subscription","policyType":"BuiltIn","mode":"All","description":"It - is recommended to designate more than one subscription owner in order to have - administrator access redundancy.","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DesignateMoreThanOneOwner","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b","type":"Microsoft.Authorization/policyDefinitions","name":"09024ccc-0c5f-475e-9457-b7c0d9ed487b"},{"properties":{"displayName":"[Preview]: - Monitor unencrypted VM Disks in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"VMs - without an enabled disk encryption will be monitored by Azure Security Center - as recommendations","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"encryption","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d","type":"Microsoft.Authorization/policyDefinitions","name":"0961003e-5a0a-4549-abde-af6a37f2724d"},{"properties":{"displayName":"Audit - resource location matches resource group location","policyType":"BuiltIn","mode":"Indexed","description":"Audit - that the resource location matches its resource group location","metadata":{"category":"General"},"policyRule":{"if":{"field":"location","notIn":["[resourcegroup().location]","global"]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a","type":"Microsoft.Authorization/policyDefinitions","name":"0a914e76-4921-4c19-b460-a2d36003525a"},{"properties":{"displayName":"[Preview]: - Audit Dependency Agent Deployment - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports - VMs as non-compliant if the VM Image (OS) is not in the list defined and the - agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","sles-byos"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.2-LTS","14.04.3-LTS","14.04.4-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","type":"Microsoft.Authorization/policyDefinitions","name":"11ac78e3-31bc-4f0c-8434-37ab963cea07"},{"properties":{"displayName":"[Preview]: - Deploy VM extension to audit Windows VM minimum password age 1 day","policyType":"BuiltIn","mode":"Indexed","description":"Include - this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft - Azure Managed Service Identity, and required content to check settings inside - the virtual machine. This security setting determines the period of time (in - days) that a password must be used before the user can change it.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"MinimumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"MinimumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), - ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), - ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","type":"Microsoft.Authorization/policyDefinitions","name":"16390df4-2f73-4b42-af13-c801066763df"},{"properties":{"displayName":"Audit - transparent data encryption status","policyType":"BuiltIn","mode":"Indexed","description":"Audit - transparent data encryption status for SQL databases","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers/databases"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"enabled"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"17k78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"[Preview]: - Deploy Dependency Agent for Windows VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy - Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined - and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentWindows"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentWindows","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''), - ''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled - extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04","type":"Microsoft.Authorization/policyDefinitions","name":"1c210e94-a481-4beb-95fa-1571b434fb04"},{"properties":{"displayName":"Audit - use of classic virtual machines","policyType":"BuiltIn","mode":"All","description":"Use - new Azure Resource Manager v2 for your virtual machines to provide security - enhancements such as: stronger access control (RBAC), better auditing, ARM-based - deployment and governance, access to managed identities, access to key vault - for secrets, Azure AD-based authentication and support for tags and resource - groups for easier security management","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.classicCompute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d","type":"Microsoft.Authorization/policyDefinitions","name":"1d84d5fb-01f6-4d12-ba4f-4a26081d403d"},{"properties":{"displayName":"Enforce - tag and its value","policyType":"BuiltIn","description":"Enforces a required - tag and its value. Does not apply to resource groups.","metadata":{"category":"General"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag - Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag - Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"not":{"field":"[concat(''tags['', - parameters(''tagName''), '']'')]","equals":"[parameters(''tagValue'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62","type":"Microsoft.Authorization/policyDefinitions","name":"1e30110a-5ceb-460c-a204-c1c3969c6d62"},{"properties":{"displayName":"Audit - provisioning of an Azure Active Directory administrator for SQL server","policyType":"BuiltIn","mode":"Indexed","description":"Audit - provisioning of an Azure Active Directory administrator for your SQL server - to enable Azure AD authentication. Azure AD authentication enables simplified - permission management and centralized identity management of database users - and other Microsoft services","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/administrators"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9","type":"Microsoft.Authorization/policyDefinitions","name":"1f314764-cb73-4fc9-b863-8eca98ac36e9"},{"properties":{"displayName":"[Preview]: - Monitor unprotected web application in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Web - applications without a Web Application Firewall protection will be monitored - by Azure Security Center as recommendations","metadata":{"category":"Security - Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Network/publicIPAddresses","Microsoft.ClassicCompute/domainNames","Microsoft.Web/hostingEnvironments"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"unprotectedWebApplication","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6","type":"Microsoft.Authorization/policyDefinitions","name":"201ea587-7c90-41c3-910f-c280ae01cfd6"},{"properties":{"displayName":"Audit - enabling of only secure connections to your Redis Cache","policyType":"BuiltIn","mode":"All","description":"Audit - enabling of only connections via SSL to Redis Cache. Use of secure connections - ensures authentication between the server and the service and protects data - in transit from network layer attacks such as man-in-the-middle, eavesdropping, - and session-hijacking","metadata":{"category":"Cache"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Cache/redis"},{"field":"Microsoft.Cache/Redis/enableNonSslPort","equals":"true"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb","type":"Microsoft.Authorization/policyDefinitions","name":"22bee202-a82f-4305-9a2a-6d7f44d4dedb"},{"properties":{"displayName":"[Preview]: - Deploy VM extension to audit Windows VM passwords must be at least 14 characters","policyType":"BuiltIn","mode":"Indexed","description":"Include - this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft - Azure Managed Service Identity, and required content to check settings inside - the virtual machine. This security setting determines the least number of - characters that a password for a user account may contain.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"MinimumPasswordLength","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"MinimumPasswordLength"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), - ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), - ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","type":"Microsoft.Authorization/policyDefinitions","name":"23020aa6-1135-4be2-bae2-149982b06eca"},{"properties":{"displayName":"[Preview]: - Audit Windows VM maximum password age 70 days","policyType":"BuiltIn","mode":"Indexed","description":"This - security setting determines the period of time (in days) that a password can - be used before the system requires the user to change it.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MaximumPasswordAge","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc","type":"Microsoft.Authorization/policyDefinitions","name":"24dde96d-f0b1-425e-884f-4a1421e2dcdc"},{"properties":{"displayName":"Audit - configuration of metric alert rules on Batch accounts","policyType":"BuiltIn","mode":"Indexed","description":"Audit - configuration of metric alert rules on Batch account to enable the required - metric","metadata":{"category":"Batch"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"metricName":{"type":"String","metadata":{"displayName":"Metric - name","description":"The metric name that an alert rule must be enabled on"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Batch/batchAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/alertRules","existenceScope":"Subscription","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/alertRules/isEnabled","equals":"true"},{"field":"Microsoft.Insights/alertRules/condition.dataSource.metricName","equals":"[parameters(''metricName'')]"},{"field":"Microsoft.Insights/alertRules/condition.dataSource.resourceUri","equals":"[concat(''/subscriptions/'', - subscription().subscriptionId, ''/resourcegroups/'', resourceGroup().name, - ''/providers/Microsoft.Batch/batchAccounts/'', field(''name''))]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7","type":"Microsoft.Authorization/policyDefinitions","name":"26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7"},{"properties":{"displayName":"Deploy - default Microsoft IaaSAntimalware extension for Windows Server","policyType":"BuiltIn","mode":"Indexed","description":"This - policy deploys a Microsoft IaaSAntimalware extension with a default configuraion - when a VM is not configured with the antimalware extension.","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"IaaSAntimalware"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Security"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"ExclusionsPaths":{"type":"string","defaultValue":"","metadata":{"description":"Semicolon - delimited list of file paths or locations to exclude from scanning"}},"ExclusionsExtensions":{"type":"string","defaultValue":"","metadata":{"description":"Semicolon - delimited list of file extensions to exclude from scanning"}},"ExclusionsProcesses":{"type":"string","defaultValue":"","metadata":{"description":"Semicolon - delimited list of process names to exclude from scanning"}},"RealtimeProtectionEnabled":{"type":"string","defaultValue":"true","metadata":{"description":"Indicates - whether or not real time protection is enabled (default is true)"}},"ScheduledScanSettingsIsEnabled":{"type":"string","defaultValue":"false","metadata":{"description":"Indicates - whether or not custom scheduled scan settings are enabled (default is false)"}},"ScheduledScanSettingsScanType":{"type":"string","defaultValue":"Quick","metadata":{"description":"Indicates - whether scheduled scan setting type is set to Quick or Full (default is Quick)"}},"ScheduledScanSettingsDay":{"type":"string","defaultValue":"7","metadata":{"description":"Day - of the week for scheduled scan (1-Sunday, 2-Monday, ..., 7-Saturday)"}},"ScheduledScanSettingsTime":{"type":"string","defaultValue":"120","metadata":{"description":"When - to perform the scheduled scan, measured in minutes from midnight (0-1440). - For example: 0 = 12AM, 60 = 1AM, 120 = 2AM."}}},"resources":[{"name":"[concat(parameters(''vmName''),''/IaaSAntimalware'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2017-12-01","properties":{"publisher":"Microsoft.Azure.Security","type":"IaaSAntimalware","typeHandlerVersion":"1.3","autoUpgradeMinorVersion":true,"settings":{"AntimalwareEnabled":true,"RealtimeProtectionEnabled":"[parameters(''RealtimeProtectionEnabled'')]","ScheduledScanSettings":{"isEnabled":"[parameters(''ScheduledScanSettingsIsEnabled'')]","day":"[parameters(''ScheduledScanSettingsDay'')]","time":"[parameters(''ScheduledScanSettingsTime'')]","scanType":"[parameters(''ScheduledScanSettingsScanType'')]"},"Exclusions":{"Extensions":"[parameters(''ExclusionsExtensions'')]","Paths":"[parameters(''ExclusionsPaths'')]","Processes":"[parameters(''ExclusionsProcesses'')]"}}}}]},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"RealtimeProtectionEnabled":{"value":"true"},"ScheduledScanSettingsIsEnabled":{"value":"true"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc","type":"Microsoft.Authorization/policyDefinitions","name":"2835b622-407b-4114-9198-6f7064cbe0dc"},{"properties":{"displayName":"Apply - tag and its default value","policyType":"BuiltIn","description":"Applies a - required tag and its default value if it is not specified by the user. Does - not apply to resource groups.","metadata":{"category":"General"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag - Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag - Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"field":"[concat(''tags['', - parameters(''tagName''), '']'')]","exists":"false"},"then":{"effect":"append","details":[{"field":"[concat(''tags['', - parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498","type":"Microsoft.Authorization/policyDefinitions","name":"2a0e14a6-b0a6-4fab-991a-187a4f81c498"},{"properties":{"displayName":"[Preview]: - Audit Windows VM should not store passwords using reversible encryption","policyType":"BuiltIn","mode":"Indexed","description":"This - security setting determines whether the operating system stores passwords - using reversible encryption.","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"StorePasswordsUsingReversibleEncryption","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6","type":"Microsoft.Authorization/policyDefinitions","name":"2d60d3b7-aa10-454c-88a8-de39d99d17c6"},{"properties":{"displayName":"[Preview]: - Audit Linux VM allowing remote connections from accounts with no passwords","policyType":"BuiltIn","mode":"Indexed","description":"This - security setting verifies remote connections from accounts with empty passwords - is disabled.","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","type":"Microsoft.Authorization/policyDefinitions","name":"2d67222d-05fd-4526-a171-2ee132ad9e83"},{"properties":{"displayName":"[Preview]: - Audit Log Analytics Agent Deployment - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports - VMs as non-compliant if the VM Image (OS) is not in the list defined and the - agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","sles-byos"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","type":"Microsoft.Authorization/policyDefinitions","name":"32133ab0-ee4b-4b44-98d6-042180979d50"},{"properties":{"displayName":"[Preview]: - Deploy VM extension to audit Linux VM accounts with no passwords","policyType":"BuiltIn","mode":"Indexed","description":"Include - this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft - Azure Managed Service Identity, and required content to check settings inside - the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and - Python. This security setting verifies there are no accounts without passwords.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordPolicy_msid232","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordPolicy_msid232"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), - ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), - ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","type":"Microsoft.Authorization/policyDefinitions","name":"3470477a-b35a-49db-aca5-1073d04524fe"},{"properties":{"displayName":"Audit - unrestricted network access to storage accounts","policyType":"BuiltIn","mode":"Indexed","description":"Audit - unrestricted network access in your storage account firewall settings. Instead, - configure network rules so only applications from allowed networks can access - the storage account. To allow connections from specific internet or on-premise - clients, access can be granted to traffic from specific Azure virtual networks - or to public internet IP address ranges","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.defaultAction","equals":"Allow"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c","type":"Microsoft.Authorization/policyDefinitions","name":"34c877ad-507e-4c82-993e-3452a6e0ad3c"},{"properties":{"displayName":"Audit - enabling of diagnostic logs in Logic Apps","policyType":"BuiltIn","mode":"Indexed","description":"Audit - enabling of logs and retain them up to a year. This enables you to recreate - activity trails for investigation purposes when a security incident occurs - or your network is compromised","metadata":{"category":"Logic Apps"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required - retention (days)","description":"The required diagnostic logs retention in - days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Logic/workflows"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d","type":"Microsoft.Authorization/policyDefinitions","name":"34f95f76-5386-4de7-b824-0d8478470c9d"},{"properties":{"displayName":"[Preview]: - Deploy VM extension to audit Windows VM maximum password age 70 days","policyType":"BuiltIn","mode":"Indexed","description":"Include - this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft - Azure Managed Service Identity, and required content to check settings inside - the virtual machine. This security setting determines the period of time (in - days) that a password can be used before the system requires the user to change - it.","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"MaximumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"MaximumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), - ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), - ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","type":"Microsoft.Authorization/policyDefinitions","name":"356a906e-05e5-4625-8729-90771e0ee934"},{"properties":{"displayName":"Audit - enablement of encryption of Automation account variables","policyType":"BuiltIn","mode":"All","description":"It - is important to enable encryption of Automation account variable assets when - storing sensitive data","metadata":{"category":"Automation"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Automation/automationAccounts/variables"},{"field":"Microsoft.Automation/automationAccounts/variables/isEncrypted","notEquals":"true"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735","type":"Microsoft.Authorization/policyDefinitions","name":"3657f5a0-770e-44a3-b44e-9431ba1e9735"},{"properties":{"displayName":"Deploy - Threat Detection on SQL servers","policyType":"BuiltIn","mode":"Indexed","description":"This - policy ensures that Threat Detection is enabled on SQL Servers.","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/securityAlertPolicies.state","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"serverName":{"type":"string"}},"variables":{},"resources":[{"name":"[concat(parameters(''serverName''), - ''/Default'')]","type":"Microsoft.Sql/servers/securityAlertPolicies","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","emailAccountAdmins":true}}]},"parameters":{"serverName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5","type":"Microsoft.Authorization/policyDefinitions","name":"36d49e87-48c4-4f2e-beed-ba4ed02b71f5"},{"properties":{"displayName":"Audit - use of classic storage accounts","policyType":"BuiltIn","mode":"All","description":"Use - new Azure Resource Manager v2 for your storage accounts to provide security - enhancements such as: stronger access control (RBAC), better auditing, Azure - Resource Manager based deployment and governance, access to managed identities, - access to key vault for secrets, Azure AD-based authentication and support - for tags and resource groups for easier security management","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.classicStorage/storageAccounts"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","type":"Microsoft.Authorization/policyDefinitions","name":"37e0d2fe-28a5-43d6-a273-67d37d1f5606"},{"properties":{"displayName":"Deploy - default Log Analytics Agent for Ubuntu VMs","policyType":"BuiltIn","mode":"Indexed","description":"This - policy deploys the Log Analytics Agent on Ubuntu VMs, and connects to the - selected Log Analytics workspace","metadata":{"category":"Compute","deprecated":true},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log - Analytics workspace","description":"Select Log Analytics workspace from dropdown - list. If this workspace is outside of the scope of the assignment you must - manually grant ''Log Analytics Contributor'' permissions (or similar) to the - policy assignment''s principal ID.","strongType":"omsWorkspace"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS","16.04-LTS","16.04.0-LTS","14.04.2-LTS","12.04.5-LTS"]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"OmsAgentForLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"resources":[{"name":"[concat(parameters(''vmName''),''/omsPolicy'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2017-12-01","properties":{"publisher":"Microsoft.EnterpriseCloud.Monitoring","type":"OmsAgentForLinux","typeHandlerVersion":"1.4","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''), - ''2015-03-20'').customerId]"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''), - ''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled - monitoring for Linux VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38","type":"Microsoft.Authorization/policyDefinitions","name":"3d8640fc-63f6-4734-8dcb-cfd3d8c78f38"},{"properties":{"displayName":"Audit - secure transfer to storage accounts","policyType":"BuiltIn","mode":"Indexed","description":"Audit - requirment of Secure transfer in your storage account. Secure transfer is - an option that forces your storage account to accept requests only from secure - connections (HTTPS). Use of HTTPS ensures authentication between the server - and the service and protects data in transit from network layer attacks such - as man-in-the-middle, eavesdropping, and session-hijacking","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly","equals":"True"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9","type":"Microsoft.Authorization/policyDefinitions","name":"404c3081-a854-4457-ae30-26a93ef643f9"},{"properties":{"displayName":"Audit - enabling of diagnostic logs in Batch accounts","policyType":"BuiltIn","mode":"Indexed","description":"Audit - enabling of logs and retain them up to a year. This enables you to recreate - activity trails for investigation purposes when a security incident occurs - or your network is compromised","metadata":{"category":"Batch"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required - retention (days)","description":"The required diagnostic logs retention in - days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Batch/batchAccounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d","type":"Microsoft.Authorization/policyDefinitions","name":"428256e6-1fac-4f48-a757-df34c2b3336d"},{"properties":{"displayName":"[Preview]: - Monitor permissive network access in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Network - Security Groups with too permissive rules will be monitored by Azure Security - Center as recommendations","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"permissiveNetworkAccess","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed","type":"Microsoft.Authorization/policyDefinitions","name":"44452482-524f-4bf4-b852-0bff7cc4a3ed"},{"properties":{"displayName":"Require - SQL Server version 12.0","policyType":"BuiltIn","description":"This policy - ensures all SQL servers use version 12.0","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers"},{"not":{"field":"Microsoft.Sql/servers/version","equals":"12.0"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf","type":"Microsoft.Authorization/policyDefinitions","name":"464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf"},{"properties":{"displayName":"Enforce - automatic OS upgrade with app health checks on VMSS","policyType":"BuiltIn","mode":"All","description":"This - policy enforces usage of automatic OS upgrade with application health checks - through health probes, which enables safer rollout by evaluating application - health after each OS upgrade batch.","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"anyOf":[{"not":{"field":"Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade","equals":"True"}},{"field":"Microsoft.Compute/VirtualMachineScaleSets/networkProfile.healthProbe.id","exists":"False"}]}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a","type":"Microsoft.Authorization/policyDefinitions","name":"465f0161-0087-490a-9ad9-ad6217f4f43a"},{"properties":{"displayName":"[Preview]: - Monitor possible app Whitelisting in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Possible - Application Whitelist configuration will be monitored by Azure Security Center","metadata":{"category":"Security - Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"applicationWhitelisting","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc","type":"Microsoft.Authorization/policyDefinitions","name":"47a6b606-51aa-4496-8bb7-64b11cf66adc"},{"properties":{"displayName":"Apply - tag and its default value to resource groups","policyType":"BuiltIn","mode":"All","description":"Applies - a required tag and its default value to resource groups if it is not specified - by the user.","metadata":{"category":"General"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag - Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag - Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"[concat(''tags['', - parameters(''tagName''), '']'')]","exists":"false"},{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"}]},"then":{"effect":"append","details":[{"field":"[concat(''tags['', - parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71","type":"Microsoft.Authorization/policyDefinitions","name":"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71"},{"properties":{"displayName":"[Preview]: - Deploy Dependency Agent for Linux VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy - Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined - and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.2-LTS","14.04.3-LTS","14.04.4-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","sles-byos"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentLinux","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''), - ''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled - extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee","type":"Microsoft.Authorization/policyDefinitions","name":"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee"},{"properties":{"displayName":"[Preview]: - Audit maximum number of owners for a subscription","policyType":"BuiltIn","mode":"All","description":"It - is recommended to designate up to 3 subscription owners in order to reduce - the potential for breach by a compromised owner.","metadata":{"category":"Security - Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"DesignateLessThanXOwners","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c","type":"Microsoft.Authorization/policyDefinitions","name":"4f11b553-d42e-4e3a-89be-32ca364cad4c"},{"properties":{"displayName":"[Preview]: - Audit Windows VM minimum password age 1 day","policyType":"BuiltIn","mode":"Indexed","description":"This - security setting determines the period of time (in days) that a password must - be used before the user can change it.","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordAge","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7","type":"Microsoft.Authorization/policyDefinitions","name":"5aa11bbc-5c76-4302-80e5-aba46a4282e7"},{"properties":{"displayName":"[Preview]: - Audit Windows VM passwords must be at least 14 characters","policyType":"BuiltIn","mode":"Indexed","description":"This - security setting determines the least number of characters that a password - for a user account may contain.","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","type":"Microsoft.Authorization/policyDefinitions","name":"5aebc8d1-020d-4037-89a0-02043a7524ec"},{"properties":{"displayName":"[Preview]: - Audit external accounts with write permissions on a subscription","policyType":"BuiltIn","mode":"All","description":"External - accounts with write privileges should be removed from your subscription in - order to prevent unmonitored access.","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","type":"Microsoft.Authorization/policyDefinitions","name":"5c607a2e-c700-4744-8254-d77e7c9eb5e4"},{"properties":{"displayName":"Allow - resource creation only in India data centers","policyType":"BuiltIn","description":"Allows - resource creation in the following locations only: West India, South India, - Central India","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["westindia","southindia","centralindia"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54","type":"Microsoft.Authorization/policyDefinitions","name":"5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54"},{"properties":{"displayName":"[Preview]: - Audit external accounts with read permissions on a subscription","policyType":"BuiltIn","mode":"All","description":"External - accounts with read privileges should be removed from your subscription in - order to prevent unmonitored access.","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsReadPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60","type":"Microsoft.Authorization/policyDefinitions","name":"5f76cf89-fbf2-47fd-a3f4-b891fa780b60"},{"properties":{"displayName":"[Preview]: - Audit web servers inside Windows VMs must use TLS minimum version 1.1 encryption","policyType":"BuiltIn","mode":"Indexed","description":"This - policy will audit instances of Internet Information Services (IIS) running - inside Windows virtual machines, to verify that TLS minimum version 1.1 is - used for encryption.","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"AuditSecureProtocol","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c","type":"Microsoft.Authorization/policyDefinitions","name":"60ffe3e2-4604-4460-8f22-0f1da058266c"},{"properties":{"displayName":"Audit - the setting of ClusterProtectionLevel property to EncryptAndSign in Service - Fabric","policyType":"BuiltIn","mode":"Indexed","description":"Service Fabric - provides three levels of protection (None, Sign and EncryptAndSign) for node-to-node - communication using a primary cluster certificate. Set the protection level - to ensure that all node-to-node messages are encrypted and digitally signed","metadata":{"category":"Service - Fabric"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceFabric/clusters"},{"anyOf":[{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].name","notEquals":"Security"},{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].name","notEquals":"ClusterProtectionLevel"},{"field":"Microsoft.ServiceFabric/clusters/fabricSettings[*].parameters[*].value","notEquals":"EncryptAndSign"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68","type":"Microsoft.Authorization/policyDefinitions","name":"617c02be-7f02-4efd-8836-3180d47b6c68"},{"properties":{"displayName":"[Preview]: - Audit missing blob encryption for storage accounts","policyType":"BuiltIn","mode":"All","description":"This - policy audits storage accounts without blob encryption. It only applies to - Microsoft.Storage resource types, not other storage providers. Possible network - Just In Time access will be monitored by Azure Security Center as recommendations.","metadata":{"category":"Security - Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"True"}}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759","type":"Microsoft.Authorization/policyDefinitions","name":"655cb504-bcee-4362-bd4c-402e6aa38759"},{"properties":{"displayName":"[Preview]: - Audit deprecated accounts on a subscription","policyType":"BuiltIn","mode":"All","description":"Deprecated - accounts should be removed from your subscriptions. Deprecated accounts are - accounts that have been blocked from signing in.","metadata":{"category":"Security - Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveDeprecatedAccounts","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474","type":"Microsoft.Authorization/policyDefinitions","name":"6b1cbf55-e8b6-442f-ba4c-7246b6381474"},{"properties":{"displayName":"Not - allowed resource types","policyType":"BuiltIn","description":"This policy - enables you to specify the resource types that your organization cannot deploy.","metadata":{"category":"General"},"parameters":{"listOfResourceTypesNotAllowed":{"type":"Array","metadata":{"description":"The - list of resource types that cannot be deployed.","displayName":"Not allowed - resource types","strongType":"resourceTypes"}}},"policyRule":{"if":{"field":"type","in":"[parameters(''listOfResourceTypesNotAllowed'')]"},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749","type":"Microsoft.Authorization/policyDefinitions","name":"6c112d4e-5bc7-47ae-a041-ea2d9dccd749"},{"properties":{"displayName":"Allow - resource creation only in Japan data centers","policyType":"BuiltIn","description":"Allows - resource creation in the following locations only: Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4","type":"Microsoft.Authorization/policyDefinitions","name":"6fdb9205-3462-4cfc-87d8-16c7860b53f4"},{"properties":{"displayName":"[Preview]: - Deploy VM extension to audit Windows VM should not allow previous 24 passwords","policyType":"BuiltIn","mode":"Indexed","description":"Include - this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft - Azure Managed Service Identity, and required content to check settings inside - the virtual machine. This security setting determines the number of unique - new passwords that have to be associated with a user account before an old - password can be reused.","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"EnforcePasswordHistory","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"EnforcePasswordHistory"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), - ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), - ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","type":"Microsoft.Authorization/policyDefinitions","name":"726671ac-c4de-4908-8c7d-6043ae62e3b6"},{"properties":{"displayName":"Allowed - storage account SKUs","policyType":"BuiltIn","description":"This policy enables - you to specify a set of storage account SKUs that your organization can deploy.","metadata":{"category":"Storage"},"parameters":{"listOfAllowedSKUs":{"type":"Array","metadata":{"description":"The - list of SKUs that can be specified for storage accounts.","displayName":"Allowed - SKUs","strongType":"StorageSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1","type":"Microsoft.Authorization/policyDefinitions","name":"7433c107-6db4-4ad1-b57a-a76dce0154a1"},{"properties":{"displayName":"Audit - enabling of diagnostic logs in App Services","policyType":"BuiltIn","mode":"All","description":"Audit - enabling of diagnostic logs on the app. This enables you to recreate activity - trails for investigation purposes if a security incident occurs or your network - is compromised","metadata":{"category":"App Service"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites/config"},{"field":"name","equals":"web"},{"anyOf":[{"field":"Microsoft.Web/sites/config/detailedErrorLoggingEnabled","notEquals":"true"},{"field":"Microsoft.Web/sites/config/httpLoggingEnabled","notEquals":"true"},{"field":"Microsoft.Web/sites/config/requestTracingEnabled","notEquals":"true"}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac","type":"Microsoft.Authorization/policyDefinitions","name":"752c6934-9bcc-4749-b004-655e676ae2ac"},{"properties":{"displayName":"[Preview]: - Monitor VM Vulnerabilities in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Monitors - vulnerabilities detected by Vulnerability Assessment solution and VMs without - a Vulnerability Assessment solution in Azure Security Center as recommendations.","metadata":{"category":"Security - Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"vulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","type":"Microsoft.Authorization/policyDefinitions","name":"760a85ff-6162-42b3-8d70-698e268f648c"},{"properties":{"displayName":"Audit - enabling of diagnostics logs in Service Fabric and Virtual Machine Scale Sets","policyType":"BuiltIn","mode":"Indexed","description":"It - is recommended to enable Logs so that activity trail can be recreated when - investigations are required in the event of an incident or a compromise.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"IaaSDiagnostics"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Diagnostics"}]},{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"LinuxDiagnostic"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.OSTCExtensions"}]}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1","type":"Microsoft.Authorization/policyDefinitions","name":"7c1b1214-f927-48bf-8882-84f0af6588b1"},{"properties":{"displayName":"Require - blob encryption for storage accounts","policyType":"BuiltIn","description":"This - policy ensures blob encryption for storage accounts is turned on. It only - applies to Microsoft.Storage resource types, not other storage providers.","metadata":{"category":"Storage"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"false"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f","type":"Microsoft.Authorization/policyDefinitions","name":"7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f"},{"properties":{"displayName":"[Preview]: - Deploy VM extension to audit Windows VM enforces password complexity requirements","policyType":"BuiltIn","mode":"Indexed","description":"Include - this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft - Azure Managed Service Identity, and required content to check settings inside - the virtual machine. If this policy is enabled, passwords must meet minimum - requirements. See documentation for full details at URL http://aka.ms/gcpol.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordMustMeetComplexityRequirements","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordMustMeetComplexityRequirements"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), - ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), - ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","type":"Microsoft.Authorization/policyDefinitions","name":"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8"},{"properties":{"displayName":"Audit - diagnostic setting","policyType":"BuiltIn","mode":"All","description":"Audit - diagnostic setting for selected resource types","metadata":{"category":"Monitoring"},"parameters":{"listOfResourceTypes":{"type":"Array","metadata":{"displayName":"Resource - Types","strongType":"resourceTypes"}}},"policyRule":{"if":{"field":"type","in":"[parameters(''listOfResourceTypes'')]"},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"},{"field":"Microsoft.Insights/diagnosticSettings/metrics.enabled","equals":"true"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9","type":"Microsoft.Authorization/policyDefinitions","name":"7f89b1eb-583c-429a-8828-af049802c1d9"},{"properties":{"displayName":"Audit - enabling of diagnostic logs in Event Hub","policyType":"BuiltIn","mode":"Indexed","description":"Audit - enabling of logs and retain them up to a year. This enables recreation of - activity trails for investigation purposes when a security incident occurs - or your network is compromised","metadata":{"category":"Event Hub"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required - retention (days)","description":"The required diagnostic logs retention in - days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","type":"Microsoft.Authorization/policyDefinitions","name":"83a214f7-d01a-484b-91a9-ed54470c9a6a"},{"properties":{"displayName":"Deploy - SQL DB transparent data encryption","policyType":"BuiltIn","mode":"Indexed","description":"Enables - transparent data encryption on SQL databases","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers/databases"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"fullDbName":{"type":"string"}},"resources":[{"name":"[concat(parameters(''fullDbName''), - ''/current'')]","type":"Microsoft.Sql/servers/databases/transparentDataEncryption","apiVersion":"2014-04-01","properties":{"status":"Enabled"}}]},"parameters":{"fullDbName":{"value":"[field(''fullName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f","type":"Microsoft.Authorization/policyDefinitions","name":"86a912f6-9a06-4e26-b447-11b16ba8659f"},{"properties":{"displayName":"[Preview]: - Monitor missing system updates in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Missing - security system updates on your servers will be monitored by Azure Security - Center as recommendations","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines","Microsoft.OperationalInsights/workspaces"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"systemUpdates","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60","type":"Microsoft.Authorization/policyDefinitions","name":"86b3d65f-7626-441e-b690-81a8b71cff60"},{"properties":{"displayName":"Enforce - tag and its value on resource groups","policyType":"BuiltIn","mode":"All","description":"Enforces - a required tag and its value on resource groups.","metadata":{"category":"General"},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag - Name","description":"Name of the tag, such as ''environment''"}},"tagValue":{"type":"String","metadata":{"displayName":"Tag - Value","description":"Value of the tag, such as ''production''"}}},"policyRule":{"if":{"allOf":[{"field":"[concat(''tags['', - parameters(''tagName''), '']'')]","notEquals":"[parameters(''tagValue'')]"},{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46","type":"Microsoft.Authorization/policyDefinitions","name":"8ce3da23-7156-49e4-b145-24f95f9dcb46"},{"properties":{"displayName":"[Preview]: - Deploy VM extension to audit Windows VM should not store passwords using reversible - encryption","policyType":"BuiltIn","mode":"Indexed","description":"Include - this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft - Azure Managed Service Identity, and required content to check settings inside - the virtual machine. This security setting determines whether the operating - system stores passwords using reversible encryption.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"StorePasswordsUsingReversibleEncryption","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"StorePasswordsUsingReversibleEncryption"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), - ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), - ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","type":"Microsoft.Authorization/policyDefinitions","name":"8ff0b18b-262e-4512-857a-48ad0aeb9a78"},{"properties":{"displayName":"[Preview]: - Audit accounts with write permissions who are not MFA enabled on a subscription","policyType":"BuiltIn","mode":"All","description":"Multi-Factor - Authentication (MFA) should be enabled for all subscription accounts with - write privileges to prevent a breach of accounts or resources.","metadata":{"category":"Security - Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3","type":"Microsoft.Authorization/policyDefinitions","name":"9297c21d-2ed6-4474-b48f-163f75654ce3"},{"properties":{"displayName":"Allow - resource creation only in European data centers","policyType":"BuiltIn","description":"Allows - resource creation in the following locations only: North Europe, West Europe","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["northeurope","westeurope"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b","type":"Microsoft.Authorization/policyDefinitions","name":"94c19f19-8192-48cd-a11b-e37099d3e36b"},{"properties":{"displayName":"Allow - resource creation only in United States data centers","policyType":"BuiltIn","description":"Allows - resource creation in the following locations only: Central US, East US, East - US2, North Central US, South Central US, West US","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["centralus","eastus","eastus2","northcentralus","southcentralus","westus"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/983211ba-f348-4758-983b-21fa29294869","type":"Microsoft.Authorization/policyDefinitions","name":"983211ba-f348-4758-983b-21fa29294869"},{"properties":{"displayName":"[Preview]: - Monitor unprotected network endpoints in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Network - endpoints without a Next Generation Firewall''s protection will be monitored - by Azure Security Center as recommendations","metadata":{"category":"Security - Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Network/publicIPAddresses","Microsoft.ClassicCompute/domainNames"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"unprotectedNetworkEndpoint","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6","type":"Microsoft.Authorization/policyDefinitions","name":"9daedab3-fb2d-461e-b861-71790eead4f6"},{"properties":{"displayName":"Allowed - resource types","policyType":"BuiltIn","description":"This policy enables - you to specify the resource types that your organization can deploy.","metadata":{"category":"General"},"parameters":{"listOfResourceTypesAllowed":{"type":"Array","metadata":{"description":"The - list of resource types that can be deployed.","displayName":"Allowed resource - types","strongType":"resourceTypes"}}},"policyRule":{"if":{"not":{"field":"type","in":"[parameters(''listOfResourceTypesAllowed'')]"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c","type":"Microsoft.Authorization/policyDefinitions","name":"a08ec900-254a-4555-9bf5-e42af04b5c5c"},{"properties":{"displayName":"Audit - authorization rules on Service Bus namespaces","policyType":"BuiltIn","mode":"All","description":"Service - Bus clients should not use a namespace level access policy that provides access - to all queues and topics in a namespace. To align with the least privilege - security model, you shoud create access policies at the entity level for queues - and topics to provide access to only the specific entity","metadata":{"category":"Service - Bus"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceBus/namespaces/authorizationRules"},{"field":"name","notEquals":"RootManageSharedAccessKey"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee","type":"Microsoft.Authorization/policyDefinitions","name":"a1817ec0-a368-432a-8057-8371e17ac6ee"},{"properties":{"displayName":"Audit - usage of custom RBAC rules","policyType":"BuiltIn","mode":"All","description":"Audit - built-in roles such as ''Owner, Contributer, Reader'' instead of custom RBAC - roles, which are error prone. Using custom roles is treated as an exception - and requires a rigorous review and threat modeling","metadata":{"category":"General"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Authorization/roleDefinitions"},{"field":"Microsoft.Authorization/roleDefinitions/type","equals":"CustomRole"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5","type":"Microsoft.Authorization/policyDefinitions","name":"a451c1ef-c6ca-483d-87ed-f49761e3ffb5"},{"properties":{"displayName":"Audit - SQL server level Auditing settings","policyType":"BuiltIn","mode":"Indexed","description":"Audits - the existence of SQL Auditing at the server level","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"setting":{"type":"String","metadata":{"displayName":"Desired - Auditing setting"},"allowedValues":["enabled","disabled"],"defaultValue":"enabled"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"default","existenceCondition":{"field":"Microsoft.Sql/auditingSettings.state","equals":"[parameters(''setting'')]"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9","type":"Microsoft.Authorization/policyDefinitions","name":"a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9"},{"properties":{"displayName":"Enforce - encryption on Data Lake Store accounts","policyType":"BuiltIn","mode":"Indexed","description":"This - policy ensures encryption is enabled on all Data Lake Store accounts","metadata":{"category":"Data - Lake"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},{"field":"Microsoft.DataLakeStore/accounts/encryptionState","equals":"Disabled"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a","type":"Microsoft.Authorization/policyDefinitions","name":"a7ff3161-0087-490a-9ad9-ad6217f4f43a"},{"properties":{"displayName":"[Preview]: - Monitor unencrypted SQL database in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Unencrypted - SQL servers or databases will be monitored by Azure Security Center as recommendations","metadata":{"category":"Security - Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.SQL/servers","Microsoft.SQL/servers/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"encryption","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16","type":"Microsoft.Authorization/policyDefinitions","name":"a8bef009-a5c9-4d0f-90d7-6018734e8a16"},{"properties":{"displayName":"Deploy - network watcher when virtual networks are created","policyType":"BuiltIn","mode":"Indexed","description":"This - policy creates a network watcher resource in regions with virtual networks. - You need to ensure existence of a resource group named networkWatcherRG, which - will be used to deploy network watcher instances.","metadata":{"category":"Network"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Network/virtualNetworks"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Network/networkWatchers","resourceGroupName":"networkWatcherRG","existenceCondition":{"field":"location","equals":"[field(''location'')]"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json","contentVersion":"1.0.0.0","parameters":{"location":{"type":"string"}},"resources":[{"apiVersion":"2016-09-01","type":"Microsoft.Network/networkWatchers","name":"[concat(''networkWacher_'', - parameters(''location''))]","location":"[parameters(''location'')]"}]},"parameters":{"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9","type":"Microsoft.Authorization/policyDefinitions","name":"a9b99dd8-06c5-4317-8629-9d86a3c6e7d9"},{"properties":{"displayName":"[Preview]: - Audit accounts with owner permissions who are not MFA enabled on a subscription","policyType":"BuiltIn","mode":"All","description":"Multi-Factor - Authentication (MFA) should be enabled for all subscription accounts with - owner permissions to prevent a breach of accounts or resources.","metadata":{"category":"Security - Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed","type":"Microsoft.Authorization/policyDefinitions","name":"aa633080-8b72-40c4-a2d7-d00c03e80bed"},{"properties":{"displayName":"[Preview]: - Automatic provisioning of security monitoring agent","policyType":"BuiltIn","mode":"All","description":"Installs - security agent on VMs for advanced security alerts and preventions in Azure - Security Center. Applies only for subscriptions that use Azure Security Center.","metadata":{"category":"Security - Center","preview":true,"deprecated":true},"parameters":{},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Security/complianceResults","name":"securityAgent","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24","type":"Microsoft.Authorization/policyDefinitions","name":"abcc6037-1fc4-47f6-aac5-89706589be24"},{"properties":{"displayName":"Allow - resource creation if ''environment'' tag value in allowed values","policyType":"BuiltIn","description":"Allows - resource creation if the ''environment'' tag is set to one of the following - values: production, dev, test, staging","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"tags.environment","in":["production","dev","test","staging"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9","type":"Microsoft.Authorization/policyDefinitions","name":"ac7e5fc0-c029-4b12-91d4-a8500ce697f9"},{"properties":{"displayName":"[Preview]: - Monitor missing Endpoint Protection in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Servers - without an installed Endpoint Protection agent will be monitored by Azure - Security Center as recommendations","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines","Microsoft.OperationalInsights/workspaces"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"endpointProtection","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9","type":"Microsoft.Authorization/policyDefinitions","name":"af6cd1bd-1635-48cb-bde7-5b15693900b9"},{"properties":{"displayName":"[Preview]: - Monitor unaudited SQL database in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"SQL - servers and databases which doesn''t have SQL auditing turned on will be monitored - by Azure Security Center as recommendations","metadata":{"category":"Security - Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.SQL/servers","Microsoft.SQL/servers/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"auditing","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d","type":"Microsoft.Authorization/policyDefinitions","name":"af8051bf-258b-44e2-a2bf-165330459f9d"},{"properties":{"displayName":"[Preview]: - Monitor possible network Just In Time (JIT) access in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Possible - network Just In Time (JIT) access will be monitored by Azure Security Center - as recommendations","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"jitNetworkAccess","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c","type":"Microsoft.Authorization/policyDefinitions","name":"b0f33259-77d7-4c9e-aac6-3aabcfae693c"},{"properties":{"displayName":"[Preview]: - Audit Linux VM /etc/passwd file permissions are set to 0644","policyType":"BuiltIn","mode":"Indexed","description":"This - security setting verifies /etc/passwd file permissions are set to 0644 to - prevent unauthorized changes that could allow access to the server.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid121","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b","type":"Microsoft.Authorization/policyDefinitions","name":"b18175dd-c599-4c64-83ba-bb018a06d35b"},{"properties":{"displayName":"Audit - authorization rules on Event Hub namespaces","policyType":"BuiltIn","mode":"All","description":"Event - Hub clients should not use a namespace level access policy that provides access - to all queues and topics in a namespace. To align with the least privilege - security model, you shoud create access policies at the entity level for queues - and topics to provide access to only the specific entity","metadata":{"category":"Event - Hub"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"name","notEquals":"RootManageSharedAccessKey"},{"field":"type","equals":"Microsoft.EventHub/namespaces/authorizationRules"}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7","type":"Microsoft.Authorization/policyDefinitions","name":"b278e460-7cfc-4451-8294-cccc40a940d7"},{"properties":{"displayName":"[Preview]: - Deploy VM extension to audit web servers inside Windows VMs must use TLS minimum - version 1.1 encryption","policyType":"BuiltIn","mode":"Indexed","description":"Include - this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft - Azure Managed Service Identity, and required content to audit instances of - Internet Information Services (IIS) running inside Windows virtual machines, - to verify that TLS minimum version 1.1 is used for encryption.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"AuditSecureProtocol","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AuditSecureProtocol"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), - ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), - ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","type":"Microsoft.Authorization/policyDefinitions","name":"b2fc8f91-866d-4434-9089-5ebfe38d6fd8"},{"properties":{"displayName":"Audit - enabling of diagnostic logs for Search service","policyType":"BuiltIn","mode":"Indexed","description":"Audit - enabling of logs and retain them up to a year. This enables you to recreate - activity trails for investigation purposes when a security incident occurs - or your network is compromised","metadata":{"category":"Search"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required - retention (days)","description":"The required diagnostic logs retention in - days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Search/searchServices"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4","type":"Microsoft.Authorization/policyDefinitions","name":"b4330a05-a843-4bc8-bf9a-cacce50c67f4"},{"properties":{"displayName":"Audit - usage of Azure Active Directory for client authentication in Service Fabric","policyType":"BuiltIn","mode":"Indexed","description":"Audit - usage of client authentication only via Azure Active Directory in Service - Fabric","metadata":{"category":"Service Fabric"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.ServiceFabric/clusters"},{"anyOf":[{"field":"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId","exists":"false"},{"field":"Microsoft.ServiceFabric/clusters/azureActiveDirectory.tenantId","equals":""}]}]},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0","type":"Microsoft.Authorization/policyDefinitions","name":"b54ed75b-3e1a-44ac-a333-05ba39b99ff0"},{"properties":{"displayName":"Allow - resource creation only in Asia data centers","policyType":"BuiltIn","description":"Allows - resource creation in the following locations only: East Asia, Southeast Asia, - West India, South India, Central India, Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["eastasia","southeastasia","westindia","southindia","centralindia","japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c1b9cbed-08e3-427d-b9ce-7c535b1e9b94","type":"Microsoft.Authorization/policyDefinitions","name":"c1b9cbed-08e3-427d-b9ce-7c535b1e9b94"},{"properties":{"displayName":"[Preview]: - Audit Linux VM accounts with no passwords","policyType":"BuiltIn","mode":"Indexed","description":"This - security setting verifies there are no accounts without passwords.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid232","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05","type":"Microsoft.Authorization/policyDefinitions","name":"c40c9087-1981-4e73-9f53-39743eda9d05"},{"properties":{"displayName":"Audit - enabling of diagnostic logs in Data Lake Analytics","policyType":"BuiltIn","mode":"Indexed","description":"Audit - enabling of logs and retain them up to a year. This enables you to recreate - activity trails for investigation purposes when a security incident occurs - or your network is compromised","metadata":{"category":"Data Lake"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required - retention (days)","description":"The required diagnostic logs retention in - days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeAnalytics/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c","type":"Microsoft.Authorization/policyDefinitions","name":"c95c74d9-38fe-4f0d-af86-0c7d626a315c"},{"properties":{"displayName":"Apply - Diagnostic Settings for Network Security Groups","policyType":"BuiltIn","mode":"Indexed","description":"This - policy automatically deploys diagnostic settings to network security groups.","metadata":{"category":"Monitoring"},"parameters":{"storagePrefix":{"type":"String","metadata":{"displayName":"Storage - Account Prefix for Regional Storage Account"}},"rgName":{"type":"String","metadata":{"displayName":"Resource - Group Name for Storage Account (must exist)","description":"This resource - group must already exist","strongType":"ExistingResourceGroups"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Network/networkSecurityGroups"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","name":"setbypolicy","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"location":{"type":"string"},"storagePrefix":{"type":"string"},"nsgName":{"type":"string"},"rgName":{"type":"string"}},"variables":{"storageDeployName":"[concat(''policyStorage_'', - uniqueString(parameters(''location''), parameters(''nsgName'')))]"},"resources":[{"type":"Microsoft.Network/networkSecurityGroups/providers/diagnosticSettings","name":"[concat(parameters(''nsgName''),''/Microsoft.Insights/setbypolicy'')]","apiVersion":"2017-05-01-preview","location":"[parameters(''location'')]","dependsOn":["[variables(''storageDeployName'')]"],"properties":{"storageAccountId":"[reference(variables(''storageDeployName'')).outputs.storageAccountId.value]","logs":[{"category":"NetworkSecurityGroupEvent","enabled":true,"retentionPolicy":{"enabled":false,"days":0}},{"category":"NetworkSecurityGroupRuleCounter","enabled":true,"retentionPolicy":{"enabled":false,"days":0}}]}},{"apiVersion":"2017-05-10","name":"[variables(''storageDeployName'')]","type":"Microsoft.Resources/deployments","resourceGroup":"[parameters(''rgName'')]","properties":{"mode":"incremental","parameters":{"location":{"value":"[parameters(''location'')]"},"storagePrefix":{"value":"[parameters(''storagePrefix'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json","contentVersion":"1.0.0.0","parameters":{"location":{"type":"string"},"storagePrefix":{"type":"string"}},"resources":[{"apiVersion":"2017-06-01","type":"Microsoft.Storage/storageAccounts","name":"[concat(parameters(''storageprefix''), - parameters(''location''))]","sku":{"name":"Standard_LRS","tier":"Standard"},"kind":"Storage","location":"[parameters(''location'')]","tags":{"created-by":"policy"},"scale":null,"properties":{"networkAcls":{"bypass":"AzureServices","defaultAction":"Allow","ipRules":[],"virtualNetworkRules":[]},"supportsHttpsTrafficOnly":true}}],"outputs":{"storageAccountId":{"type":"string","value":"[resourceId(parameters(''rgName''), - ''Microsoft.Storage/storageAccounts'',concat(parameters(''storagePrefix''), - parameters(''location'')))]"}}}}}]},"parameters":{"location":{"value":"[field(''location'')]"},"storagePrefix":{"value":"[parameters(''storagePrefix'')]"},"rgName":{"value":"[parameters(''rgName'')]"},"nsgName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89","type":"Microsoft.Authorization/policyDefinitions","name":"c9c29499-c1d1-4195-99bd-2ec9e3a9dc89"},{"properties":{"displayName":"Allowed - virtual machine SKUs","policyType":"BuiltIn","description":"This policy enables - you to specify a set of virtual machine SKUs that your organization can deploy.","metadata":{"category":"Compute"},"parameters":{"listOfAllowedSKUs":{"type":"Array","metadata":{"description":"The - list of SKUs that can be specified for virtual machines.","displayName":"Allowed - SKUs","strongType":"VMSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"field":"Microsoft.Compute/virtualMachines/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3","type":"Microsoft.Authorization/policyDefinitions","name":"cccc23c7-8427-4f53-ad12-b6a63eb452b3"},{"properties":{"displayName":"Allow - resource creation if ''department'' tag set","policyType":"BuiltIn","description":"Allows - resource creation only if the ''department'' tag is set","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"tags","containsKey":"department"}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064","type":"Microsoft.Authorization/policyDefinitions","name":"cd8dc879-a2ae-43c3-8211-1877c5755064"},{"properties":{"displayName":"[Preview]: - Audit Windows VM should not allow previous 24 passwords","policyType":"BuiltIn","mode":"Indexed","description":"This - security setting determines the number of unique new passwords that have to - be associated with a user account before an old password can be reused.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"EnforcePasswordHistory","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293","type":"Microsoft.Authorization/policyDefinitions","name":"cdbf72d9-ac9c-4026-8a3a-491a5ac59293"},{"properties":{"displayName":"Audit - enabling of diagnostic logs in Key Vault","policyType":"BuiltIn","mode":"Indexed","description":"Audit - enabling of logs and retain them up to a year. This enables you to recreate - activity trails for investigation purposes when a security incident occurs - or your network is compromised","metadata":{"category":"Key Vault"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required - retention (days)","description":"The required diagnostic logs retention in - days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21","type":"Microsoft.Authorization/policyDefinitions","name":"cf820ca0-f99e-4f3e-84fb-66e913812d21"},{"properties":{"displayName":"Allow - resource creation only in Japan data centers","policyType":"BuiltIn","description":"Allows - resource creation in the following locations only: Japan East, Japan West","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["japaneast","japanwest"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697","type":"Microsoft.Authorization/policyDefinitions","name":"e01598e8-6538-41ed-95e8-8b29746cd697"},{"properties":{"displayName":"[Preview]: - Monitor OS vulnerabilities in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Servers - which do not satisfy the configured baseline will be monitored by Azure Security - Center as recommendations","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines","Microsoft.OperationalInsights/workspaces"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"osVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","type":"Microsoft.Authorization/policyDefinitions","name":"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15"},{"properties":{"displayName":"[Preview]: - Audit accounts with read permissions who are not MFA enabled on a subscription","policyType":"BuiltIn","mode":"All","description":"Multi-Factor - Authentication (MFA) should be enabled for all subscription accounts with - read privileges to prevent a breach of accounts or resources.","metadata":{"category":"Security - Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"EnableMFAForReadPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64","type":"Microsoft.Authorization/policyDefinitions","name":"e3576e28-8b17-4677-84c3-db2990658d64"},{"properties":{"displayName":"Allowed - locations","policyType":"BuiltIn","description":"This policy enables you to - restrict the locations your organization can specify when deploying resources. - Use to enforce your geo-compliance requirements. Excludes resource groups, - Microsoft.AzureActiveDirectory/b2cDirectories, and resources that use the - ''global'' region.","metadata":{"category":"General"},"parameters":{"listOfAllowedLocations":{"type":"Array","metadata":{"description":"The - list of locations that can be specified when deploying resources.","strongType":"location","displayName":"Allowed - locations"}}},"policyRule":{"if":{"allOf":[{"field":"location","notIn":"[parameters(''listOfAllowedLocations'')]"},{"field":"location","notEquals":"global"},{"field":"type","notEquals":"Microsoft.AzureActiveDirectory/b2cDirectories"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c","type":"Microsoft.Authorization/policyDefinitions","name":"e56962a6-4747-49cd-b67b-bf8b01975c4c"},{"properties":{"displayName":"Allowed - locations for resource groups","policyType":"BuiltIn","mode":"All","description":"This - policy enables you to restrict the locations your organization can create - resource groups in. Use to enforce your geo-compliance requirements.","metadata":{"category":"General"},"parameters":{"listOfAllowedLocations":{"type":"Array","metadata":{"description":"The - list of locations that resource groups can be created in.","strongType":"location","displayName":"Allowed - locations"}}},"policyRule":{"if":{"allOf":[{"field":"location","notIn":"[parameters(''listOfAllowedLocations'')]"},{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988","type":"Microsoft.Authorization/policyDefinitions","name":"e765b5de-1225-4ba3-bd56-1ac6695af988"},{"properties":{"displayName":"[Preview]: - Audit deprecated accounts with owner permissions on a subscription","policyType":"BuiltIn","mode":"All","description":"Deprecated - accounts with owner permissions should be removed from your subscription. Deprecated - accounts are accounts that have been blocked from signing in.","metadata":{"category":"Security - Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveDeprecatedAccountsWithOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad","type":"Microsoft.Authorization/policyDefinitions","name":"ebb62a0c-3560-49e1-89ed-27e074e9f8ad"},{"properties":{"displayName":"[Preview]: - Deploy VM extension to audit Linux VM allowing remote connections from accounts - with no passwords","policyType":"BuiltIn","mode":"Indexed","description":"Include - this rule to deploy the VM extensions for Microsoft Guest Configuration and - Microsoft Azure Managed Service Identity, and required content to check settings - inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, - and Python. This security setting verifies remote connections from accounts - with empty passwords is disabled.","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordPolicy_msid110","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordPolicy_msid110"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), - ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), - ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","type":"Microsoft.Authorization/policyDefinitions","name":"ec49586f-4939-402d-a29e-6ff502b20592"},{"properties":{"displayName":"[Preview]: - Deploy VM extension to audit Linux VM passwd file permissions","policyType":"BuiltIn","mode":"Indexed","description":"Include - this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft - Azure Managed Service Identity, and required content to check settings inside - the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and - Python. This security setting verifies /etc/passwd file permissions are set - to 0644 to prevent unauthorized changes that could allow access to the server.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordPolicy_msid121","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordPolicy_msid121"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), - ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), - ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","type":"Microsoft.Authorization/policyDefinitions","name":"f19aa1c1-6b91-4c27-ae6a-970279f03db9"},{"properties":{"displayName":"[Preview]: - Audit Log Analytics Workspace for VM - Report Mismatch","policyType":"BuiltIn","mode":"Indexed","description":"Reports - VMs as non-compliant if they not logging to the LA workspace specified in - the policy/initiative assignment.","metadata":{"category":"Monitoring"},"parameters":{"logAnalyticsWorkspaceId":{"type":"String","metadata":{"displayName":"Log - Analytics Workspace Id that VMs should be configured for","description":"This - is the Id (GUID) of the Log Analytics Workspace that the VMs should be configured - for."}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines/extensions"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/settings.workspaceId","notEquals":"[parameters(''logAnalyticsWorkspaceId'')]"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917","type":"Microsoft.Authorization/policyDefinitions","name":"f47b5582-33ec-4c5c-87c0-b010a6b2e917"},{"properties":{"displayName":"Audit - existence of authorization rules on Event Hub entities","policyType":"BuiltIn","mode":"All","description":"Audit - existence of authorization rules on Event Hub entities to grant least-privileged - access","metadata":{"category":"Event Hub"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces/eventhubs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.EventHub/namespaces/eventHubs/authorizationRules"}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d","type":"Microsoft.Authorization/policyDefinitions","name":"f4826e5f-6a27-407c-ae3e-9582eb39891d"},{"properties":{"displayName":"[Preview]: - Audit Windows VM enforces password complexity requirements","policyType":"BuiltIn","mode":"Indexed","description":"If - this policy is enabled, passwords must meet minimum requirements. See documentation - for full details at URL http://aka.ms/gcpol.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordMustMeetComplexityRequirements","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb","type":"Microsoft.Authorization/policyDefinitions","name":"f48b2913-1dc5-4834-8c72-ccc1dfd819bb"},{"properties":{"displayName":"Deploy - Auditing on SQL servers","policyType":"BuiltIn","mode":"Indexed","description":"This - policy ensures that Auditing is enabled on SQL Servers for enhanced security - and compliance. It will automatically create a storage account in the same - region as the SQL server to store audit records.","metadata":{"category":"SQL"},"parameters":{"retentionDays":{"type":"String","metadata":{"description":"The - value in days of the retention period (0 indicates unlimited retention)","displayName":"Retention - days (optional, 180 days if unspecified)"},"defaultValue":"180"},"storageAccountsResourceGroup":{"type":"String","metadata":{"displayName":"Resource - group name for storage accounts","description":"Auditing writes database events - to an audit log in your Azure Storage account (a storage account will be created - in each region where a SQL Server is created that will be shared by all servers - in that region). Important - for proper operation of Auditing do not delete - or rename the resource group or the storage accounts.","strongType":"existingResourceGroups"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"Default","existenceCondition":{"field":"Microsoft.Sql/auditingSettings.state","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3","/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"serverName":{"type":"string"},"auditRetentionDays":{"type":"string"},"storageAccountsResourceGroup":{"type":"string"},"location":{"type":"string"}},"variables":{"retentionDays":"[int(parameters(''auditRetentionDays''))]","subscriptionId":"[subscription().subscriptionId]","uniqueStorage":"[uniqueString(variables(''subscriptionId''), - parameters(''location''), parameters(''storageAccountsResourceGroup''))]","locationCode":"[substring(parameters(''location''), - 0, 3)]","storageName":"[tolower(concat(''sqlaudit'', variables(''locationCode''), - variables(''uniqueStorage'')))]","createStorageAccountDeploymentName":"[concat(''sqlServerAuditingStorageAccount-'', - uniqueString(variables(''locationCode''), parameters(''serverName'')))]"},"resources":[{"apiVersion":"2017-05-10","name":"[variables(''createStorageAccountDeploymentName'')]","type":"Microsoft.Resources/deployments","resourceGroup":"[parameters(''storageAccountsResourceGroup'')]","properties":{"mode":"Incremental","parameters":{"location":{"value":"[parameters(''location'')]"},"storageName":{"value":"[variables(''storageName'')]"}},"templateLink":{"uri":"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json","contentVersion":"1.0.0.0"}}},{"name":"[concat(parameters(''serverName''), - ''/Default'')]","type":"Microsoft.Sql/servers/auditingSettings","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","storageEndpoint":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountEndPoint.value]","storageAccountAccessKey":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountKey.value]","retentionDays":"[variables(''retentionDays'')]","auditActionsAndGroups":null,"storageAccountSubscriptionId":"[subscription().subscriptionId]","isStorageSecondaryKeyInUse":false}}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"auditRetentionDays":{"value":"[parameters(''retentionDays'')]"},"storageAccountsResourceGroup":{"value":"[parameters(''storageAccountsResourceGroup'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036","type":"Microsoft.Authorization/policyDefinitions","name":"f4c68484-132f-41f9-9b6d-3e4b1cb55036"},{"properties":{"displayName":"[Preview]: - Audit external accounts with owner permissions on a subscription","policyType":"BuiltIn","mode":"All","description":"External - accounts with owner permissions should be removed from your subscription in - order to prevent unmonitored access.","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWithOwnerPermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9","type":"Microsoft.Authorization/policyDefinitions","name":"f8456c1c-aa66-4dfb-861a-25d127b775c9"},{"properties":{"displayName":"Audit - enabling of diagnostic logs in Service Bus","policyType":"BuiltIn","mode":"Indexed","description":"Audit - enabling of logs and retain them up to a year. This enables you to recreate - activity trails for investigation purposes when a security incident occurs - or your network is compromised","metadata":{"category":"Service Bus"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required - retention (days)","description":"The required diagnostic logs retention in - days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.ServiceBus/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45","type":"Microsoft.Authorization/policyDefinitions","name":"f8d36e2f-389b-4ee4-898d-21aeb69a0f45"},{"properties":{"displayName":"Audit - enabling of diagnostic logs in Azure Stream Analytics","policyType":"BuiltIn","mode":"Indexed","description":"Audit - enabling of logs and retain them up to a year. This enables you to recreate - activity trails for investigation purposes when a security incident occurs - or your network is compromised","metadata":{"category":"Stream Analytics"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"},"requiredRetentionDays":{"type":"String","metadata":{"displayName":"Required - retention (days)","description":"The required diagnostic logs retention in - days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.StreamAnalytics/streamingJobs"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46","type":"Microsoft.Authorization/policyDefinitions","name":"f9be5368-9bf5-4b84-9e0a-7850da98bb46"},{"properties":{"displayName":"[Preview]: - Monitor SQL vulnerability assessment results in Azure Security Center","policyType":"BuiltIn","mode":"Indexed","description":"Monitor - Vulnerability Assessment scan results and recommendations for how to remediate - database vulnerabilities.","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Sql/servers/databases","Microsoft.Sql/managedinstances/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"sqlVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","type":"Microsoft.Authorization/policyDefinitions","name":"feedbf84-6b99-488c-acc2-71c829aa5ffc"},{"properties":{"displayName":"[cstack] - No-op policy","policyType":"Custom","mode":"All","description":"This policy - does nothing","metadata":{"category":"cstack"},"parameters":{},"policyRule":{"if":{"not":{"field":"name","like":"*"}},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest8/providers/Microsoft.Authorization/policyDefinitions/b485e1ef-eea6-4b69-8933-1ef6b08720a9","type":"Microsoft.Authorization/policyDefinitions","name":"b485e1ef-eea6-4b69-8933-1ef6b08720a9"},{"properties":{"policyType":"Custom","policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"True"}}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementgroups/AzGovTest8/providers/Microsoft.Authorization/policyDefinitions/test1","type":"Microsoft.Authorization/policyDefinitions","name":"test1"},{"properties":{"displayName":"jilim - mg no sub","policyType":"Custom","mode":"All","metadata":{},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources.","strongType":"location"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/51c286c0-25b6-4a16-b53b-208fd346d285","type":"Microsoft.Authorization/policyDefinitions","name":"51c286c0-25b6-4a16-b53b-208fd346d285"},{"properties":{"displayName":"sdfsfsdfsdfsdf","policyType":"Custom","mode":"All","metadata":{},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources.","strongType":"location"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest7/providers/Microsoft.Authorization/policyDefinitions/e1d7de9f-42f0-4af1-9ee0-0187bfce093e","type":"Microsoft.Authorization/policyDefinitions","name":"e1d7de9f-42f0-4af1-9ee0-0187bfce093e"},{"properties":{"displayName":"Azure - KeyVault Allowed Locations","policyType":"Custom","mode":"All","description":"Azure - KeyVault Allowed Locations","metadata":{"category":"Key Vault"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources.","strongType":"location"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.KeyVault/vaults"},{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest5/providers/Microsoft.Authorization/policyDefinitions/e1d7de9f-42f0-4af1-9ee0-0187bfce08d5","type":"Microsoft.Authorization/policyDefinitions","name":"e1d7de9f-42f0-4af1-9ee0-0187bfce08d5"},{"properties":{"displayName":"rohitbh - sql server threat detection","policyType":"Custom","mode":"all","metadata":{},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/securityAlertPolicies","name":"Default","existenceCondition":{"field":"Microsoft.Sql/securityAlertPolicies.state","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"serverName":{"type":"string"}},"variables":{},"resources":[{"name":"[concat(parameters(''serverName''), - ''/Default'')]","type":"Microsoft.Sql/servers/securityAlertPolicies","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","emailAccountAdmins":true}}]},"parameters":{"serverName":{"value":"[field(''name'')]"}}}}}}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest3/providers/Microsoft.Authorization/policyDefinitions/99b560dc-8924-4ba4-8467-adf1fdf04660","type":"Microsoft.Authorization/policyDefinitions","name":"99b560dc-8924-4ba4-8467-adf1fdf04660"},{"properties":{"displayName":"Audit - storage account SKUs","policyType":"Custom","mode":"All","metadata":{"category":"Demo - 323"},"parameters":{"listOfAllowedSKUs":{"type":"Array","metadata":{"displayName":"Audited - skus","description":"The list of skus.","strongType":"storageSkus"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest3/providers/Microsoft.Authorization/policyDefinitions/ced9d1e5-109c-4e0b-a447-afbf649db203","type":"Microsoft.Authorization/policyDefinitions","name":"ced9d1e5-109c-4e0b-a447-afbf649db203"},{"properties":{"displayName":"Audit - virtual machines SKUs","policyType":"Custom","mode":"All","metadata":{"category":"Demo - 323"},"parameters":{"listOfAllowedSKUs":{"type":"Array","metadata":{"displayName":"List - Of Allowed SKUs","description":"The list of allowed locations for resources.","strongType":"vmSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"field":"Microsoft.Compute/virtualMachines/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest3/providers/Microsoft.Authorization/policyDefinitions/ced9d1e5-109c-4e0b-a447-afbf649db22a","type":"Microsoft.Authorization/policyDefinitions","name":"ced9d1e5-109c-4e0b-a447-afbf649db22a"},{"properties":{"displayName":"carolyn - location on mg test1","policyType":"Custom","mode":"All","parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources."}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/022d9357-5a90-46f7-9554-21d30ce4c32d","type":"Microsoft.Authorization/policyDefinitions","name":"022d9357-5a90-46f7-9554-21d30ce4c32d"},{"properties":{"displayName":"Paige - and Haishi say that Managed Disk is Required","policyType":"Custom","mode":"All","metadata":{},"parameters":{},"policyRule":{"if":{"allOf":[{"allOf":[{"field":"type","equals":"microsoft.compute/virtualmachines"},{"field":"Microsoft.Compute/virtualMachines/storageProfile.osDisk.managedDisk.id","equals":""}]},{"field":"tags.environment","equals":"Prod"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/0cd998fe-ceeb-43ae-b6ca-be6b9b093845","type":"Microsoft.Authorization/policyDefinitions","name":"0cd998fe-ceeb-43ae-b6ca-be6b9b093845"},{"properties":{"displayName":"Audit - East US location","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources.","strongType":"location"}}},"policyRule":{"if":{"field":"location","in":"[parameters(''allowedLocations'')]"},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/0f6988e2-f000-4793-b8ef-02ed2b8fa049","type":"Microsoft.Authorization/policyDefinitions","name":"0f6988e2-f000-4793-b8ef-02ed2b8fa049"},{"properties":{"displayName":"custom - allowed values","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources.","strongType":"location"},"allowedValues":["eastus","westus","southus"]},"allowedLocation":{"type":"String","metadata":{"displayName":"Allowed - location","description":"The allowed location for resources.","strongType":"location"},"allowedValues":["eastus","westus","southus"]},"allowedStorageSKUs":{"type":"Array","metadata":{"displayName":"Allowed - storage SKUs","description":"The list of allowed storage SKUs for resources.","strongType":"storageSkus"},"allowedValues":["Standard_LRS","Standard_ZRS","Standard_GRS"]},"allowedStorageSKU":{"type":"String","metadata":{"displayName":"Allowed - storage SKU","description":"The allowed storage SKU for resources.","strongType":"storageSkus"},"allowedValues":["Standard_LRS","Standard_ZRS","Standard_GRS"]},"allowedTags":{"type":"Array","metadata":{"displayName":"Allowed - tags","description":"The list of allowed tags."},"allowedValues":["FirstName","LastName","Age"]},"allowedTag":{"type":"String","metadata":{"displayName":"Allowed - tag","description":"The allowed tag."},"allowedValues":["FirstName","LastName","Age"]}},"policyRule":{"if":{"allOf":[{"field":"location","in":"[parameters(''allowedLocations'')]"},{"field":"location","equals":"[parameters(''allowedLocation'')]"},{"field":"location","in":"[parameters(''allowedStorageSkus'')]"},{"field":"location","equals":"[parameters(''allowedStorageSku'')]"},{"field":"location","in":"[parameters(''allowedTags'')]"},{"field":"location","equals":"[parameters(''allowedTag'')]"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/15ffe5ee-6e86-4ee6-96ca-20990f8c7202","type":"Microsoft.Authorization/policyDefinitions","name":"15ffe5ee-6e86-4ee6-96ca-20990f8c7202"},{"properties":{"displayName":"rohitbh: - Definition to be deleted.","policyType":"Custom","mode":"indexed","description":"This - policy will deploy a key vault named KV_B if a key vault named KV_A does not - exist.","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.KeyVault/vaults","existenceCondition":{"field":"name","equals":"KV_B"},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","resources":[{"apiVersion":"2016-10-01","name":"KV_A","type":"Microsoft.KeyVault/vaults","location":"eastus2","properties":{"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","sku":{"family":"A","name":"standard"},"accessPolicies":[]}}]}}}}}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/1a4d4a82-b0a9-4860-b066-a990a2d0116d","type":"Microsoft.Authorization/policyDefinitions","name":"1a4d4a82-b0a9-4860-b066-a990a2d0116d"},{"properties":{"displayName":"[Audit] - Test policy in MG","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources."}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/20929e43-ae09-4aac-b8ce-05a42434a1ec","type":"Microsoft.Authorization/policyDefinitions","name":"20929e43-ae09-4aac-b8ce-05a42434a1ec"},{"properties":{"displayName":"Audit - storage sku","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{"allowedStorageSKUs":{"type":"Array","metadata":{"displayName":"Storage - SKUs","description":"The list of storage SKUs.","strongType":"storageSkus"}},"allowedStorageSKU":{"type":"String","metadata":{"displayName":"Storage - SKU","description":"The storage SKU.","strongType":"storageSkus"}}},"policyRule":{"if":{"allOf":[{"field":"location","in":"[parameters(''allowedStorageSKUs'')]"},{"field":"location","equals":"[parameters(''allowedStorageSKU'')]"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/20929e43-ae09-4aac-b8ce-05a42434a9af","type":"Microsoft.Authorization/policyDefinitions","name":"20929e43-ae09-4aac-b8ce-05a42434a9af"},{"properties":{"displayName":"Enforce - tag and its value on resource groups","policyType":"Custom","mode":"All","description":"Enforces - a required tag and its value on resource groups.","metadata":{},"parameters":{"tagName":{"type":"String","metadata":{"description":"Name - of the tag, such as costCenter","strongType":"tagName"}},"tagValue":{"type":"String","metadata":{"description":"Value - of the tag, such as headquarter","strongType":"tagValue"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"not":{"field":"[concat(''tags['',parameters(''tagName''), - '']'')]","equals":"[parameters(''tagValue'')]"}}]},"then":{"effect":"deny"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/2730ec21-8461-41e9-b2ad-d218259d5027","type":"Microsoft.Authorization/policyDefinitions","name":"2730ec21-8461-41e9-b2ad-d218259d5027"},{"properties":{"displayName":"Audit - storage accounts open to all public network","policyType":"Custom","mode":"All","parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"field":"Microsoft.Storage/storageAccounts/networkAcls.defaultAction","notequals":"Deny"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/39ffa2bb-a9d5-436d-9a79-db5dd635e0f5","type":"Microsoft.Authorization/policyDefinitions","name":"39ffa2bb-a9d5-436d-9a79-db5dd635e0f5"},{"properties":{"displayName":"VMs - with no Managed Disk","policyType":"Custom","mode":"all","description":"Deny - all VMs with no Managed Disk","metadata":{"category":"General"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"microsoft.compute/virtualmachines"},{"field":"Microsoft.Compute/virtualMachines/storageProfile.dataDisks[*].managedDisk.id","notlike":"*"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/5361f680-fa96-49ef-9be2-a58d8d797571","type":"Microsoft.Authorization/policyDefinitions","name":"5361f680-fa96-49ef-9be2-a58d8d797571"},{"properties":{"displayName":"Audit - allowed resource groups","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{"allowedResourceGroups":{"type":"Array","metadata":{"displayName":"Allowed - resource groups","description":"The list of allowed resource groups.","strongType":"existingResourceGroups"}}},"policyRule":{"if":{"not":{"field":"Tags.resourceGroup","in":"[parameters(''allowedResourceGroups'')]"}},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/72c0c41a-c752-4bc0-9c61-0d6adc567066","type":"Microsoft.Authorization/policyDefinitions","name":"72c0c41a-c752-4bc0-9c61-0d6adc567066"},{"properties":{"displayName":"OMS - workspace test","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{"omsWorkspace":{"type":"String","metadata":{"displayName":"OMS - Workspace","description":"The list of OMS Workspaces.","strongType":"omsWorkspace"}}},"policyRule":{"if":{"field":"location","equals":"[parameters(''omsWorkspace'')]"},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/9c1ba477-ff0c-41ea-8a5d-826c4ca18208","type":"Microsoft.Authorization/policyDefinitions","name":"9c1ba477-ff0c-41ea-8a5d-826c4ca18208"},{"properties":{"displayName":"test","policyType":"Custom","mode":"All","metadata":{},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources."}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/9e86943a-258f-4b19-9671-24ceaa5e306a","type":"Microsoft.Authorization/policyDefinitions","name":"9e86943a-258f-4b19-9671-24ceaa5e306a"},{"properties":{"displayName":"Carolyn - mg definition test1","policyType":"Custom","mode":"All","parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources."}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/a2c0414b-82e4-459d-97d5-94c79a89232c","type":"Microsoft.Authorization/policyDefinitions","name":"a2c0414b-82e4-459d-97d5-94c79a89232c"},{"properties":{"displayName":"Parameters - and allowed values","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{"locations":{"type":"Array","metadata":{"displayName":"Strong - type (no scope, array)","description":"The list of locations for resources.","strongType":"location"}},"location":{"type":"String","metadata":{"displayName":"Strong - type (no scope, string)","description":"The location for resources.","strongType":"location"}},"resourceGroups":{"type":"Array","metadata":{"displayName":"Strong - type (array)","description":"The list of resource groups.","strongType":"existingResourceGroups"}},"resourceGroup":{"type":"String","metadata":{"displayName":"Strong - type (string)","description":"The resource group.","strongType":"existingResourceGroups"}},"tags":{"type":"Array","metadata":{"displayName":"Non - strong type (array)","description":"The list of tags."}},"tag":{"type":"String","metadata":{"displayName":"Non - strong type (string)","description":"The tag."}},"allowedLocations":{"type":"Array","metadata":{"displayName":"Strong - type (no scope, array, av)","description":"The list of allowed locations for - resources.","strongType":"location"},"allowedValues":["eastus","westus","southus","eastus2","uksouth","japaneast","westcentralus","canadacentral","indiacentral"]},"allowedLocation":{"type":"String","metadata":{"displayName":"Strong - type (no scope, string, av)","description":"The allowed location for resources.","strongType":"location"},"allowedValues":["eastus","westus","southus","eastus2","uksouth","japaneast","westcentralus","canadacentral","indiacentral"]},"allowedStorageSkus":{"type":"Array","metadata":{"displayName":"Strong - type (array, av)","description":"The list of allowed storage SKUs for resources.","strongType":"storageSkus"},"allowedValues":["Standard_LRS","Standard_ZRS","Standard_GRS"]},"allowedStorageSku":{"type":"String","metadata":{"displayName":"Strong - type (string, av)","description":"The allowed storage SKU for resources.","strongType":"storageSkus"},"allowedValues":["Standard_LRS","Standard_ZRS","Standard_GRS"]},"allowedTags":{"type":"Array","metadata":{"displayName":"Non - strong type (array, av)","description":"The list of allowed tags."},"allowedValues":["FirstName","LastName","Age"]},"allowedTag":{"type":"String","metadata":{"displayName":"Non - strong type (string, av)","description":"The allowed tag."},"allowedValues":["FirstName","LastName","Age"]}},"policyRule":{"if":{"allOf":[{"field":"location","in":"[parameters(''locations'')]"},{"field":"location","equals":"[parameters(''location'')]"},{"field":"location","in":"[parameters(''resourceGroups'')]"},{"field":"location","equals":"[parameters(''resourceGroup'')]"},{"field":"location","in":"[parameters(''tags'')]"},{"field":"location","equals":"[parameters(''tag'')]"},{"field":"location","in":"[parameters(''allowedLocations'')]"},{"field":"location","equals":"[parameters(''allowedLocation'')]"},{"field":"location","in":"[parameters(''allowedStorageSkus'')]"},{"field":"location","equals":"[parameters(''allowedStorageSku'')]"},{"field":"location","in":"[parameters(''allowedTags'')]"},{"field":"location","equals":"[parameters(''allowedTag'')]"}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Management/managementGroups/AzGovTest1/providers/Microsoft.Authorization/policyDefinitions/e6440295-d0ac-472b-949b-1cf289618198","type":"Microsoft.Authorization/policyDefinitions","name":"e6440295-d0ac-472b-949b-1cf289618198"}]}'} + body: {string: '{"id":"/providers/Microsoft.Management/managementGroups/cli-test-mgmt-group000002","type":"/providers/Microsoft.Management/managementGroups","name":"cli-test-mgmt-group000002","status":"Succeeded"}'} headers: cache-control: [no-cache] - content-length: ['192069'] + content-length: ['207'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:40:35 GMT'] + date: ['Tue, 27 Nov 2018 05:09:05 GMT'] expires: ['-1'] pragma: [no-cache] + request-id: [8a35f7fe-9226-4ccd-81ba-2ce547ac4cdb] + server: [Microsoft-IIS/8.5] strict-transport-security: [max-age=31536000; includeSubDomains] transfer-encoding: [chunked] vary: ['Accept-Encoding,Accept-Encoding'] + x-aspnet-version: [4.0.30319] + x-ba-restapi: [1.0.3.1223] x-content-type-options: [nosniff] + x-powered-by: [ASP.NET] status: {code: 200, message: OK} - request: body: null @@ -1271,9 +360,10 @@ interactions: Connection: [keep-alive] Content-Length: ['0'] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 + ParameterSetName: [--name --yes --no-wait] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 msrest_azure/0.4.34 resourcemanagementclient/2.0.0 Azure-SDK-For-Python - AZURECLI/2.0.48] + AZURECLI/2.0.52] accept-language: [en-US] method: DELETE uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/cli_test_policyset_management_group000001?api-version=2018-05-01 @@ -1282,9 +372,9 @@ interactions: headers: cache-control: [no-cache] content-length: ['0'] - date: ['Mon, 22 Oct 2018 19:40:35 GMT'] + date: ['Tue, 27 Nov 2018 05:09:07 GMT'] expires: ['-1'] - location: ['https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/operationresults/eyJqb2JJZCI6IlJFU09VUkNFR1JPVVBERUxFVElPTkpPQi1DTEk6NUZURVNUOjVGUE9MSUNZU0VUOjVGTUFOQUdFTUVOVDo1RkdST1VQQ0RIVHw1Q0FBRjJENDJGNTY4NDA2LVdFU1RVUyIsImpvYkxvY2F0aW9uIjoid2VzdHVzIn0?api-version=2018-05-01'] + location: ['https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/operationresults/eyJqb2JJZCI6IlJFU09VUkNFR1JPVVBERUxFVElPTkpPQi1DTEk6NUZURVNUOjVGUE9MSUNZU0VUOjVGTUFOQUdFTUVOVDo1RkdST1VQR0xDTnwyNjhERjEzNEUxN0Q0MDgzLVdFU1RVUyIsImpvYkxvY2F0aW9uIjoid2VzdHVzIn0?api-version=2018-05-01'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] x-content-type-options: [nosniff] diff --git a/src/command_modules/azure-cli-resource/azure/cli/command_modules/resource/tests/latest/recordings/test_show_built_in_policy.yaml b/src/command_modules/azure-cli-resource/azure/cli/command_modules/resource/tests/latest/recordings/test_show_built_in_policy.yaml index 1afe6c50094..000151db770 100644 --- a/src/command_modules/azure-cli-resource/azure/cli/command_modules/resource/tests/latest/recordings/test_show_built_in_policy.yaml +++ b/src/command_modules/azure-cli-resource/azure/cli/command_modules/resource/tests/latest/recordings/test_show_built_in_policy.yaml @@ -7,8 +7,9 @@ interactions: CommandName: [policy definition list] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [--query] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions?api-version=2018-03-01 @@ -20,7 +21,9 @@ interactions: Analytics workspace","description":"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant ''Log Analytics Contributor'' permissions (or similar) to the - policy assignment''s principal ID.","strongType":"omsWorkspace"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","sles-byos"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"OmsAgentForLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"OmsAgentForLinux","vmExtensionTypeHandlerVersion":"1.7"},"resources":[{"name":"[concat(parameters(''vmName''), + policy assignment''s principal ID.","strongType":"omsWorkspace"}},"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"OmsAgentForLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"OmsAgentForLinux","vmExtensionTypeHandlerVersion":"1.7"},"resources":[{"name":"[concat(parameters(''vmName''), ''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''), ''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''), ''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled @@ -34,7 +37,7 @@ interactions: days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataLakeStore/accounts"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb","type":"Microsoft.Authorization/policyDefinitions","name":"057ef27e-665e-4328-8ea3-04b3122bd9fb"},{"properties":{"displayName":"Audit SQL DB Level Audit Setting","policyType":"BuiltIn","mode":"All","description":"Audit DB level audit setting for SQL databases","metadata":{"category":"SQL","deprecated":true},"parameters":{"setting":{"type":"String","metadata":{"displayName":"Audit - Setting"},"allowedValues":["enabled","disabled"]}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers/databases"},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Sql/servers/databases/auditingSettings","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/auditingSettings.state","equals":"[parameters(''setting'')]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"Audit + Setting"},"allowedValues":["enabled","disabled"]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Sql/servers/databases/auditingSettings","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/auditingSettings.state","equals":"[parameters(''setting'')]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"Audit VMs that do not use managed disks","policyType":"BuiltIn","mode":"All","description":"This policy audits VMs that do not use managed disks","metadata":{"category":"Compute"},"parameters":{},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/virtualMachines/osDisk.uri","exists":"True"}]},{"allOf":[{"field":"type","equals":"Microsoft.Compute/VirtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers","exists":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl","exists":"True"}]}]}]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a4d"},{"properties":{"displayName":"[Preview]: Deploy Log Analytics Agent for Windows VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy @@ -43,7 +46,9 @@ interactions: Analytics workspace","description":"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant ''Log Analytics Contributor'' permissions (or similar) to the - policy assignment''s principal ID.","strongType":"omsWorkspace"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"MicrosoftMonitoringAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"MicrosoftMonitoringAgent","vmExtensionTypeHandlerVersion":"1.0"},"resources":[{"name":"[concat(parameters(''vmName''), + policy assignment''s principal ID.","strongType":"omsWorkspace"}},"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + values: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"MicrosoftMonitoringAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"MicrosoftMonitoringAgent","vmExtensionTypeHandlerVersion":"1.0"},"resources":[{"name":"[concat(parameters(''vmName''), ''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''), ''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''), ''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled @@ -60,21 +65,36 @@ interactions: that the resource location matches its resource group location","metadata":{"category":"General"},"policyRule":{"if":{"field":"location","notIn":["[resourcegroup().location]","global"]},"then":{"effect":"audit"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a","type":"Microsoft.Authorization/policyDefinitions","name":"0a914e76-4921-4c19-b460-a2d36003525a"},{"properties":{"displayName":"[Preview]: Audit Dependency Agent Deployment - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the - agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","sles-byos"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.2-LTS","14.04.3-LTS","14.04.4-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","type":"Microsoft.Authorization/policyDefinitions","name":"11ac78e3-31bc-4f0c-8434-37ab963cea07"},{"properties":{"displayName":"[Preview]: + agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude_windows":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","type":"Microsoft.Authorization/policyDefinitions","name":"11ac78e3-31bc-4f0c-8434-37ab963cea07"},{"properties":{"displayName":"[Preview]: + Deploy VM extension to audit application inside Windows VMs must be present","policyType":"BuiltIn","mode":"Indexed","description":"Include + this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft + Azure Managed Service Identity, and required content to audit applications + inside Windows VMs must be present.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"installedApplication":{"type":"String","metadata":{"displayName":"Application + name (supports wildcard)","description":"Application name. Example: ''Microsoft + SQL Server 2014 (64-bit)'' or ''Microsoft SQL Server 2014*'' to match any + application starting with ''Microsoft SQL Server 2014''."}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"WhitelistedApplication","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"WhitelistedApplication"},"installedApplication":{"value":"[parameters(''installedApplication'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"installedApplication":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]bwhitelistedapp;Name","value":"[Parameters(''installedApplication'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), + ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6","type":"Microsoft.Authorization/policyDefinitions","name":"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6"},{"properties":{"displayName":"[Preview]: Deploy VM extension to audit Windows VM minimum password age 1 day","policyType":"BuiltIn","mode":"Indexed","description":"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password must be used before the user can change it.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"MinimumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"MinimumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"MinimumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"MinimumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","type":"Microsoft.Authorization/policyDefinitions","name":"16390df4-2f73-4b42-af13-c801066763df"},{"properties":{"displayName":"Audit transparent data encryption status","policyType":"BuiltIn","mode":"Indexed","description":"Audit transparent data encryption status for SQL databases","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers/databases"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"enabled"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"17k78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"[Preview]: + or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"enabled"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"17k78e20-9358-41c9-923c-fb736d382a12"},{"properties":{"displayName":"[Preview]: Deploy Dependency Agent for Windows VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined - and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentWindows"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentWindows","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''), + and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentWindows"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentWindows","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''), ''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04","type":"Microsoft.Authorization/policyDefinitions","name":"1c210e94-a481-4beb-95fa-1571b434fb04"},{"properties":{"displayName":"Audit use of classic virtual machines","policyType":"BuiltIn","mode":"All","description":"Use @@ -111,7 +131,7 @@ interactions: Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the least number of characters that a password for a user account may contain.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"MinimumPasswordLength","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"MinimumPasswordLength"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"MinimumPasswordLength","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"MinimumPasswordLength"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","type":"Microsoft.Authorization/policyDefinitions","name":"23020aa6-1135-4be2-bae2-149982b06eca"},{"properties":{"displayName":"[Preview]: Audit Windows VM maximum password age 70 days","policyType":"BuiltIn","mode":"Indexed","description":"This @@ -152,13 +172,17 @@ interactions: is disabled.","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"PasswordPolicy_msid110","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83","type":"Microsoft.Authorization/policyDefinitions","name":"2d67222d-05fd-4526-a171-2ee132ad9e83"},{"properties":{"displayName":"[Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the - agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","sles-byos"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","type":"Microsoft.Authorization/policyDefinitions","name":"32133ab0-ee4b-4b44-98d6-042180979d50"},{"properties":{"displayName":"[Preview]: + agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude_windows":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","type":"Microsoft.Authorization/policyDefinitions","name":"32133ab0-ee4b-4b44-98d6-042180979d50"},{"properties":{"displayName":"[Preview]: Deploy VM extension to audit Linux VM accounts with no passwords","policyType":"BuiltIn","mode":"Indexed","description":"Include this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies there are no accounts without passwords.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordPolicy_msid232","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordPolicy_msid232"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordPolicy_msid232","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordPolicy_msid232"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","type":"Microsoft.Authorization/policyDefinitions","name":"3470477a-b35a-49db-aca5-1073d04524fe"},{"properties":{"displayName":"Audit unrestricted network access to storage accounts","policyType":"BuiltIn","mode":"Indexed","description":"Audit @@ -180,7 +204,7 @@ interactions: Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password can be used before the system requires the user to change - it.","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"MaximumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"MaximumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + it.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"MaximumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"MaximumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","type":"Microsoft.Authorization/policyDefinitions","name":"356a906e-05e5-4625-8729-90771e0ee934"},{"properties":{"displayName":"Audit enablement of encryption of Automation account variables","policyType":"BuiltIn","mode":"All","description":"It @@ -196,7 +220,31 @@ interactions: Resource Manager based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management","metadata":{"category":"Storage"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.classicStorage/storageAccounts"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","type":"Microsoft.Authorization/policyDefinitions","name":"37e0d2fe-28a5-43d6-a273-67d37d1f5606"},{"properties":{"displayName":"Deploy + or disable the execution of the policy"},"allowedValues":["Audit","Disabled"],"defaultValue":"Audit"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.classicStorage/storageAccounts"},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606","type":"Microsoft.Authorization/policyDefinitions","name":"37e0d2fe-28a5-43d6-a273-67d37d1f5606"},{"properties":{"displayName":"[Preview]: + Deploy Dependency Agent for Windows VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy + Dependency Agent for Windows VM Scale Sets if the VM Image (OS) is in the + list defined and the agent is not installed. Note: if your scale set upgradePolicy + is set to Manual, you need to apply the extension to the all VMs in the set + by calling upgrade on them. In CLI this would be az vmss update-instances.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"DependencyAgentWindows"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentWindows","vmExtensionTypeHandlerVersion":"9.7"},"resources":[{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","name":"[concat(parameters(''vmName''), + ''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled + extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9","type":"Microsoft.Authorization/policyDefinitions","name":"3be22e3b-d919-47aa-805e-8985dbeb0ad9"},{"properties":{"displayName":"[Preview]: + Deploy Log Analytics Agent for Windows VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy + Log Analytics Agent for Windows VM Scale Sets if the VM Image (OS) is in the + list defined and the agent is not installed. Note: if your scale set upgradePolicy + is set to Manual, you need to apply the extension to the all VMs in the set + by calling upgrade on them. In CLI this would be az vmss update-instances.","metadata":{"category":"Monitoring"},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log + Analytics workspace","description":"Select Log Analytics workspace from dropdown + list. If this workspace is outside of the scope of the assignment you must + manually grant ''Log Analytics Contributor'' permissions (or similar) to the + policy assignment''s principal ID.","strongType":"omsWorkspace"}},"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293","/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"MicrosoftMonitoringAgent"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"MicrosoftMonitoringAgent","vmExtensionTypeHandlerVersion":"1.0"},"resources":[{"name":"[concat(parameters(''vmName''), + ''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachineScaleSets/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''), + ''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''), + ''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled + extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038","type":"Microsoft.Authorization/policyDefinitions","name":"3c1b3629-c8f8-4bf6-862c-037cb9094038"},{"properties":{"displayName":"Deploy default Log Analytics Agent for Ubuntu VMs","policyType":"BuiltIn","mode":"Indexed","description":"This policy deploys the Log Analytics Agent on Ubuntu VMs, and connects to the selected Log Analytics workspace","metadata":{"category":"Compute","deprecated":true},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log @@ -244,7 +292,9 @@ interactions: parameters(''tagName''), '']'')]","value":"[parameters(''tagValue'')]"}]}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71","type":"Microsoft.Authorization/policyDefinitions","name":"49c88fc8-6fd1-46fd-a676-f12d1d3a4c71"},{"properties":{"displayName":"[Preview]: Deploy Dependency Agent for Linux VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined - and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.2-LTS","14.04.3-LTS","14.04.4-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","sles-byos"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentLinux","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''), + and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentLinux","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''), ''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee","type":"Microsoft.Authorization/policyDefinitions","name":"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee"},{"properties":{"displayName":"[Preview]: Audit maximum number of owners for a subscription","policyType":"BuiltIn","mode":"All","description":"It @@ -258,13 +308,39 @@ interactions: Audit Windows VM passwords must be at least 14 characters","policyType":"BuiltIn","mode":"Indexed","description":"This security setting determines the least number of characters that a password for a user account may contain.","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"MinimumPasswordLength","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec","type":"Microsoft.Authorization/policyDefinitions","name":"5aebc8d1-020d-4037-89a0-02043a7524ec"},{"properties":{"displayName":"[Preview]: + Audit Log Analytics Agent Deployment in VMSS - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports + VMSS as non-compliant if the VM Image (OS) is not in the list defined and + the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude_windows":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","type":"Microsoft.Authorization/policyDefinitions","name":"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138"},{"properties":{"displayName":"[Preview]: Audit external accounts with write permissions on a subscription","policyType":"BuiltIn","mode":"All","description":"External accounts with write privileges should be removed from your subscription in order to prevent unmonitored access.","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","type":"Microsoft.Authorization/policyDefinitions","name":"5c607a2e-c700-4744-8254-d77e7c9eb5e4"},{"properties":{"displayName":"Allow + or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"RemoveExternalAccountsWritePermissions","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4","type":"Microsoft.Authorization/policyDefinitions","name":"5c607a2e-c700-4744-8254-d77e7c9eb5e4"},{"properties":{"displayName":"[Preview]: + Audit application inside Windows VMs must be present","policyType":"BuiltIn","mode":"Indexed","description":"This + policy will audit instances of applications running inside Windows virtual + machines, to verify that the application exists.","metadata":{"category":"Guest + Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WhitelistedApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9","type":"Microsoft.Authorization/policyDefinitions","name":"5e393799-e3ca-4e43-a9a5-0ec4648a57d9"},{"properties":{"displayName":"Allow resource creation only in India data centers","policyType":"BuiltIn","description":"Allows resource creation in the following locations only: West India, South India, Central India","metadata":{"category":"General","deprecated":true},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["westindia","southindia","centralindia"]}},"then":{"effect":"Deny"}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54","type":"Microsoft.Authorization/policyDefinitions","name":"5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54"},{"properties":{"displayName":"[Preview]: + Deploy Log Analytics Agent for Linux VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy + Log Analytics Agent for Linux VM Scale Sets if the VM Image (OS) is in the + list defined and the agent is not installed. Note: if your scale set upgradePolicy + is set to Manual, you need to apply the extension to the all VMs in the set + by calling upgrade on them. In CLI this would be az vmss update-instances.","metadata":{"category":"Monitoring"},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log + Analytics workspace","description":"Select Log Analytics workspace from dropdown + list. If this workspace is outside of the scope of the assignment you must + manually grant ''Log Analytics Contributor'' permissions (or similar) to the + policy assignment''s principal ID.","strongType":"omsWorkspace"}},"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293","/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"OmsAgentForLinux"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"OmsAgentForLinux","vmExtensionTypeHandlerVersion":"1.7"},"resources":[{"name":"[concat(parameters(''vmName''), + ''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachineScaleSets/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''), + ''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''), + ''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled + extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069","type":"Microsoft.Authorization/policyDefinitions","name":"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069"},{"properties":{"displayName":"[Preview]: Audit external accounts with read permissions on a subscription","policyType":"BuiltIn","mode":"All","description":"External accounts with read privileges should be removed from your subscription in order to prevent unmonitored access.","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable @@ -302,7 +378,7 @@ interactions: Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the number of unique new passwords that have to be associated with a user account before an old - password can be reused.","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"EnforcePasswordHistory","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"EnforcePasswordHistory"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + password can be reused.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"EnforcePasswordHistory","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"EnforcePasswordHistory"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","type":"Microsoft.Authorization/policyDefinitions","name":"726671ac-c4de-4908-8c7d-6043ae62e3b6"},{"properties":{"displayName":"Allowed storage account SKUs","policyType":"BuiltIn","description":"This policy enables @@ -318,7 +394,16 @@ interactions: vulnerabilities detected by Vulnerability Assessment solution and VMs without a Vulnerability Assessment solution in Azure Security Center as recommendations.","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"vulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","type":"Microsoft.Authorization/policyDefinitions","name":"760a85ff-6162-42b3-8d70-698e268f648c"},{"properties":{"displayName":"Audit + or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"vulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c","type":"Microsoft.Authorization/policyDefinitions","name":"760a85ff-6162-42b3-8d70-698e268f648c"},{"properties":{"displayName":"[Preview]: + Deploy Dependency Agent for Linux VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy + Dependency Agent for Linux VM Scale Sets if the VM Image (OS) is in the list + defined and the agent is not installed. Note: if your scale set upgradePolicy + is set to Manual, you need to apply the extension to the all VMs in the set + by calling upgrade on them. In CLI this would be az vmss update-instances.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentLinux","vmExtensionTypeHandlerVersion":"9.7"},"resources":[{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","name":"[concat(parameters(''vmName''), + ''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled + extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0","type":"Microsoft.Authorization/policyDefinitions","name":"765266ab-e40e-4c61-bcb2-5a5275d0b7c0"},{"properties":{"displayName":"Audit enabling of diagnostics logs in Service Fabric and Virtual Machine Scale Sets","policyType":"BuiltIn","mode":"Indexed","description":"It is recommended to enable Logs so that activity trail can be recreated when investigations are required in the event of an incident or a compromise.","metadata":{"category":"Compute"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable @@ -331,7 +416,7 @@ interactions: Azure Managed Service Identity, and required content to check settings inside the virtual machine. If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordMustMeetComplexityRequirements","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordMustMeetComplexityRequirements"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordMustMeetComplexityRequirements","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordMustMeetComplexityRequirements"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","type":"Microsoft.Authorization/policyDefinitions","name":"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8"},{"properties":{"displayName":"Audit diagnostic setting","policyType":"BuiltIn","mode":"All","description":"Audit @@ -345,7 +430,7 @@ interactions: retention (days)","description":"The required diagnostic logs retention in days"},"defaultValue":"365"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.EventHub/namespaces"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"allOf":[{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.enabled","equals":"true"},{"field":"Microsoft.Insights/diagnosticSettings/logs[*].retentionPolicy.days","equals":"[parameters(''requiredRetentionDays'')]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a","type":"Microsoft.Authorization/policyDefinitions","name":"83a214f7-d01a-484b-91a9-ed54470c9a6a"},{"properties":{"displayName":"Deploy SQL DB transparent data encryption","policyType":"BuiltIn","mode":"Indexed","description":"Enables - transparent data encryption on SQL databases","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers/databases"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"fullDbName":{"type":"string"}},"resources":[{"name":"[concat(parameters(''fullDbName''), + transparent data encryption on SQL databases","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"fullDbName":{"type":"string"}},"resources":[{"name":"[concat(parameters(''fullDbName''), ''/current'')]","type":"Microsoft.Sql/servers/databases/transparentDataEncryption","apiVersion":"2014-04-01","properties":{"status":"Enabled"}}]},"parameters":{"fullDbName":{"value":"[field(''fullName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f","type":"Microsoft.Authorization/policyDefinitions","name":"86a912f6-9a06-4e26-b447-11b16ba8659f"},{"properties":{"displayName":"[Preview]: Monitor missing system updates in Azure Security Center","policyType":"BuiltIn","mode":"All","description":"Missing security system updates on your servers will be monitored by Azure Security @@ -362,7 +447,7 @@ interactions: Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines whether the operating system stores passwords using reversible encryption.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"StorePasswordsUsingReversibleEncryption","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"StorePasswordsUsingReversibleEncryption"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"StorePasswordsUsingReversibleEncryption","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"StorePasswordsUsingReversibleEncryption"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","type":"Microsoft.Authorization/policyDefinitions","name":"8ff0b18b-262e-4512-857a-48ad0aeb9a78"},{"properties":{"displayName":"[Preview]: Audit accounts with write permissions who are not MFA enabled on a subscription","policyType":"BuiltIn","mode":"All","description":"Multi-Factor @@ -454,7 +539,7 @@ interactions: Azure Managed Service Identity, and required content to audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"AuditSecureProtocol","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AuditSecureProtocol"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"AuditSecureProtocol","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AuditSecureProtocol"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","type":"Microsoft.Authorization/policyDefinitions","name":"b2fc8f91-866d-4434-9089-5ebfe38d6fd8"},{"properties":{"displayName":"Audit enabling of diagnostic logs for Search service","policyType":"BuiltIn","mode":"Indexed","description":"Audit @@ -513,6 +598,13 @@ interactions: which do not satisfy the configured baseline will be monitored by Azure Security Center as recommendations","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.ClassicCompute/virtualMachines","Microsoft.OperationalInsights/workspaces"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"osVulnerabilities","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15","type":"Microsoft.Authorization/policyDefinitions","name":"e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15"},{"properties":{"displayName":"[Preview]: + Audit Dependency Agent Deployment in VMSS - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports + VMSS as non-compliant if the VM Image (OS) is not in the list defined and + the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude_windows":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10","type":"Microsoft.Authorization/policyDefinitions","name":"e2dd799a-a932-4e9d-ac17-d473bc3c6c10"},{"properties":{"displayName":"[Preview]: Audit accounts with read permissions who are not MFA enabled on a subscription","policyType":"BuiltIn","mode":"All","description":"Multi-Factor Authentication (MFA) should be enabled for all subscription accounts with read privileges to prevent a breach of accounts or resources.","metadata":{"category":"Security @@ -541,7 +633,7 @@ interactions: Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies remote connections from accounts - with empty passwords is disabled.","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordPolicy_msid110","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordPolicy_msid110"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + with empty passwords is disabled.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordPolicy_msid110","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordPolicy_msid110"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","type":"Microsoft.Authorization/policyDefinitions","name":"ec49586f-4939-402d-a29e-6ff502b20592"},{"properties":{"displayName":"[Preview]: Deploy VM extension to audit Linux VM passwd file permissions","policyType":"BuiltIn","mode":"Indexed","description":"Include @@ -550,7 +642,7 @@ interactions: the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordPolicy_msid121","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordPolicy_msid121"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordPolicy_msid121","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordPolicy_msid121"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","type":"Microsoft.Authorization/policyDefinitions","name":"f19aa1c1-6b91-4c27-ae6a-970279f03db9"},{"properties":{"displayName":"[Preview]: Audit Log Analytics Workspace for VM - Report Mismatch","policyType":"BuiltIn","mode":"Indexed","description":"Reports @@ -604,405 +696,70 @@ interactions: Monitor SQL vulnerability assessment results in Azure Security Center","policyType":"BuiltIn","mode":"Indexed","description":"Monitor Vulnerability Assessment scan results and recommendations for how to remediate database vulnerabilities.","metadata":{"category":"Security Center","preview":true},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Sql/servers/databases","Microsoft.Sql/managedinstances/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"sqlVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","type":"Microsoft.Authorization/policyDefinitions","name":"feedbf84-6b99-488c-acc2-71c829aa5ffc"},{"properties":{"displayName":"storage_httpsTrafficOnly","policyType":"Custom","mode":"All","metadata":{"category":"Demo"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly","equals":"True"}}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/023217dd-81bb-461f-93ea-8799caac50c7","type":"Microsoft.Authorization/policyDefinitions","name":"023217dd-81bb-461f-93ea-8799caac50c7"},{"properties":{"displayName":"test_allowedlocation","policyType":"Custom","mode":"All","metadata":{},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources.","strongType":"location"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/05bf225f-806e-496d-802c-9d6bc548b0bc","type":"Microsoft.Authorization/policyDefinitions","name":"05bf225f-806e-496d-802c-9d6bc548b0bc"},{"properties":{"displayName":"akif - incident - 85944710","policyType":"Custom","mode":"All","description":"reproing - incident 85944710\nhttps://icm.ad.msft.net/imp/v3/incidents/details/85944710/home\n","metadata":{"category":"akhe"},"parameters":{"listOfAllowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources.","strongType":"location"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"anyOf":[{"field":"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName","notIn":"[parameters(''listOfAllowedLocations'')]"},{"field":"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName","notIn":"[parameters(''listOfAllowedLocations'')]"},{"field":"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName","notIn":"[parameters(''listOfAllowedLocations'')]"}]}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/0e0d567a-6089-46fc-b12c-ca5af12870bd","type":"Microsoft.Authorization/policyDefinitions","name":"0e0d567a-6089-46fc-b12c-ca5af12870bd"},{"properties":{"displayName":"akhe-incident-86226837-v2","policyType":"Custom","mode":"All","description":"second - attempt to repro this incident. ","metadata":{"category":"akhe"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Sql/servers/firewallRules","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/servers/firewallRules/startIpAddress","equals":"0.0.0.0"},{"field":"Microsoft.Sql/servers/firewallRules/endIpAddress","equals":"0.0.0.0"}]}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/0e0d567a-6089-46fc-b12c-ca5af1287abe","type":"Microsoft.Authorization/policyDefinitions","name":"0e0d567a-6089-46fc-b12c-ca5af1287abe"},{"properties":{"displayName":"testSandipsh - metric alert policy","policyType":"Custom","mode":"All","description":"test","metadata":{"category":"testSandipsh"},"parameters":{"resourceType":{"type":"String","metadata":{"displayName":"Resource - Type","description":"The target resource type."}},"alertNamePrefix":{"type":"String","metadata":{"displayName":"Alert - name prefix","description":"A prefix to be used for the metrics alert."}},"alertDescription":{"type":"String","metadata":{"displayName":"Alert - description.","description":"The description of alert."}},"alertSeverity":{"type":"String","metadata":{"displayName":"alertSeverity","description":"Severity - of alert {0,1,2,3,4}"},"allowedValues":["0","1","2","3","4"]},"isEnabled":{"type":"String","metadata":{"displayName":"isEnabled","description":"Specifies - whether the alert is enabled."},"allowedValues":["true","false"]},"metricName":{"type":"String","metadata":{"displayName":"Metric - name","description":"The metric name."}},"operator":{"type":"String","metadata":{"displayName":"Operator","description":"The - operator comparing the current value with the threshold value."}},"threshold":{"type":"String","metadata":{"displayName":"Threshold","description":"The - threshold value at which the alert is activated."}},"timeAggregation":{"type":"String","metadata":{"displayName":"TimeAggregation","description":"How - the data that is collected should be combined over time."}},"windowSize":{"type":"String","metadata":{"displayName":"Window - size","description":"Period of time used to monitor alert activity based on - the threshold. Must be between five minutes and one day. ISO 8601 duration - format."}},"evaluationFrequency":{"type":"String","metadata":{"displayName":"Evaluation - Frequency","description":"How often the metric alert is evaluated represented - in ISO 8601 duration format"}},"actionGroupId":{"type":"String","metadata":{"displayName":"ActionGroupId","description":"The - ID of the action group that is triggered when the alert is activated or deactivated"}}},"policyRule":{"if":{"field":"type","equals":"[parameters(''resourceType'')]"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Insights/metricAlerts","existenceCondition":{"field":"name","equals":"[concat(parameters(''alertNamePrefix''), - ''-'', resourcegroup().name, ''-'', field(''name''))]"},"existenceScope":"subscription","deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"alertNamePrefix":{"type":"string","minLength":1,"metadata":{"description":"A - prefix to be used for the metrics alert."}},"alertDescription":{"type":"string","defaultValue":"This - is a metric alert","metadata":{"description":"Description of alert"}},"alertSeverity":{"type":"string","defaultValue":"3","allowedValues":["0","1","2","3","4"],"metadata":{"description":"Severity - of alert {0,1,2,3,4}"}},"isEnabled":{"type":"string","defaultValue":"true","metadata":{"description":"Specifies - whether the alert is enabled"}},"metricName":{"type":"string","minLength":1,"metadata":{"description":"Name - of the metric used in the comparison to activate the alert."}},"operator":{"type":"string","defaultValue":"GreaterThan","allowedValues":["Equals","NotEquals","GreaterThan","GreaterThanOrEqual","LessThan","LessThanOrEqual"],"metadata":{"description":"Operator - comparing the current value with the threshold value."}},"threshold":{"type":"string","defaultValue":"0","metadata":{"description":"The - threshold value at which the alert is activated."}},"timeAggregation":{"type":"string","defaultValue":"Average","allowedValues":["Average","Minimum","Maximum","Total"],"metadata":{"description":"How - the data that is collected should be combined over time."}},"windowSize":{"type":"string","defaultValue":"PT5M","metadata":{"description":"Period - of time used to monitor alert activity based on the threshold. Must be between - five minutes and one day. ISO 8601 duration format."}},"evaluationFrequency":{"type":"string","defaultValue":"PT1M","metadata":{"description":"how - often the metric alert is evaluated represented in ISO 8601 duration format"}},"actionGroupId":{"type":"string","defaultValue":"","metadata":{"description":"The - ID of the action group that is triggered when the alert is activated or deactivated"}},"resourceType":{"type":"string","metadata":{"description":"The - resource type of target resource."}},"targetResourceName":{"type":"string","metadata":{"description":"The - target resource name."}}},"variables":{"targetResourceType":"[parameters(''resourceType'')]","resourceIdentifier":"[resourceId(variables(''targetResourceType''), - parameters(''targetResourceName''))]","alertName":"[concat(parameters(''alertNamePrefix''), - ''-'', resourcegroup().name, ''-'', parameters(''targetResourceName''))]"},"resources":[{"name":"[variables(''alertName'')]","type":"Microsoft.Insights/metricAlerts","location":"global","apiVersion":"2018-03-01","tags":{},"properties":{"description":"[parameters(''alertDescription'')]","severity":"[parameters(''alertSeverity'')]","enabled":"[parameters(''isEnabled'')]","scopes":["[variables(''resourceIdentifier'')]"],"evaluationFrequency":"[parameters(''evaluationFrequency'')]","windowSize":"[parameters(''windowSize'')]","criteria":{"odata.type":"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria","allOf":[{"name":"1st - criterion","metricName":"[parameters(''metricName'')]","dimensions":[],"operator":"[parameters(''operator'')]","threshold":"[parameters(''threshold'')]","timeAggregation":"[parameters(''timeAggregation'')]"}]},"actions":[{"actionGroupId":"[parameters(''actionGroupId'')]"}]}}]},"parameters":{"alertNamePrefix":{"value":"[parameters(''alertNamePrefix'')]"},"alertDescription":{"value":"[parameters(''alertDescription'')]"},"alertSeverity":{"value":"[parameters(''alertSeverity'')]"},"isEnabled":{"value":"[parameters(''isEnabled'')]"},"metricName":{"value":"[parameters(''metricName'')]"},"operator":{"value":"[parameters(''operator'')]"},"threshold":{"value":"[parameters(''threshold'')]"},"timeAggregation":{"value":"[parameters(''timeAggregation'')]"},"windowSize":{"value":"[parameters(''windowSize'')]"},"evaluationFrequency":{"value":"[parameters(''evaluationFrequency'')]"},"actionGroupId":{"value":"[parameters(''actionGroupId'')]"},"resourceType":{"value":"[parameters(''resourceType'')]"},"targetResourceName":{"value":"[field(''name'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/123c6354-fc96-4f54-984e-8d49d06a80a3","type":"Microsoft.Authorization/policyDefinitions","name":"123c6354-fc96-4f54-984e-8d49d06a80a3"},{"properties":{"displayName":"jilim-incident-86226837-fix","policyType":"Custom","mode":"all","description":"1 - - reproing the incident: https://icm.ad.msft.net/imp/v3/incidents/details/86226837/home","metadata":{"category":"akhe"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/firewallRules"},{"field":"Microsoft.Sql/servers/firewallRules/startIpAddress","equals":"0.0.0.0"},{"field":"Microsoft.Sql/servers/firewallRules/endIpAddress","equals":"0.0.0.0"}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/15358dd8-671e-4c96-be33-2b668791418f","type":"Microsoft.Authorization/policyDefinitions","name":"15358dd8-671e-4c96-be33-2b668791418f"},{"properties":{"displayName":"Attempt - service bus","policyType":"Custom","mode":"All","metadata":{"category":"camarvin"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Insights/logProfiles"},{"anyOf":[{"field":"Microsoft.Insights/logProfiles/serviceBusRuleId","exists":"false"}]}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/163c640e-681c-445f-92ba-cd434bd8c11c","type":"Microsoft.Authorization/policyDefinitions","name":"163c640e-681c-445f-92ba-cd434bd8c11c"},{"properties":{"displayName":"jilim - exists2","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"not":{"field":"tags.zyx","exists":"false"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/17d43473-870f-4bc8-93c6-3961fa1d91cc","type":"Microsoft.Authorization/policyDefinitions","name":"17d43473-870f-4bc8-93c6-3961fa1d91cc"},{"properties":{"displayName":"inherit - all tags","policyType":"Custom","mode":"All","metadata":{"category":"tags"},"parameters":{},"policyRule":{"if":{"field":"tags","exists":"false"},"then":{"effect":"append","details":[{"field":"tags","value":"[resourceGroup().tags]"}]}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/1e3c9312-c011-40a3-ac40-3bf3ddc24120","type":"Microsoft.Authorization/policyDefinitions","name":"1e3c9312-c011-40a3-ac40-3bf3ddc24120"},{"properties":{"displayName":"Allowed - resource group locations","policyType":"Custom","mode":"All","description":"Allowed - resource group locations","parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources.","strongType":"location"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/1f20036f-28c3-48f3-9266-05d50fe391f4","type":"Microsoft.Authorization/policyDefinitions","name":"1f20036f-28c3-48f3-9266-05d50fe391f4"},{"properties":{"displayName":"docdb_aliases_test","policyType":"Custom","mode":"All","metadata":{},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"field":"Microsoft.DocumentDB/databaseAccounts/isVirtualNetworkFilterEnabled","equals":"false"}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/1f5360b7-fe59-43f7-8af5-825df420d09c","type":"Microsoft.Authorization/policyDefinitions","name":"1f5360b7-fe59-43f7-8af5-825df420d09c"},{"properties":{"displayName":"Deploy - security rule with restricted source IPs","policyType":"Custom","mode":"All","description":"Ovewrites - security rules with IP restrictions at the securityRule level","metadata":{"category":"Port - Lockdown"},"parameters":{"destinationPortRanges":{"type":"Array","metadata":{"displayName":"Destination - port ranges","description":"Destination port ranges requiring IP restrictions. - Limit to one protocol. The most inclusive should come last. I.e. 22;22-22;22-23"}},"sourceAddressPrefixes":{"type":"Array","metadata":{"displayName":"IP - restriction prefixes","description":"The IP ranges incoming traffic will be - restricted to. I.e. 192.4.0.0/8;192.5.0.0/8"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkSecurityGroups/securityRules"},{"allOf":[{"anyOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange","in":"[parameters(''destinationPortRanges'')]"},{"not":{"field":"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]","notIn":"[parameters(''destinationPortRanges'')]"}}]},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/access","equals":"Allow"},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/direction","equals":"Inbound"},{"anyOf":[{"allOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]","exists":"true"},{"not":{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]","notLike":"*"}},{"not":{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]","notIn":["*","Internet"]}},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]","notEquals":"VirtualNetwork"}]},{"allOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix","exists":"true"},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix","notEquals":""},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix","in":["*","Internet"]},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix","notEquals":"VirtualNetwork"}]},{"allOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]","equals":""},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix","equals":""}]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Authorization/policyAssignments","name":"DoesNotExist101","deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"fullRuleName":{"type":"string"},"sourceAddressPrefixes":{"type":"array"},"destinationPortRanges":{"type":"array"},"priority":{"type":"int"}},"resources":[{"name":"[parameters(''fullRuleName'')]","type":"Microsoft.Network/networkSecurityGroups/securityRules","apiVersion":"2018-02-01","properties":{"protocol":"*","sourceAddressPrefixes":"[parameters(''sourceAddressPrefixes'')]","destinationAddressPrefix":"*","sourcePortRange":"*","destinationPortRange":"[last(parameters(''destinationPortRanges''))]","access":"Allow","direction":"Inbound","priority":"[parameters(''priority'')]"}}]},"parameters":{"fullRuleName":{"value":"[field(''fullName'')]"},"sourceAddressPrefixes":{"value":"[parameters(''sourceAddressPrefixes'')]"},"destinationPortRanges":{"value":"[parameters(''destinationPortRanges'')]"},"priority":{"value":"[field(''Microsoft.Network/networksecurityGroups/securityRules/priority'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/20c4afd0-8a77-4433-b8b0-4ad06e4c7111","type":"Microsoft.Authorization/policyDefinitions","name":"20c4afd0-8a77-4433-b8b0-4ad06e4c7111"},{"properties":{"displayName":"Deploy - NSGs on Subnets","policyType":"Custom","mode":"All","description":"Enforce - that all subnets have a Network Security Group. If a subnet does not have - one an NSG with the default Internet Exposed Endpoint restrictions will be - created and associated with it.","metadata":{"category":"Port Lockdown"},"parameters":{"nsgPrefix":{"type":"String","metadata":{"displayName":"NSG - name prefix","description":"The prefix string to apply to all automatically - created network security groups."}},"sourceAddressPrefixes":{"type":"Array","metadata":{"displayName":"IP - restriction prefixes","description":"The IP ranges incoming traffic will be - restricted to. I.e. 192.4.0.0/8;192.5.0.0/8"}},"destinationPortRanges":{"type":"Array","metadata":{"displayName":"Destination - port ranges","description":"Destination port ranges requiring IP restrictions. - Ranges must not overlap."}}},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Network/virtualNetworks/subnets"},{"anyOf":[{"field":"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id","exists":"false"},{"field":"Microsoft.Network/virtualNetworks/subnets/networkSecurityGroup.id","equals":""}]}]},{"allOf":[{"field":"type","equals":"Microsoft.Network/virtualNetworks"},{"anyOf":[{"field":"Microsoft.Network/virtualNetworks/subnets[*].networkSecurityGroup.id","exists":"false"},{"not":{"field":"Microsoft.Network/virtualNetworks/subnets[*].networkSecurityGroup.id","notEquals":"null"}}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Authorization/policyAssignments","name":"DoesNotExist101","deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"fullResourceName":{"type":"string"},"resourceName":{"type":"string"},"location":{"type":"string"},"nsgPrefix":{"type":"string"},"sourceAddressPrefixes":{"type":"array"},"destinationPortRanges":{"type":"array"}},"variables":{"nsgName":"[concat(parameters(''nsgPrefix''), - ''-'', parameters(''location''))]","vnetName":"[split(parameters(''fullResourceName''), - ''/'')[0]]","vnetResourceId":"[resourceId(''Microsoft.Network/virtualNetworks'', - variables(''vnetName''))]","getVnetDeploymentName":"[concat(''getVnet-'', - variables(''vnetName''))]","collectSubnetsDeploymentName":"[concat(''collectSubnets-'', - variables(''vnetName''))]","overwriteVnetDeploymentName":"[concat(''overwriteVnet-'', - variables(''vnetName''))]"},"resources":[{"apiVersion":"2018-02-01","type":"Microsoft.Resources/deployments","name":"[variables(''getVnetDeploymentName'')]","properties":{"mode":"Incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","resources":[],"outputs":{"vnetProperties":{"type":"object","value":"[reference(variables(''vnetResourceId''), - ''2018-03-01'', ''Full'')]"}}}}},{"name":"[variables(''nsgName'')]","type":"Microsoft.Network/networkSecurityGroups","apiVersion":"2018-03-01","location":"[parameters(''location'')]","properties":{"securityRules":[{"name":"PortLockdown_ControlledPorts_Restrict","properties":{"description":"Allow - controlled port connections from specific IP ranges (either corpnet or SAW)","protocol":"*","sourcePortRange":"*","destinationPortRange":"","destinationPortRanges":"[parameters(''destinationPortRanges'')]","sourceAddressPrefix":"","sourceAddressPrefixes":"[parameters(''sourceAddressPrefixes'')]","destinationAddressPrefix":"*","access":"Allow","priority":3997,"direction":"Inbound"}},{"name":"PortLockdown_ControlledPorts_AllowVnet","properties":{"description":"Allow - controlled port connections from within the VNET","protocol":"*","sourcePortRange":"*","destinationPortRange":"","destinationPortRanges":"[parameters(''destinationPortRanges'')]","sourceAddressPrefix":"VirtualNetwork","destinationAddressPrefix":"*","access":"Allow","priority":3998,"direction":"Inbound"}},{"name":"PortLockdown_ControlledPorts_Deny","properties":{"description":"Deny - any controlled port connections that aren''t explicitly allowed in higher - priority rules","protocol":"*","sourcePortRange":"*","destinationPortRange":"","destinationPortRanges":"[parameters(''destinationPortRanges'')]","sourceAddressPrefix":"*","destinationAddressPrefix":"*","access":"Deny","priority":3999,"direction":"Inbound"}},{"name":"PortLockdown_AllowAll","properties":{"description":"Allow - all inbound traffic that isn''t explicitly blocked by Port Lockdown restrictions","protocol":"*","sourcePortRange":"*","destinationPortRange":"*","sourceAddressPrefix":"*","destinationAddressPrefix":"*","access":"Allow","priority":4000,"direction":"Inbound"}}]}},{"apiVersion":"2018-02-01","type":"Microsoft.Resources/deployments","name":"[variables(''collectSubnetsDeploymentName'')]","properties":{"mode":"Incremental","templateLink":{"uri":"https://portlockdown.blob.core.windows.net/portlockdown-templates/Subnet_OverwriteWithNsg_collectSubnets_template.json","contentVersion":"1.0.0.0"},"parameters":{"vnetProperties":{"value":"[reference(variables(''getVnetDeploymentName'')).outputs.vnetProperties.value]"},"nsgResourceId":{"value":"[resourceid(''Microsoft.Network/networkSecurityGroups'', - variables(''nsgName''))]"},"vnetName":{"value":"[variables(''vnetName'')]"}}}},{"dependsOn":["[variables(''nsgName'')]"],"apiVersion":"2018-02-01","type":"Microsoft.Resources/deployments","name":"[variables(''overwriteVnetDeploymentName'')]","properties":{"mode":"Incremental","templateLink":{"uri":"https://portlockdown.blob.core.windows.net/portlockdown-templates/Subnet_OverwriteWithNsg_overwriteVnet_template.json","contentVersion":"1.0.0.0"},"parameters":{"vnetProperties":{"value":"[reference(variables(''getVnetDeploymentName'')).outputs.vnetProperties.value]"},"location":{"value":"[parameters(''location'')]"},"updatedSubnets":{"value":"[reference(variables(''collectSubnetsDeploymentName'')).outputs.updatedSubnets.value]"},"vnetName":{"value":"[variables(''vnetName'')]"}}}}]},"parameters":{"fullResourceName":{"value":"[field(''fullName'')]"},"resourceName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"nsgPrefix":{"value":"[parameters(''nsgPrefix'')]"},"sourceAddressPrefixes":{"value":"[parameters(''sourceAddressPrefixes'')]"},"destinationPortRanges":{"value":"[parameters(''destinationPortRanges'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/210ed8bd-6b07-4d5e-a62c-c34f07293288","type":"Microsoft.Authorization/policyDefinitions","name":"210ed8bd-6b07-4d5e-a62c-c34f07293288"},{"properties":{"displayName":"Audit - existence of a tag2","policyType":"Custom","mode":"All","description":"Audits - that a required tag is present on resources","metadata":{},"parameters":{"tagName":{"type":"String","metadata":{"displayName":"Tag - Name","description":null}}},"policyRule":{"if":{"field":"tags","notcontainsKey":"[parameters(''tagName'')]"},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/24813039-7534-408a-9842-eb99f45721b1","type":"Microsoft.Authorization/policyDefinitions","name":"24813039-7534-408a-9842-eb99f45721b1"},{"properties":{"displayName":"camarvin - oms vm linux parameterized effect","policyType":"Custom","mode":"all","metadata":{},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log - Analytics workspace","description":"Select Log Analytics workspace from dropdown - list","strongType":"omsWorkspace"}},"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Select - Log Analytics workspace from dropdown list","strongType":"omsWorkspace"},"allowedValues":["deployIfNotExists","disabled"],"defaultValue":"deployIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"OmsAgentForLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}]},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"resources":[{"name":"[concat(parameters(''vmName''),''/omsPolicy'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2017-12-01","properties":{"publisher":"Microsoft.EnterpriseCloud.Monitoring","type":"OmsAgentForLinux","typeHandlerVersion":"1.4","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''), - ''2015-03-20'').customerId]"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''), - ''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled - monitoring for Linux VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/263f13f4-6b88-4788-bead-34beedde70ce","type":"Microsoft.Authorization/policyDefinitions","name":"263f13f4-6b88-4788-bead-34beedde70ce"},{"properties":{"displayName":"akhe-incident-85944710-v2","policyType":"Custom","mode":"all","description":"2nd - attempt on this policy. ","metadata":{"category":"akhe"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources."}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"field":"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName","notIn":"[parameters(''allowedLocations'')]"}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/290b38e4-eff9-434b-b4d3-3ddd60841400","type":"Microsoft.Authorization/policyDefinitions","name":"290b38e4-eff9-434b-b4d3-3ddd60841400"},{"properties":{"displayName":"akhe-incident-85944710-combined","policyType":"Custom","mode":"all","description":"the - combined policy attempt for both cosmos db cases. ","metadata":{},"parameters":{"locationNames":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources."}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"anyOf":[{"allOf":[{"field":"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName","exists":"true"},{"not":{"field":"Microsoft.DocumentDB/databaseAccounts/Locations[*].locationName","In":"[parameters(''locationNames'')]"}}]},{"allOf":[{"field":"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName","exists":"true"},{"not":{"field":"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName","In":"[parameters(''locationNames'')]"}}]},{"allOf":[{"field":"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName","exists":"true"},{"not":{"field":"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName","In":"[parameters(''locationNames'')]"}}]},{"allOf":[{"field":"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName","exists":"true"},{"not":{"field":"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName","In":"[parameters(''locationNames'')]"}}]}]}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/290b38e4-eff9-434b-b4d3-3ddd6084180f","type":"Microsoft.Authorization/policyDefinitions","name":"290b38e4-eff9-434b-b4d3-3ddd6084180f"},{"properties":{"displayName":"storage - ip rules append 2","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"}]},"then":{"effect":"append","details":[{"field":"Microsoft.Storage/storageAccounts/networkAcls.ipRules","value":[{"value":"8.8.8.8","action":"Allow"}]}]}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/2b2317a7-ab02-47b5-8159-eb7e6227709f","type":"Microsoft.Authorization/policyDefinitions","name":"2b2317a7-ab02-47b5-8159-eb7e6227709f"},{"properties":{"displayName":"[demo] - Enforce KeyVault diagnostic log storage","policyType":"Custom","mode":"all","description":"Ensures - that AuditEvents are collected from all Key Vaults in the subscription and - stored in a specific storage account for 30 days.","metadata":{"category":"Key - Vault"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"},"roleDefinitionIds":["/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","variables":{"storageName":"[tolower(concat(''cheggkv'', - parameters(''location'')))]"},"resources":[{"type":"Microsoft.KeyVault/vaults/providers/diagnosticSettings","name":"[concat(parameters(''vaultName''),''/Microsoft.Insights/setbypolicy'')]","apiVersion":"2017-05-01-preview","location":"[parameters(''location'')]","properties":{"storageAccountId":"[resourceid(''cheggremdemo'', - ''Microsoft.Storage/storageAccounts'', variables(''storageName''))]","logs":[{"category":"AuditEvent","enabled":true,"retentionPolicy":{"enabled":true,"days":30}}]}}],"parameters":{"vaultName":{"type":"string"},"location":{"type":"string"}}},"parameters":{"vaultName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/332ce4ac-9200-4573-8c66-92b85fc82c8d","type":"Microsoft.Authorization/policyDefinitions","name":"332ce4ac-9200-4573-8c66-92b85fc82c8d"},{"properties":{"displayName":"audit_cosmosdb_enableAutomaticFailover","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"allof":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"field":"Microsoft.DocumentDB/databaseAccounts/enableAutomaticFailover","equals":"false"}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0a0","type":"Microsoft.Authorization/policyDefinitions","name":"37501145-d01b-4bc8-92d0-c795a19fd0a0"},{"properties":{"displayName":"audit_cosmosdb_defaultConsistencyLevel","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"allof":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"not":{"field":"Microsoft.DocumentDB/databaseAccounts/consistencyPolicy.defaultConsistencyLevel","equals":"lalala"}}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0b7","type":"Microsoft.Authorization/policyDefinitions","name":"37501145-d01b-4bc8-92d0-c795a19fd0b7"},{"properties":{"displayName":"audit_cosmosdb_readLocations","policyType":"Custom","mode":"All","metadata":{},"parameters":{},"policyRule":{"if":{"allof":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"not":{"allof":[{"field":"Microsoft.DocumentDB/databaseAccounts/readLocations[*].locationName","equals":"lalala"}]}}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0bd","type":"Microsoft.Authorization/policyDefinitions","name":"37501145-d01b-4bc8-92d0-c795a19fd0bd"},{"properties":{"displayName":"audit_cosmosdb_writeLocations","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"allof":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"not":{"allof":[{"field":"Microsoft.DocumentDB/databaseAccounts/writeLocations[*].locationName","equals":"lalala"}]}}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd0ce","type":"Microsoft.Authorization/policyDefinitions","name":"37501145-d01b-4bc8-92d0-c795a19fd0ce"},{"properties":{"displayName":"audit_cosmosdb_failoverPolicies","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"allof":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"not":{"allof":[{"field":"Microsoft.DocumentDB/databaseAccounts/failoverPolicies[*].locationName","equals":"lalala"}]}}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/37501145-d01b-4bc8-92d0-c795a19fd160","type":"Microsoft.Authorization/policyDefinitions","name":"37501145-d01b-4bc8-92d0-c795a19fd160"},{"properties":{"displayName":"jilim - recovery services vaults test","policyType":"Custom","mode":"all","metadata":{"category":"Test"},"parameters":{"vault":{"type":"String","metadata":{"displayName":"Recovery - Services Vault","description":"The Recovery Services Vault.","strongType":"Microsoft.RecoveryServices/vaults"}},"vaults":{"type":"Array","metadata":{"displayName":"Recovery - Services Vaults","description":"The list of Recovery Services Vaults.","strongType":"Microsoft.RecoveryServices/vaults"}}},"policyRule":{"if":{"allOf":[{"field":"location","equals":"[parameters(''vault'')]"},{"field":"location","in":"[parameters(''vaults'')]"}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3b2c1b0f-63c5-4943-8578-6d37fbe411bb","type":"Microsoft.Authorization/policyDefinitions","name":"3b2c1b0f-63c5-4943-8578-6d37fbe411bb"},{"properties":{"displayName":"Name - should have prefix and suffix","policyType":"Custom","description":"Name should - have prefix and suffix","parameters":{"prefix":{"type":"String","metadata":{"displayName":"The - prefix","description":"The name prefix"},"allowedValues":[]},"suffix":{"type":"String","metadata":{"displayName":"The - suffix","description":"The name suffix."},"allowedValues":[]}},"policyRule":{"if":{"not":{"field":"name","like":"[concat(parameters(''prefix''), - ''*'', parameters(''suffix''))]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3e275e2e-a157-4ade-8f91-43b3ea370007","type":"Microsoft.Authorization/policyDefinitions","name":"3e275e2e-a157-4ade-8f91-43b3ea370007"},{"properties":{"displayName":"Restrict - VM skus","policyType":"Custom","mode":"All","description":"Restricts allowed - VM skus to a predefined regex","parameters":{"allowedSkuTemplate":{"type":"String","metadata":{"displayName":"Allowed - VM sku template","description":"The VM sku template. Supports wildcards via - ''*''"}}},"policyRule":{"if":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/sku.name","like":"[parameters(''allowedSkuTemplate'')]"},{"field":"type","equals":"Microsoft.Compute/virtualMachines"}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e34c8","type":"Microsoft.Authorization/policyDefinitions","name":"3e3807c1-65c9-49e0-a406-82d8ae3e34c8"},{"properties":{"displayName":"Audit - storage account SKU","policyType":"Custom","mode":"All","description":"Audits - the use of storage account SKUs that don''t meet organizational cost policy.","parameters":{"listOfAllowedSkus":{"type":"Array","metadata":{"displayName":"List - of allowed SKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/sku.name","in":"[parameters(''listOfAllowedSkus'')]"}}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3e3807c1-65c9-49e0-a406-82d8ae3e3682","type":"Microsoft.Authorization/policyDefinitions","name":"3e3807c1-65c9-49e0-a406-82d8ae3e3682"},{"properties":{"displayName":"RobgaDataFactoryTest1","policyType":"Custom","mode":"all","description":"RobgaDataFactoryTest","metadata":{},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.DataFactory/factories"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"field":"Microsoft.Insights/diagnosticSettings/workspaceId","equals":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/robgatestworkspace/providers/Microsoft.OperationalInsights/workspaces/robgatestworkspace"}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3ffb9f8c-fdaa-41b0-ad4b-b0f55e2860c9","type":"Microsoft.Authorization/policyDefinitions","name":"3ffb9f8c-fdaa-41b0-ad4b-b0f55e2860c9"},{"properties":{"displayName":"Enforce - autoUpgrade on VM/VMSS extensions","policyType":"Custom","mode":"All","description":"Denies - any VM or VMSS extensions that do not have autoUpgradeMinorVersion set to - true.","metadata":{},"parameters":{},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines/extensions"},{"field":"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion","notEquals":"true"}]},{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets/extensions"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion","notEquals":"true"}]}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f772","type":"Microsoft.Authorization/policyDefinitions","name":"41f9e24d-1586-455f-811a-92a2ca39f772"},{"properties":{"displayName":"Append - autoUpgrade to VM extensions","policyType":"Custom","mode":"All","description":"Automatically - enabled autoUpgradeMinorVersion on VM extensions","metadata":{},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines/extensions"},{"field":"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion","exists":"false"}]},"then":{"effect":"append","details":[{"field":"Microsoft.Compute/virtualMachines/extensions/autoUpgradeMinorVersion","value":"true"}]}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f783","type":"Microsoft.Authorization/policyDefinitions","name":"41f9e24d-1586-455f-811a-92a2ca39f783"},{"properties":{"displayName":"Append - autoUpgrade to VM scale set extensions","policyType":"Custom","mode":"All","description":"Automatically - appends autoUpgradeMinorVersion=true to VMSS extensions","metadata":{},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets/extensions"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion","exists":"false"}]},"then":{"effect":"append","details":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/autoUpgradeMinorVersion","value":"true"}]}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39f7a3","type":"Microsoft.Authorization/policyDefinitions","name":"41f9e24d-1586-455f-811a-92a2ca39f7a3"},{"properties":{"displayName":"MSIT - - AppService must use serverFarm","policyType":"Custom","mode":"All","metadata":{},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"anyOf":[{"field":"Microsoft.Web/sites/serverFarmId","exists":"false"},{"field":"Microsoft.Web/sites/serverFarmId","equals":""}]}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39fc12","type":"Microsoft.Authorization/policyDefinitions","name":"41f9e24d-1586-455f-811a-92a2ca39fc12"},{"properties":{"displayName":"MSIT - - AppService serverFarm must have capacity > 1","policyType":"Custom","mode":"All","metadata":{},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/serverFarms"},{"field":"Microsoft.Web/serverFarms/sku.capacity","in":["0","1"]}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/41f9e24d-1586-455f-811a-92a2ca39fc23","type":"Microsoft.Authorization/policyDefinitions","name":"41f9e24d-1586-455f-811a-92a2ca39fc23"},{"properties":{"displayName":"rohitbh: - Definition to be deleted.","policyType":"Custom","mode":"indexed","description":"This - policy will deploy a key vault named KV_B if a key vault named KV_A does not - exist.","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.KeyVault/vaults","existenceCondition":{"field":"name","equals":"KV_B"},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","resources":[{"apiVersion":"2016-10-01","name":"KV_A","type":"Microsoft.KeyVault/vaults","location":"eastus2","properties":{"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","sku":{"family":"A","name":"standard"},"accessPolicies":[]}}]}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/48ba81c1-0012-4796-8166-c2efb4304190","type":"Microsoft.Authorization/policyDefinitions","name":"48ba81c1-0012-4796-8166-c2efb4304190"},{"properties":{"displayName":"Do_Not_Delete","policyType":"Custom","mode":"All","description":"This - policy is used for unit tests. Please do not delete it.","parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources."}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4a0425e4-97bf-4ad0-ab36-145b94083c60","type":"Microsoft.Authorization/policyDefinitions","name":"4a0425e4-97bf-4ad0-ab36-145b94083c60"},{"properties":{"displayName":"ICM - 83686598","policyType":"Custom","mode":"All","description":"deny the creation - of storage if supportsHttpsTrafficOnly is false","metadata":{},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly","equals":"True"}}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4c03a3e3-e038-4a55-a6a6-abf8e7bb9175","type":"Microsoft.Authorization/policyDefinitions","name":"4c03a3e3-e038-4a55-a6a6-abf8e7bb9175"},{"properties":{"displayName":"detect - ''allow All'' NSG rule","policyType":"Custom","mode":"All","metadata":{},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkSecurityGroups/securityRules"},{"allOf":[{"anyOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange","equals":"*"},{"not":{"field":"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]","notEquals":"*"}}]},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/access","equals":"Allow"},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/direction","equals":"Inbound"},{"anyOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix","in":["*","Internet"]},{"not":{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]","notIn":["*","Internet"]}}]}]}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4c915617-16f0-4c62-b021-e66d5409d11d","type":"Microsoft.Authorization/policyDefinitions","name":"4c915617-16f0-4c62-b021-e66d5409d11d"},{"properties":{"displayName":"rohitbh: - Deploy Auditing on SQL servers without role definitions","policyType":"Custom","mode":"indexed","description":"This - policy ensures that Auditing is enabled on SQL Servers for enhanced security - and compliance. It will automatically create a storage account in the same - region as the SQL server to store audit records.","metadata":{"category":"rohitbh"},"parameters":{"retentionDays":{"type":"String","metadata":{"displayName":"Retention - days (optional, 180 days if unspecified)","description":"The value in days - of the retention period (0 indicates unlimited retention)"},"defaultValue":"180"},"storageAccountsResourceGroup":{"type":"String","metadata":{"displayName":"Resource - group name for storage accounts","description":"Auditing writes database events - to an audit log in your Azure Storage account (a storage account will be created - in each region where a SQL Server is created that will be shared by all servers - in that region). Important - for proper operation of Auditing do not delete - or rename the resource group or the storage accounts.","strongType":"existingResourceGroups"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"Default","existenceCondition":{"field":"Microsoft.Sql/auditingSettings.state","equals":"Enabled"},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"serverName":{"type":"string"},"auditRetentionDays":{"type":"string"},"storageAccountsResourceGroup":{"type":"string"},"location":{"type":"string"}},"variables":{"retentionDays":"[int(parameters(''auditRetentionDays''))]","subscriptionId":"[subscription().subscriptionId]","uniqueStorage":"[uniqueString(variables(''subscriptionId''), - parameters(''location''), parameters(''storageAccountsResourceGroup''))]","locationCode":"[substring(parameters(''location''), - 0, 3)]","storageName":"[tolower(concat(''sqlaudit'', variables(''locationCode''), - variables(''uniqueStorage'')))]","createStorageAccountDeploymentName":"[concat(''sqlServerAuditingStorageAccount-'', - uniqueString(variables(''locationCode''), parameters(''serverName'')))]"},"resources":[{"apiVersion":"2017-05-10","name":"[variables(''createStorageAccountDeploymentName'')]","type":"Microsoft.Resources/deployments","resourceGroup":"[parameters(''storageAccountsResourceGroup'')]","properties":{"mode":"Incremental","parameters":{"location":{"value":"[parameters(''location'')]"},"storageName":{"value":"[variables(''storageName'')]"}},"templateLink":{"uri":"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json","contentVersion":"1.0.0.0"}}},{"name":"[concat(parameters(''serverName''), - ''/Default'')]","type":"Microsoft.Sql/servers/auditingSettings","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","storageEndpoint":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountEndPoint.value]","storageAccountAccessKey":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountKey.value]","retentionDays":"[variables(''retentionDays'')]","auditActionsAndGroups":null,"storageAccountSubscriptionId":"[subscription().subscriptionId]","isStorageSecondaryKeyInUse":false}}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"auditRetentionDays":{"value":"[parameters(''retentionDays'')]"},"storageAccountsResourceGroup":{"value":"[parameters(''storageAccountsResourceGroup'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf332195","type":"Microsoft.Authorization/policyDefinitions","name":"4cf9b9fd-45d3-4126-8ba7-cc9adf332195"},{"properties":{"displayName":"rohitbh: - Deploy Auditing on SQL servers with role definitions","policyType":"Custom","mode":"indexed","description":"This - policy ensures that Auditing is enabled on SQL Servers for enhanced security - and compliance. It will automatically create a storage account in the same - region as the SQL server to store audit records.","metadata":{"category":"Test"},"parameters":{"retentionDays":{"type":"String","metadata":{"displayName":"Retention - days (optional, 180 days if unspecified)","description":"The value in days - of the retention period (0 indicates unlimited retention)"},"defaultValue":"180"},"storageAccountsResourceGroup":{"type":"String","metadata":{"displayName":"Resource - group name for storage accounts","description":"Auditing writes database events - to an audit log in your Azure Storage account (a storage account will be created - in each region where a SQL Server is created that will be shared by all servers - in that region). Important - for proper operation of Auditing do not delete - or rename the resource group or the storage accounts.","strongType":"existingResourceGroups"}}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/auditingSettings","name":"Default","existenceCondition":{"field":"Microsoft.Sql/auditingSettings.state","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3","/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"serverName":{"type":"string"},"auditRetentionDays":{"type":"string"},"storageAccountsResourceGroup":{"type":"string"},"location":{"type":"string"}},"variables":{"retentionDays":"[int(parameters(''auditRetentionDays''))]","subscriptionId":"[subscription().subscriptionId]","uniqueStorage":"[uniqueString(variables(''subscriptionId''), - parameters(''location''), parameters(''storageAccountsResourceGroup''))]","locationCode":"[substring(parameters(''location''), - 0, 3)]","storageName":"[tolower(concat(''sqlaudit'', variables(''locationCode''), - variables(''uniqueStorage'')))]","createStorageAccountDeploymentName":"[concat(''sqlServerAuditingStorageAccount-'', - uniqueString(variables(''locationCode''), parameters(''serverName'')))]"},"resources":[{"apiVersion":"2017-05-10","name":"[variables(''createStorageAccountDeploymentName'')]","type":"Microsoft.Resources/deployments","resourceGroup":"[parameters(''storageAccountsResourceGroup'')]","properties":{"mode":"Incremental","parameters":{"location":{"value":"[parameters(''location'')]"},"storageName":{"value":"[variables(''storageName'')]"}},"templateLink":{"uri":"https://raw.githubusercontent.com/Azure/azure-policy/master/samples/SQL/deploy-sql-server-auditing/createStorage.template.json","contentVersion":"1.0.0.0"}}},{"name":"[concat(parameters(''serverName''), - ''/Default'')]","type":"Microsoft.Sql/servers/auditingSettings","apiVersion":"2017-03-01-preview","properties":{"state":"Enabled","storageEndpoint":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountEndPoint.value]","storageAccountAccessKey":"[reference(variables(''createStorageAccountDeploymentName'')).outputs.storageAccountKey.value]","retentionDays":"[variables(''retentionDays'')]","auditActionsAndGroups":null,"storageAccountSubscriptionId":"[subscription().subscriptionId]","isStorageSecondaryKeyInUse":false}}]},"parameters":{"serverName":{"value":"[field(''name'')]"},"auditRetentionDays":{"value":"[parameters(''retentionDays'')]"},"storageAccountsResourceGroup":{"value":"[parameters(''storageAccountsResourceGroup'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf332199","type":"Microsoft.Authorization/policyDefinitions","name":"4cf9b9fd-45d3-4126-8ba7-cc9adf332199"},{"properties":{"displayName":"rohitbh: - Audit VMs that do not use managed disks without role definitions","policyType":"Custom","mode":"all","description":"This - policy audits VMs that do not use managed disks","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/virtualMachines/osDisk.uri","exists":"True"}]},{"allOf":[{"field":"type","equals":"Microsoft.Compute/VirtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers","exists":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl","exists":"True"}]}]}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf33219f","type":"Microsoft.Authorization/policyDefinitions","name":"4cf9b9fd-45d3-4126-8ba7-cc9adf33219f"},{"properties":{"displayName":"rohitbh: - Audit VMs that do not use managed disks with role definitions","policyType":"Custom","mode":"all","description":"This - policy audits VMs that do not use managed disks","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"anyOf":[{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/virtualMachines/osDisk.uri","exists":"True"}]},{"allOf":[{"field":"type","equals":"Microsoft.Compute/VirtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/VirtualMachineScaleSets/osDisk.vhdContainers","exists":"True"},{"field":"Microsoft.Compute/VirtualMachineScaleSets/osdisk.imageUrl","exists":"True"}]}]}]},"then":{"effect":"audit","details":{"type":"Microsoft.Sql/servers/auditingSettings","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/056cd41c-7e88-42e1-933e-88ba6a50c9c3"]}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4cf9b9fd-45d3-4126-8ba7-cc9adf3321a3","type":"Microsoft.Authorization/policyDefinitions","name":"4cf9b9fd-45d3-4126-8ba7-cc9adf3321a3"},{"properties":{"displayName":"Ensure - auto-created NSG rules exist","policyType":"Custom","mode":"All","description":"Ensures - that security rules created in auto-created PortLockdown NSGs are not tampered - with","metadata":{"category":"Port Lockdown"},"parameters":{"nsgPrefix":{"type":"String","metadata":{"displayName":"NSG - name prefix","description":"The prefix string applied to automatically created - network security groups."}},"sourceAddressPrefixes":{"type":"Array","metadata":{"displayName":"Expected - IP restriction prefixes","description":"The IP ranges incoming traffic will - be restricted to in the expected security rule. I.e. 192.4.0.0/8;192.5.0.0/8 - or *"}},"destinationPortRanges":{"type":"Array","metadata":{"displayName":"Expected - destination port ranges","description":"Destination port ranges requiring - IP restrictions in the expected security rule"}},"priority":{"type":"String","metadata":{"displayName":"Expected - priority","description":"The priority of the expected security rule."}},"access":{"type":"String","metadata":{"displayName":"Expected - access","description":"The access (allow/deny) of the expected security rule."},"allowedValues":["Allow","Deny"]},"name":{"type":"String","metadata":{"displayName":"Expected - name","description":"The name of the expected security rule."}}},"policyRule":{"if":{"allOf":[{"field":"name","equals":"[concat(parameters(''nsgPrefix''), - ''-'', field(''location''))]"},{"field":"type","equals":"Microsoft.Network/networkSecurityGroups"}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Network/networkSecurityGroups/securityRules","existenceCondition":{"allOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/priority","equals":"[parameters(''priority'')]"},{"anyOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]","in":"[parameters(''sourceAddressPrefixes'')]"},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix","in":"[parameters(''sourceAddressPrefixes'')]"}]},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]","in":"[parameters(''destinationPortRanges'')]"},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/access","equals":"[parameters(''access'')]"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"sourceAddressPrefixes":{"type":"array"},"destinationPortRanges":{"type":"array"},"name":{"type":"string"},"priority":{"type":"string"},"access":{"type":"string"},"nsgName":{"type":"string"}},"variables":{"isSinglePrefix":"[equals(count(parameters(''sourceAddressPrefixes'')), - 1)]","isSinglePortRange":"[equals(count(parameters(''destinationPortRanges'')), - 1)]"},"resources":[{"name":"[concat(parameters(''nsgName''), ''/'', parameters(''name''))]","type":"Microsoft.Network/networkSecurityGroups/securityRules","apiVersion":"2018-03-01","properties":{"description":"Rule - auto-created by Internet Exposed Endpoints protection","protocol":"*","sourcePortRange":"*","destinationPortRange":"[if(variables(''isSinglePortRange''), - first(parameters(''destinationPortRanges'')), '''')]","destinationPortRanges":"[if(not(variables(''isSinglePortRange'')), - parameters(''destinationPortRanges''), json(''[]''))]","sourceAddressPrefix":"[if(variables(''isSinglePrefix''), - first(parameters(''sourceAddressPrefixes'')), '''')]","sourceAddressPrefixes":"[if(not(variables(''isSinglePrefix'')), - parameters(''sourceAddressPrefixes''), json(''[]''))]","destinationAddressPrefix":"*","access":"[parameters(''access'')]","priority":"[int(parameters(''priority''))]","direction":"Inbound"}}]},"parameters":{"sourceAddressPrefixes":{"value":"[parameters(''sourceAddressPrefixes'')]"},"destinationPortRanges":{"value":"[parameters(''destinationPortRanges'')]"},"name":{"value":"[parameters(''name'')]"},"priority":{"value":"[parameters(''priority'')]"},"access":{"value":"[parameters(''access'')]"},"nsgName":{"value":"[field(''name'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4f283ec4-25a9-46df-bbf2-806ed5a3e115","type":"Microsoft.Authorization/policyDefinitions","name":"4f283ec4-25a9-46df-bbf2-806ed5a3e115"},{"properties":{"displayName":"rohitbh: - Deploy key vault KV_B if key vault KV_A does not exist.","policyType":"Custom","mode":"indexed","description":"This - policy will deploy a key vault named KV_B if a key vault named KV_A does not - exist.","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.KeyVault/vaults","existenceCondition":{"field":"name","equals":"KV_B"},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","resources":[{"apiVersion":"2016-10-01","name":"KV_A","type":"Microsoft.KeyVault/vaults","location":"eastus2","properties":{"tenantId":"72f988bf-86f1-41af-91ab-2d7cd011db47","sku":{"family":"A","name":"standard"},"accessPolicies":[]}}]}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/50e2972e-143c-4edf-9ef6-bee0f84212d6","type":"Microsoft.Authorization/policyDefinitions","name":"50e2972e-143c-4edf-9ef6-bee0f84212d6"},{"properties":{"displayName":"GokmenhAuditLocation","policyType":"Custom","mode":"all","description":"Audit - if not west us","metadata":{},"parameters":{},"policyRule":{"if":{"not":{"field":"location","in":["eastus"]}},"then":{"effect":"Audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5948d091-78b7-4d3b-a404-cc6a0329b0c6","type":"Microsoft.Authorization/policyDefinitions","name":"5948d091-78b7-4d3b-a404-cc6a0329b0c6"},{"properties":{"displayName":"deployifnotexist - template alias tests - redis","policyType":"Custom","mode":"all","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Cache/Redis"},{"field":"Microsoft.Cache/Redis/sku.family","equals":"C"}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Resources/links","existenceCondition":{"field":"name","like":"Whatever*"},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"skuFamily":{"type":"string"},"enableNonSslPort":{"type":"string"},"nameField":{"type":"string"}},"resources":[],"outputs":{"skuFamilyOut":{"value":"[parameters(''skuFamily'')]","type":"string"},"enableNonSslPortOut":{"value":"[parameters(''enableNonSslPort'')]","type":"string"},"nameFieldOut":{"value":"[parameters(''nameField'')]","type":"string"}}},"parameters":{"skuFamily":{"value":"[field(''Microsoft.Cache/Redis/sku.family'')]"},"enableNonSslPort":{"value":"[field(''Microsoft.Cache/Redis/enableNonSslPort'')]"},"nameField":{"value":"[field(''name'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5a8a68e8-ae1c-420a-9639-a94ebeb3c0c8","type":"Microsoft.Authorization/policyDefinitions","name":"5a8a68e8-ae1c-420a-9639-a94ebeb3c0c8"},{"properties":{"displayName":"akhe-incident-86226837","policyType":"Custom","mode":"All","description":"reproing - the incident: https://icm.ad.msft.net/imp/v3/incidents/details/86226837/home","metadata":{"category":"akhe"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers"},{"field":"Microsoft.Sql/servers/firewallRules/startIpAddress","exists":"false"},{"field":"Microsoft.Sql/servers/firewallRules/endIpAddress","exists":" - false"}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca376","type":"Microsoft.Authorization/policyDefinitions","name":"5b02be71-b0a4-4942-a376-9dc88d9ca376"},{"properties":{"displayName":"akhe-incident-86318519","policyType":"Custom","mode":"all","description":"reproing - incident 86318519","metadata":{"category":"akhe"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/firewallrules"},{"field":"name","equals":"AllowAllWindowsAzureIps"}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca600","type":"Microsoft.Authorization/policyDefinitions","name":"5b02be71-b0a4-4942-a376-9dc88d9ca600"},{"properties":{"displayName":"akhe-incident-86230190","policyType":"Custom","mode":"All","description":"reproing - incident 86230190, https://icm.ad.msft.net/imp/v3/incidents/details/86230190/home\n\nAudits - if a resource doesn''t have a lock","metadata":{"category":"akhe"},"parameters":{},"policyRule":{"if":{"field":"type","exists":"true"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Authorization/locks","existenceCondition":{"field":"Microsoft.Authorization/locks/level","notIn":["ReadOnly","CanNotDelete"]}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5b02be71-b0a4-4942-a376-9dc88d9ca8d6","type":"Microsoft.Authorization/policyDefinitions","name":"5b02be71-b0a4-4942-a376-9dc88d9ca8d6"},{"properties":{"displayName":"Test - storage alias","policyType":"Custom","mode":"all","description":"Test storage - alias","metadata":{"category":"camarvin"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Storage/storageAccounts"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Authorization/policyAssignments","name":"DoesNotExist101","deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"httpsOnly":{"type":"string"},"encrypt":{"type":"string"},"accessTier":{"type":"string"},"skuName":{"type":"string"}},"resources":[],"outputs":{"skuNameOut":{"type":"string","value":"[parameters(''skuName'')]"},"accessTierOut":{"type":"string","value":"[parameters(''accessTier'')]"},"httpsOnlyOut":{"type":"String","value":"[parameters(''httpsOnly'')]"},"encryptOut":{"type":"String","value":"[parameters(''encrypt'')]"}}},"parameters":{"httpsOnly":{"value":"[field(''Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly'')]"},"encrypt":{"value":"[field(''Microsoft.Storage/storageAccounts/enableBlobEncryption'')]"},"accessTier":{"value":"[field(''Microsoft.Storage/storageAccounts/accessTier'')]"},"skuName":{"value":"[field(''Microsoft.Storage/storageAccounts/sku.name'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5fa69139-9a49-464e-90b5-0d243a469138","type":"Microsoft.Authorization/policyDefinitions","name":"5fa69139-9a49-464e-90b5-0d243a469138"},{"properties":{"displayName":"testSandipsh - metric alert policy1","policyType":"Custom","mode":"All","metadata":{"category":"testSandipsh"},"parameters":{"resourceType":{"type":"String","metadata":{"displayName":"Resource - Type","description":"The target resource type."}},"alertNamePrefix":{"type":"String","metadata":{"displayName":"Alert - name prefix","description":"A prefix to be used for the metrics alert."}},"alertDescription":{"type":"String","metadata":{"displayName":"Alert - description.","description":null}},"alertSeverity":{"type":"String","metadata":{"displayName":"alertSeverity","description":"Severity - of alert {0,1,2,3,4}"},"allowedValues":["0","1","2","3","4"],"defaultValue":"3"},"isEnabled":{"type":"String","metadata":{"displayName":"isEnabled","description":"Specifies - whether the alert is enabled."},"allowedValues":["true","false"],"defaultValue":"true"},"metricName":{"type":"String","metadata":{"displayName":"Metric - name","description":"Metric name."}},"operator":{"type":"String","metadata":{"displayName":"Operator","description":"The - metric operator."}},"threshold":{"type":"String","metadata":{"displayName":"Threshold","description":"The - threshold."}},"timeAggregation":{"type":"String","metadata":{"displayName":"TimeAggregation","description":"The - timeAggregation."}},"windowSize":{"type":"String","metadata":{"displayName":"Window - size","description":"The window size."}},"evaluationFrequency":{"type":"String","metadata":{"displayName":"Evaluation - Frequency","description":"The evaluation frequency."}},"actionGroupId":{"type":"String","metadata":{"displayName":"ActionGroupId","description":"The - action group id."}}},"policyRule":{"if":{"field":"type","equals":"[parameters(''resourceType'')]"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Insights/metricAlerts","existenceCondition":{"field":"name","like":"[concat(parameters(''alertNamePrefix''), - ''*'')]"},"existenceScope":"subscription","deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"alertNamePrefix":{"type":"string","minLength":1,"metadata":{"description":"A - prefix to be used for the metrics alert."}},"alertDescription":{"type":"string","defaultValue":"This - is a metric alert","metadata":{"description":"Description of alert"}},"alertSeverity":{"type":"string","defaultValue":"3","allowedValues":["0","1","2","3","4"],"metadata":{"description":"Severity - of alert {0,1,2,3,4}"}},"isEnabled":{"type":"string","defaultValue":"true","metadata":{"description":"Specifies - whether the alert is enabled"}},"metricName":{"type":"string","minLength":1,"metadata":{"description":"Name - of the metric used in the comparison to activate the alert."}},"operator":{"type":"string","defaultValue":"GreaterThan","allowedValues":["Equals","NotEquals","GreaterThan","GreaterThanOrEqual","LessThan","LessThanOrEqual"],"metadata":{"description":"Operator - comparing the current value with the threshold value."}},"threshold":{"type":"string","defaultValue":"0","metadata":{"description":"The - threshold value at which the alert is activated."}},"timeAggregation":{"type":"string","defaultValue":"Average","allowedValues":["Average","Minimum","Maximum","Total"],"metadata":{"description":"How - the data that is collected should be combined over time."}},"windowSize":{"type":"string","defaultValue":"PT5M","metadata":{"description":"Period - of time used to monitor alert activity based on the threshold. Must be between - five minutes and one day. ISO 8601 duration format."}},"evaluationFrequency":{"type":"string","defaultValue":"PT1M","metadata":{"description":"how - often the metric alert is evaluated represented in ISO 8601 duration format"}},"actionGroupId":{"type":"string","defaultValue":"","metadata":{"description":"The - ID of the action group that is triggered when the alert is activated or deactivated"}},"resourceType":{"type":"string","metadata":{"description":"The - resource type of target resource."}},"targetResourceName":{"type":"string","metadata":{"description":"The - target resource name."}}},"variables":{"targetResourceType":"[parameters(''resourceType'')]","resourceIdentifier":"[resourceId(variables(''targetResourceType''), - parameters(''targetResourceName''))]","alertName":"[concat(toLower(parameters(''alertNamePrefix'')), - uniqueString(resourceGroup().id))]"},"resources":[{"name":"[variables(''alertName'')]","type":"Microsoft.Insights/metricAlerts","location":"global","apiVersion":"2018-03-01","tags":{},"properties":{"description":"[parameters(''alertDescription'')]","severity":"[parameters(''alertSeverity'')]","enabled":"[parameters(''isEnabled'')]","scopes":["[variables(''resourceIdentifier'')]"],"evaluationFrequency":"[parameters(''evaluationFrequency'')]","windowSize":"[parameters(''windowSize'')]","criteria":{"odata.type":"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria","allOf":[{"name":"1st - criterion","metricName":"[parameters(''metricName'')]","dimensions":[],"operator":"[parameters(''operator'')]","threshold":"[parameters(''threshold'')]","timeAggregation":"[parameters(''timeAggregation'')]"}]},"actions":[{"actionGroupId":"[parameters(''actionGroupId'')]"}]}}]},"parameters":{"alertNamePrefix":{"value":"[parameters(''alertNamePrefix'')]"},"alertDescription":{"value":"[parameters(''alertDescription'')]"},"alertSeverity":{"value":"[parameters(''alertSeverity'')]"},"isEnabled":{"value":"[parameters(''isEnabled'')]"},"metricName":{"value":"[parameters(''metricName'')]"},"operator":{"value":"[parameters(''operator'')]"},"threshold":{"value":"[parameters(''threshold'')]"},"timeAggregation":{"value":"[parameters(''timeAggregation'')]"},"windowSize":{"value":"[parameters(''windowSize'')]"},"evaluationFrequency":{"value":"[parameters(''evaluationFrequency'')]"},"actionGroupId":{"value":"[parameters(''actionGroupId'')]"},"resourceType":{"value":"[parameters(''resourceType'')]"},"targetResourceName":{"value":"[field(''name'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/6f2c6354-fc96-4f54-984e-8d49d06a80a3","type":"Microsoft.Authorization/policyDefinitions","name":"6f2c6354-fc96-4f54-984e-8d49d06a80a3"},{"properties":{"displayName":"testImageId","policyType":"Custom","mode":"All","metadata":{"category":"css"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Compute/virtualMachines","Microsoft.Compute/VirtualMachineScaleSets"]},{"not":{"field":"Microsoft.Compute/imageId","contains":"resourceGroups/testSandipsh"}}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/70dc1e8d-61c9-4089-8bf5-895b227c1298","type":"Microsoft.Authorization/policyDefinitions","name":"70dc1e8d-61c9-4089-8bf5-895b227c1298"},{"properties":{"displayName":"Policy - tracked resources SDK tests","policyType":"Custom","mode":"all","metadata":{"category":""},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkSecurityGroups"},{"field":"name","equals":"policyTrackedResources-sdk-tests"}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Network/networkSecurityGroups/securityRules","existenceCondition":{"field":"name","notIn":["policyTrackedResources-sdk-tests-rule1","policyTrackedResources-sdk-tests-rule2"]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"nsgName":{"type":"string"}},"resources":[{"apiVersion":"2018-08-01","type":"Microsoft.Network/networkSecurityGroups/securityRules","name":"[concat(parameters(''nsgName''), - ''/policyTrackedResources-sdk-tests-rule1'')]","properties":{"description":"Test - Rule","protocol":"Tcp","sourcePortRange":"*","destinationPortRange":"*","sourceAddressPrefix":"*","destinationAddressPrefix":"*","access":"Allow","priority":2000,"direction":"Outbound"}},{"apiVersion":"2018-08-01","type":"Microsoft.Network/networkSecurityGroups/securityRules","name":"[concat(parameters(''nsgName''), - ''/policyTrackedResources-sdk-tests-rule2'')]","properties":{"description":"Test - Rule","protocol":"Tcp","sourcePortRange":"*","destinationPortRange":"*","sourceAddressPrefix":"*","destinationAddressPrefix":"*","access":"Allow","priority":2001,"direction":"Outbound"}}]},"parameters":{"nsgName":{"value":"[field(''name'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/71289c53-22e7-4f31-a6dd-780b532380c2","type":"Microsoft.Authorization/policyDefinitions","name":"71289c53-22e7-4f31-a6dd-780b532380c2"},{"properties":{"displayName":"Deny - if blob is not encrypted","policyType":"Custom","mode":"All","parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/enableBlobEncryption","equals":"True"}}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/74d5cf40-7293-46a4-a285-7ea971e3719a","type":"Microsoft.Authorization/policyDefinitions","name":"74d5cf40-7293-46a4-a285-7ea971e3719a"},{"properties":{"displayName":"[cstack] - Location restriction","policyType":"Custom","mode":"All","description":"Policy - to force allocations to a set of given locations","metadata":{"category":"cstack"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources.","strongType":"location"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/763dcd1d-a4a9-46a8-8bd3-357c4533a335","type":"Microsoft.Authorization/policyDefinitions","name":"763dcd1d-a4a9-46a8-8bd3-357c4533a335"},{"properties":{"displayName":"ICM - 83577342 deny proxy resource location","policyType":"Custom","mode":"All","description":"https://icm.ad.msft.net/imp/v3/incidents/details/83577342/home","metadata":{},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"location","notEquals":"eastus"},{"field":"type","equals":"Microsoft.StreamAnalytics/streamingjobs/transformations"}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/77429b44-aac1-4417-a53e-6900c07e11ac","type":"Microsoft.Authorization/policyDefinitions","name":"77429b44-aac1-4417-a53e-6900c07e11ac"},{"properties":{"displayName":"akhe-incident-86230190-v2","policyType":"Custom","mode":"all","description":"reproing - incident 86230190, https://icm.ad.msft.net/imp/v3/incidents/details/86230190/home\n\nAudits - if a resource doesn''t have a lock v2","metadata":{"category":"akhe"},"parameters":{},"policyRule":{"if":{"not":{"field":"type","equals":"Microsoft.Authorization/locks"}},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Authorization/locks","existenceCondition":{"field":"Microsoft.Authorization/locks/level","in":["ReadOnly","CanNotDelete"]}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/83daa8ee-7c9a-470c-81a8-5a99ac09d134","type":"Microsoft.Authorization/policyDefinitions","name":"83daa8ee-7c9a-470c-81a8-5a99ac09d134"},{"properties":{"displayName":"Parameterized - effect (if location != eastus)","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"The - policy effect."}}},"policyRule":{"if":{"not":{"field":"location","equals":"eastus"}},"then":{"effect":"[parameters(''effect'')]"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/885f1dcb-a9c5-4c8c-8996-2702db44a2d2","type":"Microsoft.Authorization/policyDefinitions","name":"885f1dcb-a9c5-4c8c-8996-2702db44a2d2"},{"properties":{"displayName":"jilim - exists","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"not":{"field":"tags.xyz","exists":false}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/8959fd87-c1dd-4831-9034-a4f876bee1cc","type":"Microsoft.Authorization/policyDefinitions","name":"8959fd87-c1dd-4831-9034-a4f876bee1cc"},{"properties":{"displayName":"audit_cosmosdb_ipRangeFilter","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"allof":[{"field":"type","equals":"Microsoft.DocumentDB/databaseAccounts"},{"not":{"field":"Microsoft.DocumentDB/databaseAccounts/ipRangeFilter","equals":"lalala"}}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/9012b1cd-b045-46c6-a510-6137e06a009c","type":"Microsoft.Authorization/policyDefinitions","name":"9012b1cd-b045-46c6-a510-6137e06a009c"},{"properties":{"displayName":"chegg: - Remediation powershell test policy","policyType":"Custom","mode":"indexed","description":"This - policy is used in policyinsights powershell testing","metadata":{"category":""},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"location":{"type":"string"}},"resources":[],"outputs":{"location":{"type":"string","value":"[parameters(''location'')]"}}},"parameters":{"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/9934be7a-0e18-454d-a738-a1d9bcb0c202","type":"Microsoft.Authorization/policyDefinitions","name":"9934be7a-0e18-454d-a738-a1d9bcb0c202"},{"properties":{"displayName":"akhe - - Subscription Lvl test","policyType":"Custom","mode":"All","description":"Subscriptionlevel - auditIfNotExist policy","metadata":{"category":"akhe"},"parameters":{},"policyRule":{"if":{"source":"action","equals":"Microsoft.Resources/subscriptions/write"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Authorization/locks","existenceCondition":{"field":"name","equals":"testlock"}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a1b067c8-2970-4c0b-b0da-31ae7f33d1de","type":"Microsoft.Authorization/policyDefinitions","name":"a1b067c8-2970-4c0b-b0da-31ae7f33d1de"},{"properties":{"displayName":"[cstack] - Noop","policyType":"Custom","mode":"All","description":"Don''t do anything","metadata":{},"parameters":{},"policyRule":{"if":{"field":"type","in":["yabba","dabba","doo"]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a309ad64-0bae-48d9-a6b1-d99c0b4218b6","type":"Microsoft.Authorization/policyDefinitions","name":"a309ad64-0bae-48d9-a6b1-d99c0b4218b6"},{"properties":{"displayName":"HTTPS - For Web Apps","policyType":"Custom","mode":"all","description":"CSS","metadata":{"category":"WebApps"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Web/sites"},{"anyof":[{"not":{"field":"Microsoft.Web/sites/httpsOnly","exists":"true"}},{"field":"Microsoft.Web/sites/httpsOnly","equals":"false"}]}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a337c781-c7d8-4e12-ae69-1951c7e74378","type":"Microsoft.Authorization/policyDefinitions","name":"a337c781-c7d8-4e12-ae69-1951c7e74378"},{"properties":{"displayName":"Ensure - https traffic only for storage account","policyType":"Custom","mode":"all","description":"Ensure - https traffic only for storage account","metadata":{},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/supportsHttpsTrafficOnly","equals":"true"}}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a5f66345-5fb9-4dfd-864a-e3464ee6c0c4","type":"Microsoft.Authorization/policyDefinitions","name":"a5f66345-5fb9-4dfd-864a-e3464ee6c0c4"},{"properties":{"displayName":"add - subscription name tag","policyType":"Custom","mode":"All","description":"add - subscription name tag","metadata":{"category":"camarvin"},"parameters":{},"policyRule":{"if":{"field":"tags.subscriptionname","exists":"false"},"then":{"effect":"append","details":[{"field":"tags.subscriptionname","value":"[subscription().displayName]"}]}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d82a2","type":"Microsoft.Authorization/policyDefinitions","name":"a752f8cb-6498-4e40-8431-b658ca4d82a2"},{"properties":{"displayName":"Add - subscription \"id\" tag","policyType":"Custom","mode":"All","metadata":{"category":"camarvin"},"parameters":{},"policyRule":{"if":{"field":"tags.id","exists":"false"},"then":{"effect":"append","details":[{"field":"tags.id","value":"[subscription().id]"}]}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d8339","type":"Microsoft.Authorization/policyDefinitions","name":"a752f8cb-6498-4e40-8431-b658ca4d8339"},{"properties":{"displayName":"add - subscriptionId tag","policyType":"Custom","mode":"All","metadata":{"category":"camarvin"},"parameters":{},"policyRule":{"if":{"field":"tags.subscriptionId","exists":"false"},"then":{"effect":"append","details":[{"field":"tags.subscriptionId","value":"[subscription().subscriptionId]"}]}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a752f8cb-6498-4e40-8431-b658ca4d8635","type":"Microsoft.Authorization/policyDefinitions","name":"a752f8cb-6498-4e40-8431-b658ca4d8635"},{"properties":{"displayName":"Allowed - Location Indexed","policyType":"Custom","mode":"Indexed","description":"hackathon - policy","parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources."}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/Allowed-Locations-Indexed","type":"Microsoft.Authorization/policyDefinitions","name":"Allowed-Locations-Indexed"},{"properties":{"displayName":"Audit - if antiMalware extension does not exist","policyType":"Custom","description":"This - policy audits if the anti malware extension .","policyRule":{"if":{"field":"type","equals":"Microsoft.Compute/virtualMachines"},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Security"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"IaaSAntimalware"}]}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/antiMalwareExtensionExists","type":"Microsoft.Authorization/policyDefinitions","name":"antiMalwareExtensionExists"},{"properties":{"displayName":"Web - socket must be disabled on App Services","policyType":"Custom","description":"Ensures - web sockets are disabled on App Services.","policyRule":{"if":{"field":"location","equals":"foo"},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/AppServiceWebSockets","type":"Microsoft.Authorization/policyDefinitions","name":"AppServiceWebSockets"},{"properties":{"displayName":"Azure - Security Center must be enabled","policyType":"Custom","description":"Ensures - Azure Security Center is enabled.","policyRule":{"if":{"field":"location","equals":"foo"},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ASCEnabled","type":"Microsoft.Authorization/policyDefinitions","name":"ASCEnabled"},{"properties":{"displayName":"Audit - a tag and it''s value","policyType":"Custom","description":"Audits if a tag - and it''s value doesn''t exist for a given resource","parameters":{"tagName":{"type":"String","metadata":{"displayName":"The - name for the tag","description":"The name for the tag."},"allowedValues":[]},"tagValue":{"type":"String","metadata":{"displayName":"The - value for the tag","description":"The value for the tag"},"allowedValues":[]}},"policyRule":{"if":{"not":{"field":"[concat(''tags.'',parameters(''tagName''))]","equals":"[parameters(''tagValue'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/Audit - a tag and it''s value","type":"Microsoft.Authorization/policyDefinitions","name":"Audit - a tag and it''s value"},{"properties":{"displayName":"Audit a tag and it''s - value","policyType":"Custom","description":"Audits if a tag and it''s value - doesn''t exist for a given resource","parameters":{"tagName":{"type":"String","metadata":{"displayName":"The - name for the tag","description":"The name for the tag."},"allowedValues":[]},"tagValue":{"type":"String","metadata":{"displayName":"The - value for the tag","description":"The value for the tag"},"allowedValues":[]}},"policyRule":{"if":{"not":{"field":"[concat(''tags.'',parameters(''tagName''))]","equals":"[parameters(''tagValue'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/Audit - a tag and its value","type":"Microsoft.Authorization/policyDefinitions","name":"Audit - a tag and its value"},{"properties":{"displayName":"Audit if extension does - not exist","policyType":"Custom","mode":"All","description":"This policy audits - if a required extension doesn''t exist.","parameters":{"publisher":{"type":"String","metadata":{"description":"The - publisher of the extension","displayName":"Extension Publisher"}},"type":{"type":"String","metadata":{"description":"The - type of the extension","displayName":"Extension Type"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","in":["MicrosoftWindowsServer"]},{"field":"Microsoft.Compute/imageOffer","in":["WindowsServer"]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"[parameters(''publisher'')]"},{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"[parameters(''type'')]"}]}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/audit-vm-extension","type":"Microsoft.Authorization/policyDefinitions","name":"audit-vm-extension"},{"properties":{"displayName":"CanCrudPolicyAssignment - Policy Definition $[Auto Test]","policyType":"Custom","policyRule":{"if":{"source":"action","equals":"ResourceProviderTestHost/TestResourceType/TestResourceTypeNestedOne/write"},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azsmnet6487","type":"Microsoft.Authorization/policyDefinitions","name":"azsmnet6487"},{"properties":{"displayName":"makharchtest","policyType":"Custom","mode":"All","description":"policy","metadata":{"category":""},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources.","strongType":"location"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/b36f6195-0fc5-4a41-bbce-875248400f5f","type":"Microsoft.Authorization/policyDefinitions","name":"b36f6195-0fc5-4a41-bbce-875248400f5f"},{"properties":{"displayName":"NSG - Rules exists test","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"allof":[{"field":"type","equals":"Microsoft.Network/networkSecurityGroups"},{"not":{"field":"Microsoft.Network/networkSecurityGroups/securityRules[*].protocol","notLike":"*"}}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/bb6a78ae-8737-41e0-9c41-cc777c8c00a0","type":"Microsoft.Authorization/policyDefinitions","name":"bb6a78ae-8737-41e0-9c41-cc777c8c00a0"},{"properties":{"displayName":"Audit - allowed locations","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources.","strongType":"location"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c0f586f1-abe5-4801-8588-7332e49e60c9","type":"Microsoft.Authorization/policyDefinitions","name":"c0f586f1-abe5-4801-8588-7332e49e60c9"},{"properties":{"displayName":"akhe - resource group auditIfNotExists","policyType":"Custom","mode":"All","metadata":{"category":""},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Resources/subscriptions/resourceGroups"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Authorization/locks","existenceCondition":{"field":"name","equals":"testlock"}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c7b9982d-2f50-4730-935f-5c241982a441","type":"Microsoft.Authorization/policyDefinitions","name":"c7b9982d-2f50-4730-935f-5c241982a441"},{"properties":{"displayName":"jilim - allowed resource types","policyType":"Custom","mode":"All","metadata":{"category":"Test"},"parameters":{"allowedTypes":{"type":"Array","metadata":{"displayName":"Allowed - resource types","description":"The list of allowed resource types","strongType":"resourceTypes"}}},"policyRule":{"if":{"not":{"field":"type","in":"[parameters(''allowedTypes'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c872f951-1c5d-4c61-89dd-aee2350a11ba","type":"Microsoft.Authorization/policyDefinitions","name":"c872f951-1c5d-4c61-89dd-aee2350a11ba"},{"properties":{"displayName":"Audit - location","policyType":"Custom","mode":"All","parameters":{"allowedLocations":{"type":"Array","metadata":{"displayName":"Allowed - locations","description":"The list of allowed locations for resources."}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c8b79b49-a579-4045-984e-1b249ab8b474","type":"Microsoft.Authorization/policyDefinitions","name":"c8b79b49-a579-4045-984e-1b249ab8b474"},{"properties":{"displayName":"camarvin - empty string","policyType":"Custom","mode":"all","description":"Ensure resource - names meet the like condition for a pattern.","metadata":{},"parameters":{"namePattern":{"type":"String","metadata":{"displayName":"namePattern","description":"Pattern - to use for names. Can include wildcard (*)."},"allowedValues":["","one","two"],"defaultValue":""}},"policyRule":{"if":{"not":{"field":"name","equals":"[parameters(''namePattern'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/camarvin-test-empty-assign","type":"Microsoft.Authorization/policyDefinitions","name":"camarvin-test-empty-assign"},{"properties":{"displayName":"elpere - append ''test'' tag","policyType":"Custom","mode":"all","metadata":{},"parameters":{},"policyRule":{"if":{"field":"name","equals":"elpereKv"},"then":{"effect":"append","details":[{"field":"tags.test","value":"1"}]}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ced59ff0-9061-49dd-94de-093b33a640cf","type":"Microsoft.Authorization/policyDefinitions","name":"ced59ff0-9061-49dd-94de-093b33a640cf"},{"properties":{"displayName":"elpere - deny on ''test'' tag","policyType":"Custom","mode":"all","metadata":{},"parameters":{},"policyRule":{"if":{"field":"tags.test","equals":"1"},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ced59ff0-9061-49dd-94de-093b33a640d7","type":"Microsoft.Authorization/policyDefinitions","name":"ced59ff0-9061-49dd-94de-093b33a640d7"},{"properties":{"displayName":"Resource - name contains resource group name","policyType":"Custom","mode":"Indexed","description":"Require - resources to contain the resource group''s name","policyRule":{"if":{"field":"name","notContains":"[resourceGroup().name]"},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/contain-resource-group-name","type":"Microsoft.Authorization/policyDefinitions","name":"contain-resource-group-name"},{"properties":{"displayName":"akhe-incident-86226837-v3","policyType":"Custom","mode":"all","description":"third - attempt to repro this incident. ","metadata":{"category":"akhe"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers"},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Sql/servers/firewallRules"}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d03e03ca-6424-4e28-8842-5796dc0b5002","type":"Microsoft.Authorization/policyDefinitions","name":"d03e03ca-6424-4e28-8842-5796dc0b5002"},{"properties":{"displayName":"akhe-incident-86230190-deployIfNotExists","policyType":"Custom","mode":"all","description":"deploys - a delete lock for a resource ","metadata":{"category":"akhe"},"parameters":{},"policyRule":{"if":{"not":{"field":"type","equals":"Microsoft.Authorization/locks"}},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Authorization/locks","roleDefinitionIds":["/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/8e3af657-a8ff-443c-a75c-2fe8c4bcb635"],"existenceCondition":{"field":"Microsoft.Authorization/locks/level","in":["CanNotDelete"]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{},"variables":{},"resources":[{"type":"Microsoft.Authorization/locks","apiVersion":"2015-01-01","name":"DeleteLock","properties":{"level":"CanNotDelete","notes":"prevent - deletion"}}],"outputs":{}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d03e03ca-6424-4e28-8842-5796dc0b5632","type":"Microsoft.Authorization/policyDefinitions","name":"d03e03ca-6424-4e28-8842-5796dc0b5632"},{"properties":{"displayName":"Enforce - KeyVault diagnostic log storage (elpere)","policyType":"Custom","mode":"all","description":"Ensures - that AuditEvents are collected from all Key Vaults in the subscription and - stored in a specific storage account for 30 days.","metadata":{"category":"Key - Vault"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"true"},"roleDefinitionIds":["/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/749f88d5-cbae-40b8-bcfc-e573ddc772fa","/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/17d1049b-9a84-46fb-8f53-869881c3d3ab"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","variables":{"storageName":"elperetest"},"resources":[{"type":"Microsoft.KeyVault/vaults/providers/diagnosticSettings","name":"[concat(parameters(''vaultName''),''/Microsoft.Insights/setbypolicy'')]","apiVersion":"2017-05-01-preview","location":"[parameters(''location'')]","properties":{"storageAccountId":"[resourceid(''elpere'', - ''Microsoft.Storage/storageAccounts'', variables(''storageName''))]","logs":[{"category":"AuditEvent","enabled":true,"retentionPolicy":{"enabled":true,"days":30}}]}}],"parameters":{"vaultName":{"type":"string"},"location":{"type":"string"}}},"parameters":{"vaultName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d0d9349d-843c-443a-9f27-5ce84f08c37e","type":"Microsoft.Authorization/policyDefinitions","name":"d0d9349d-843c-443a-9f27-5ce84f08c37e"},{"properties":{"displayName":"elpere - deny test","policyType":"Custom","mode":"all","description":"","metadata":{"category":"Test"},"parameters":{},"policyRule":{"if":{"field":"name","equals":"elpereKv"},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d1c0e77c-53b4-4c4d-a1f5-c535a370b0c5","type":"Microsoft.Authorization/policyDefinitions","name":"d1c0e77c-53b4-4c4d-a1f5-c535a370b0c5"},{"properties":{"displayName":"Access - KV as part of remidiation deployment test (elpere)","policyType":"Custom","mode":"all","description":"","metadata":{"category":"Key - Vault"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.KeyVault/vaults"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Insights/diagnosticSettings","existenceCondition":{"field":"Microsoft.Insights/diagnosticSettings/logs.enabled","equals":"hello"},"deployment":{"properties":{"mode":"Incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json","contentVersion":"1.0.0.0","resources":[],"parameters":{"testSecret":{"type":"string"}},"outputs":{"testSecretOutput":{"type":"string","value":"[parameters(''testSecret'')]"}}},"parameters":{"testSecret":{"reference":{"keyVault":{"id":"/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/elpere/providers/Microsoft.KeyVault/vaults/elpereKv"},"secretName":"test"}}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d35ce9be-f51b-4d3e-bc7f-dde2936381b0","type":"Microsoft.Authorization/policyDefinitions","name":"d35ce9be-f51b-4d3e-bc7f-dde2936381b0"},{"properties":{"displayName":"Deploy - security rule with restricted source IPs (NSG level)","policyType":"Custom","mode":"All","description":"Overwrites - security rules with IP restrictions at the NSG level","metadata":{"category":"Port - Lockdown"},"parameters":{"destinationPortRanges":{"type":"Array","metadata":{"displayName":"Destination - port ranges","description":"Destination port ranges requiring IP restrictions. - Ranges may overlap."}},"sourceAddressPrefixes":{"type":"Array","metadata":{"displayName":"IP - restriction prefixes","description":"The IP ranges incoming traffic will be - restricted to. I.e. 192.4.0.0/8;192.5.0.0/8"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkSecurityGroups"},{"anyOf":[{"not":{"field":"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange","notIn":"[parameters(''destinationPortRanges'')]"}},{"not":{"field":"Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]","notIn":"[parameters(''destinationPortRanges'')]"}}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Network/networkSecurityGroups/securityRules","existenceCondition":{"allOf":[{"anyOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange","in":"[parameters(''destinationPortRanges'')]"},{"not":{"field":"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]","notIn":"[parameters(''destinationPortRanges'')]"}}]},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/access","equals":"Allow"},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/direction","equals":"Inbound"},{"anyOf":[{"allOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]","exists":"true"},{"not":{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]","notLike":"*"}},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]","notIn":["*","Internet"]}]},{"allOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix","exists":"true"},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix","notEquals":""},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix","notIn":["*","Internet"]}]}]}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"nsgName":{"type":"string"},"location":{"type":"string"},"destinationPortRanges":{"type":"array"},"sourceAddressPrefixes":{"type":"array"}},"variables":{"getNsgDeploymentName":"[concat(''getNSGContent-'', - parameters(''nsgName''))]","collectorDeploymentName":"[concat(''collectRules-'', - parameters(''nsgName''))]","overwriteNsgDeploymentName":"[concat(''overwriteNsg-'', - parameters(''nsgName''))]","nsgResourceId":"[resourceId(subscription().subscriptionId, - resourceGroup().name, ''Microsoft.Network/networkSecurityGroups'', parameters(''nsgName''))]"},"resources":[{"apiVersion":"2018-02-01","type":"Microsoft.Resources/deployments","name":"[variables(''getNsgDeploymentName'')]","properties":{"mode":"Incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","resources":[],"outputs":{"nsgProperties":{"type":"object","value":"[reference(variables(''nsgResourceId''), - ''2018-03-01'', ''Full'')]"}}}}},{"apiVersion":"2018-02-01","type":"Microsoft.Resources/deployments","name":"[variables(''collectorDeploymentName'')]","properties":{"mode":"Incremental","templateLink":{"uri":"https://portlockdown.blob.core.windows.net/portlockdown-templates/SecurityRule_NSGLevel_collectRules_template.json","contentVersion":"1.0.0.0"},"parameters":{"nsgProperties":{"value":"[reference(variables(''getNsgDeploymentName'')).outputs.nsgProperties.value]"},"nsgName":{"value":"[parameters(''nsgName'')]"},"location":{"value":"[parameters(''location'')]"},"portRangesToRestrict":{"value":"[parameters(''destinationPortRanges'')]"},"sourceAddressPrefixes":{"value":"[parameters(''sourceAddressPrefixes'')]"}}}},{"apiVersion":"2018-02-01","type":"Microsoft.Resources/deployments","name":"[variables(''overwriteNsgDeploymentName'')]","properties":{"mode":"Incremental","templateLink":{"uri":"https://portlockdown.blob.core.windows.net/portlockdown-templates/SecurityRule_NSGLevel_overwriteNSG_template.json","contentVersion":"1.0.0.0"},"parameters":{"originalNsgProperties":{"value":"[reference(variables(''getNsgDeploymentName'')).outputs.nsgProperties.value]"},"updatedSecurityRules":{"value":"[reference(variables(''collectorDeploymentName'')).outputs.updatedSecurityRules.value]"},"nsgName":{"value":"[parameters(''nsgName'')]"},"location":{"value":"[parameters(''location'')]"}}}}]},"parameters":{"nsgName":{"value":"[field(''name'')]"},"sourceAddressPrefixes":{"value":"[parameters(''sourceAddressPrefixes'')]"},"destinationPortRanges":{"value":"[parameters(''destinationPortRanges'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/d7b13c30-e6aa-47e1-b50a-8e33f152d086","type":"Microsoft.Authorization/policyDefinitions","name":"d7b13c30-e6aa-47e1-b50a-8e33f152d086"},{"properties":{"displayName":"Audit - storage account SKUs","policyType":"Custom","mode":"All","metadata":{"category":"Demo - 323"},"parameters":{"listOfAllowedSKUs":{"type":"Array","metadata":{"displayName":"Audited - skus","description":"The list of skus.","strongType":"storageSkus"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Storage/storageAccounts"},{"not":{"field":"Microsoft.Storage/storageAccounts/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/dbe1e663-7265-4cf4-96b5-7435b21e90ee","type":"Microsoft.Authorization/policyDefinitions","name":"dbe1e663-7265-4cf4-96b5-7435b21e90ee"},{"properties":{"displayName":"Audit - virtual machines SKUs","policyType":"Custom","mode":"All","metadata":{"category":"Demo - 323"},"parameters":{"listOfAllowedSKUs":{"type":"Array","metadata":{"displayName":"List - Of Allowed SKUs","description":"The list of allowed locations for resources.","strongType":"vmSKUs"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"field":"Microsoft.Compute/virtualMachines/sku.name","in":"[parameters(''listOfAllowedSKUs'')]"}}]},"then":{"effect":"Audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/dbe1e663-7265-4cf4-96b5-7435b21e9170","type":"Microsoft.Authorization/policyDefinitions","name":"dbe1e663-7265-4cf4-96b5-7435b21e9170"},{"properties":{"displayName":"[elpere] - deployIfNotExists Runners test","policyType":"Custom","mode":"all","metadata":{},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Network/networkSecurityGroups"},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Network/networkSecurityGroups/securityRules","name":"deployIfNotExistsTestsRule","deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"nsgName":{"type":"string"}},"resources":[{"apiVersion":"2018-08-01","type":"Microsoft.Network/networkSecurityGroups/securityRules","name":"[concat(parameters(''nsgName''), - ''/deployIfNotExistsTestsRule'')]","properties":{"protocol":"Tcp","sourcePortRange":"*","destinationPortRange":"*","sourceAddressPrefix":"*","destinationAddressPrefix":"*","access":"Deny","priority":2000,"direction":"Outbound"}}]},"parameters":{"nsgName":{"value":"[field(''name'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/dbfa9fc0-5202-4001-8759-1aa2387f825b","type":"Microsoft.Authorization/policyDefinitions","name":"dbfa9fc0-5202-4001-8759-1aa2387f825b"},{"properties":{"displayName":"allowedOS","policyType":"Custom","mode":"All","metadata":{"category":"test_sandipsh"},"parameters":{"listOfAllowedWindows":{"type":"Array","metadata":{"displayName":"Allowed - Windows VMs","description":"The list of allowed VMs for Windows."}},"listOfAllowedUbuntus":{"type":"Array","metadata":{"displayName":"Allowed - Ubuntu VMs","description":"The list of allowed VMs for Ubuntu."}}},"policyRule":{"if":{"allOf":[{"field":"type","in":["Microsoft.Compute/disks","Microsoft.Compute/virtualMachines","Microsoft.Compute/VirtualMachineScaleSets"]},{"not":{"allOf":[{"field":"Microsoft.Compute/imagePublisher","in":["Canonical"]},{"field":"Microsoft.Compute/imageOffer","in":["UbuntuServer"]},{"field":"Microsoft.Compute/imageSku","in":"[parameters(''listOfAllowedUbuntus'')]"},{"field":"Microsoft.Compute/imageVersion","in":["latest"]}]}},{"not":{"allOf":[{"field":"Microsoft.Compute/imagePublisher","in":["MicrosoftWindowsServer"]},{"field":"Microsoft.Compute/imageOffer","in":["WindowsServer"]},{"field":"Microsoft.Compute/imageSku","in":"[parameters(''listOfAllowedWindows'')]"},{"field":"Microsoft.Compute/imageVersion","in":["latest"]}]}}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e2bdec61-8c05-4ad6-b8bf-cd1b0a87c091","type":"Microsoft.Authorization/policyDefinitions","name":"e2bdec61-8c05-4ad6-b8bf-cd1b0a87c091"},{"properties":{"displayName":"jilim - recovery services backup policies","policyType":"Custom","mode":"all","metadata":{"category":"Test"},"parameters":{"policies":{"type":"Array","metadata":{"displayName":"Allowed - Recovery Services backup policies","description":"The list of allowed Recovery - Services backup policies.","strongType":"Microsoft.RecoveryServices/vaults/backupPolicies"}},"policy":{"type":"String","metadata":{"displayName":"Allowed - Recovery Services backup policy","description":"Allowed Recovery Services - backup policy.","strongType":"Microsoft.RecoveryServices/vaults/backupPolicies"}}},"policyRule":{"if":{"allOf":[{"not":{"field":"location","in":"[parameters(''policies'')]"}},{"not":{"field":"location","equals":"[parameters(''policy'')]"}}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e3f9a624-b17d-4dc8-9649-65814d3241bb","type":"Microsoft.Authorization/policyDefinitions","name":"e3f9a624-b17d-4dc8-9649-65814d3241bb"},{"properties":{"displayName":"defaultValue: - all parameters","policyType":"Custom","mode":"All","metadata":{"category":"defaultValue"},"parameters":{"locations":{"type":"Array","metadata":{"displayName":"Strong - type (no scope, array)","description":"The list of locations for resources.","strongType":"location"},"defaultValue":["eastus","westus"]},"location":{"type":"String","metadata":{"displayName":"Strong - type (no scope, string)","description":"The location for resources.","strongType":"location"},"defaultValue":"eastus"},"resourceGroups":{"type":"Array","metadata":{"displayName":"Strong - type (array)","description":"The list of resource groups.","strongType":"existingResourceGroups"},"defaultValue":["camarvin"]},"resourceGroup":{"type":"String","metadata":{"displayName":"Strong - type (string)","description":"The resource group.","strongType":"existingResourceGroups"},"defaultValue":"camarvin"},"tags":{"type":"Array","metadata":{"displayName":"Non - strong type (array)","description":"The list of tags."},"defaultValue":[]},"tag":{"type":"String","metadata":{"displayName":"Non - strong type (string)","description":"The tag."},"defaultValue":""},"allowedLocations":{"type":"Array","metadata":{"displayName":"Strong - type (no scope, array, av)","description":"The list of allowed locations for - resources.","strongType":"location"},"allowedValues":["eastus","westus","southus"],"defaultValue":["eastus"]},"allowedLocation":{"type":"String","metadata":{"displayName":"Strong - type (no scope, string, av)","description":"The allowed location for resources.","strongType":"location"},"allowedValues":["eastus","westus","southus"],"defaultValue":"eastus"},"allowedStorageSKUs":{"type":"Array","metadata":{"displayName":"Strong - type (array, av)","description":"The list of allowed storage SKUs for resources.","strongType":"storageSkus"},"allowedValues":["Standard_LRS","Standard_ZRS","Standard_GRS"],"defaultValue":["Standard_LRS","Standard_ZRS","Standard_GRS"]},"allowedStorageSKU":{"type":"String","metadata":{"displayName":"Strong - type (string, av)","description":"The allowed storage SKU for resources.","strongType":"storageSkus"},"allowedValues":["Standard_LRS","Standard_ZRS","Standard_GRS"],"defaultValue":"Standard_LRS"},"allowedTags":{"type":"Array","metadata":{"displayName":"Non - strong type (array, av)","description":"The list of allowed tags."},"allowedValues":["FirstName","LastName","Age"],"defaultValue":["FirstName","LastName","Age"]},"allowedTag":{"type":"String","metadata":{"displayName":"Non - strong type (string, av)","description":"The allowed tag."},"allowedValues":["FirstName","LastName","Age"],"defaultValue":"FirstName"}},"policyRule":{"if":{"allOf":[{"field":"location","in":"[parameters(''locations'')]"},{"field":"location","equals":"[parameters(''location'')]"},{"field":"location","in":"[parameters(''resourceGroups'')]"},{"field":"location","equals":"[parameters(''resourceGroup'')]"},{"field":"location","in":"[parameters(''tags'')]"},{"field":"location","equals":"[parameters(''tag'')]"},{"field":"location","in":"[parameters(''allowedLocations'')]"},{"field":"location","equals":"[parameters(''allowedLocation'')]"},{"field":"location","in":"[parameters(''allowedStorageSkus'')]"},{"field":"location","Equals":"[parameters(''allowedStorageSku'')]"},{"field":"location","in":"[parameters(''allowedTags'')]"},{"field":"location","NotEquals":"[parameters(''allowedTag'')]"}]},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ea1688b3-022e-4add-af39-2fe60689a3b0","type":"Microsoft.Authorization/policyDefinitions","name":"ea1688b3-022e-4add-af39-2fe60689a3b0"},{"properties":{"displayName":"Deny - \"Allow All\" NSG rules","policyType":"Custom","mode":"All","description":"Denies - the creation of sourceAddressPrefix=\"*\", destinationPortRange=\"*\" NSG - security rules","metadata":{"category":"Port Lockdown"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Network/networkSecurityGroups/securityRules"},{"field":"name","notEquals":"PortLockdown_AllowAll"},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/priority","notEquals":"4000"},{"allOf":[{"anyOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange","equals":"*"},{"not":{"field":"Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]","notEquals":"*"}}]},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/access","equals":"Allow"},{"field":"Microsoft.Network/networkSecurityGroups/securityRules/direction","equals":"Inbound"},{"anyOf":[{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefix","in":["*","Internet"]},{"not":{"field":"Microsoft.Network/networkSecurityGroups/securityRules/sourceAddressPrefixes[*]","notIn":["*","Internet"]}}]}]}]},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ebcd21e9-b89f-4a22-8654-dd3a4d8b9321","type":"Microsoft.Authorization/policyDefinitions","name":"ebcd21e9-b89f-4a22-8654-dd3a4d8b9321"},{"properties":{"displayName":"Audit - allowed locations","policyType":"Custom","description":"This policy enables - you to audit your location.","parameters":{"listOfAllowedLocations":{"type":"Array","metadata":{"description":"The - list of locations that can be specified when deploying resources.","strongType":"location","displayName":"Allowed - locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''listOfAllowedLocations'')]"}},"then":{"effect":"Audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/LocationAuditDefinition","type":"Microsoft.Authorization/policyDefinitions","name":"LocationAuditDefinition"},{"properties":{"policyType":"Custom","parameters":{},"policyRule":{"if":{"field":"location","equals":"northeurope"},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/policy2","type":"Microsoft.Authorization/policyDefinitions","name":"policy2"},{"properties":{"policyType":"Custom","mode":"All","description":"test - policy","parameters":{"resourceType":{"type":"String","metadata":{"displayName":"Resource - Type","description":"The target resource type."}},"alertNamePrefix":{"type":"String","metadata":{"displayName":"Alert - name prefix","description":"A prefix to be used for the metrics alert."}},"alertDescription":{"type":"String","metadata":{"displayName":"Alert - description.","description":"The description of alert."}},"alertSeverity":{"type":"String","metadata":{"displayName":"alertSeverity","description":"Severity - of alert {0,1,2,3,4}"},"allowedValues":["0","1","2","3","4"]},"isEnabled":{"type":"String","metadata":{"displayName":"isEnabled","description":"Specifies - whether the alert is enabled."},"allowedValues":["true","false"]},"metricName":{"type":"String","metadata":{"displayName":"Metric - name","description":"The metric name."}},"operator":{"type":"String","metadata":{"displayName":"Operator","description":"The - operator comparing the current value with the threshold value."}},"threshold":{"type":"String","metadata":{"displayName":"Threshold","description":"The - threshold value at which the alert is activated."}},"timeAggregation":{"type":"String","metadata":{"displayName":"TimeAggregation","description":"How - the data that is collected should be combined over time."}},"windowSize":{"type":"String","metadata":{"displayName":"Window - size","description":"Period of time used to monitor alert activity based on - the threshold. Must be between five minutes and one day. ISO 8601 duration - format."}},"evaluationFrequency":{"type":"String","metadata":{"displayName":"Evaluation - Frequency","description":"How often the metric alert is evaluated represented - in ISO 8601 duration format"}},"actionGroupId":{"type":"String","metadata":{"displayName":"ActionGroupId","description":"The - ID of the action group that is triggered when the alert is activated or deactivated"}}},"policyRule":{"if":{"field":"type","equals":"[parameters(''resourceType'')]"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Insights/metricAlerts","existenceCondition":{"field":"name","equals":"[concat(parameters(''alertNamePrefix''), - ''-'', resourcegroup().name, ''-'', field(''name''))]"},"existenceScope":"subscription","deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"alertNamePrefix":{"type":"string","minLength":1,"metadata":{"description":"A - prefix to be used for the metrics alert."}},"alertDescription":{"type":"string","defaultValue":"This - is a metric alert","metadata":{"description":"Description of alert"}},"alertSeverity":{"type":"string","defaultValue":"3","allowedValues":["0","1","2","3","4"],"metadata":{"description":"Severity - of alert {0,1,2,3,4}"}},"isEnabled":{"type":"string","defaultValue":"true","metadata":{"description":"Specifies - whether the alert is enabled"}},"metricName":{"type":"string","minLength":1,"metadata":{"description":"Name - of the metric used in the comparison to activate the alert."}},"operator":{"type":"string","defaultValue":"GreaterThan","allowedValues":["Equals","NotEquals","GreaterThan","GreaterThanOrEqual","LessThan","LessThanOrEqual"],"metadata":{"description":"Operator - comparing the current value with the threshold value."}},"threshold":{"type":"string","defaultValue":"0","metadata":{"description":"The - threshold value at which the alert is activated."}},"timeAggregation":{"type":"string","defaultValue":"Average","allowedValues":["Average","Minimum","Maximum","Total"],"metadata":{"description":"How - the data that is collected should be combined over time."}},"windowSize":{"type":"string","defaultValue":"PT5M","metadata":{"description":"Period - of time used to monitor alert activity based on the threshold. Must be between - five minutes and one day. ISO 8601 duration format."}},"evaluationFrequency":{"type":"string","defaultValue":"PT1M","metadata":{"description":"how - often the metric alert is evaluated represented in ISO 8601 duration format"}},"actionGroupId":{"type":"string","defaultValue":"","metadata":{"description":"The - ID of the action group that is triggered when the alert is activated or deactivated"}},"resourceType":{"type":"string","metadata":{"description":"The - resource type of target resource."}},"targetResourceName":{"type":"string","metadata":{"description":"The - target resource name."}}},"variables":{"targetResourceType":"[parameters(''resourceType'')]","resourceIdentifier":"[resourceId(variables(''targetResourceType''), - parameters(''targetResourceName''))]","alertName":"[concat(parameters(''alertNamePrefix''), - ''-'', resourcegroup().name, ''-'', parameters(''targetResourceName''))]"},"resources":[{"name":"[variables(''alertName'')]","type":"Microsoft.Insights/metricAlerts","location":"global","apiVersion":"2018-03-01","tags":{},"properties":{"description":"[parameters(''alertDescription'')]","severity":"[parameters(''alertSeverity'')]","enabled":"[parameters(''isEnabled'')]","scopes":["[variables(''resourceIdentifier'')]"],"evaluationFrequency":"[parameters(''evaluationFrequency'')]","windowSize":"[parameters(''windowSize'')]","criteria":{"odata.type":"Microsoft.Azure.Monitor.SingleResourceMultipleMetricCriteria","allOf":[{"name":"1st - criterion","metricName":"[parameters(''metricName'')]","dimensions":[],"operator":"[parameters(''operator'')]","threshold":"[parameters(''threshold'')]","timeAggregation":"[parameters(''timeAggregation'')]"}]},"actions":[{"actionGroupId":"[parameters(''actionGroupId'')]"}]}}]},"parameters":{"alertNamePrefix":{"value":"[parameters(''alertNamePrefix'')]"},"alertDescription":{"value":"[parameters(''alertDescription'')]"},"alertSeverity":{"value":"[parameters(''alertSeverity'')]"},"isEnabled":{"value":"[parameters(''isEnabled'')]"},"metricName":{"value":"[parameters(''metricName'')]"},"operator":{"value":"[parameters(''operator'')]"},"threshold":{"value":"[parameters(''threshold'')]"},"timeAggregation":{"value":"[parameters(''timeAggregation'')]"},"windowSize":{"value":"[parameters(''windowSize'')]"},"evaluationFrequency":{"value":"[parameters(''evaluationFrequency'')]"},"actionGroupId":{"value":"[parameters(''actionGroupId'')]"},"resourceType":{"value":"[parameters(''resourceType'')]"},"targetResourceName":{"value":"[field(''name'')]"}}}}}}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/testSandipsh.draft","type":"Microsoft.Authorization/policyDefinitions","name":"testSandipsh.draft"},{"properties":{"displayName":"testtest","policyType":"Custom","description":"testtest","parameters":{"tagName":{"type":"String","metadata":{"displayName":"The - name for the tag","description":"The name for the tag."},"allowedValues":[]},"tagValue":{"type":"String","metadata":{"displayName":"The - value for the tag","description":"The value for the tag"},"allowedValues":[]}},"policyRule":{"if":{"not":{"field":"[concat(''tags.'',parameters(''tagName''))]","equals":"[parameters(''tagValue'')]"}},"then":{"effect":"audit"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/testtest","type":"Microsoft.Authorization/policyDefinitions","name":"testtest"}]}'} - headers: - cache-control: [no-cache] - content-length: ['299217'] - content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:36 GMT'] + or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","in":["Microsoft.Sql/servers/databases","Microsoft.Sql/managedinstances/databases"]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Security/complianceResults","name":"sqlVulnerabilityAssessment","existenceCondition":{"field":"Microsoft.Security/complianceResults/resourceStatus","equals":"Monitored"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc","type":"Microsoft.Authorization/policyDefinitions","name":"feedbf84-6b99-488c-acc2-71c829aa5ffc"},{"properties":{"displayName":"test_policy3ulbefgq5","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy5rxcsbgyu","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy5rxcsbgyu"},{"properties":{"displayName":"test_policyvrud2j572","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy6rmvrx2ug","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy6rmvrx2ug"},{"properties":{"displayName":"test_policyeezgnn3tf","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy72fpbk6om","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy72fpbk6om"},{"properties":{"displayName":"test_policylzld56g3c","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policy75lhjp2qz","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policy75lhjp2qz"},{"properties":{"displayName":"test_policy4leaozaze","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyafjaspbln","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyafjaspbln"},{"properties":{"displayName":"test_policytz5xijuco","policyType":"Custom","description":"desc_for_test_policy_123","parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","displayName":"Allowed + locations","strongType":"location"}}},"policyRule":{"if":{"not":{"in":"[parameters(''allowedLocations'')]","field":"location"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyaip6dvuui","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyaip6dvuui"},{"properties":{"displayName":"test_policyk2ipvteje","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policycc24wg2ai","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policycc24wg2ai"},{"properties":{"displayName":"test_policynek2j6dvx","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyebyt2or2s","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyebyt2or2s"},{"properties":{"displayName":"test_policyo57mbgttt","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyf4gvztvgz","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyf4gvztvgz"},{"properties":{"displayName":"test_policyry7ktdqpn","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyfneqctrjx","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyfneqctrjx"},{"properties":{"displayName":"test_policypq5w4fcp5","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyhavmopeay","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyhavmopeay"},{"properties":{"displayName":"test_policyzhxn622hb","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyhb6kmyq63","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyhb6kmyq63"},{"properties":{"displayName":"test_policyzbi2xb6y7","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyismcbfzwf","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyismcbfzwf"},{"properties":{"displayName":"test_policyyulsilxiw","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyjp2hqpyxg","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyjp2hqpyxg"},{"properties":{"displayName":"test_policym7v6bzkep","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyl5e3igsku","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyl5e3igsku"},{"properties":{"displayName":"test_policyr5ivz4uoy","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policylw4dif6k4","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policylw4dif6k4"},{"properties":{"displayName":"test_policyp2yhkolhg","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policymxx4vzibo","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policymxx4vzibo"},{"properties":{"displayName":"test_policyt252aa3in","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyose3kehj3","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyose3kehj3"},{"properties":{"displayName":"test_policyg5g7wrd63","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyqcexugiyb","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyqcexugiyb"},{"properties":{"displayName":"test_policy5u5ook2zf","policyType":"Custom","description":"desc_for_test_policy_123","parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyrs5zxfokx","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyrs5zxfokx"},{"properties":{"displayName":"test_policyepxuvmnrs","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyrtseayuym","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyrtseayuym"},{"properties":{"displayName":"test_policyeglfwi2os","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyrzih7n7ws","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyrzih7n7ws"},{"properties":{"displayName":"test_policyeop2lxcb7","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policytaxuus2zo","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policytaxuus2zo"},{"properties":{"displayName":"test_policymichd2ukj","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policytrkoh7vio","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policytrkoh7vio"},{"properties":{"displayName":"test_policymhqqjyizg","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyunv6j3gfp","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyunv6j3gfp"},{"properties":{"displayName":"test_policyf2qzg3ba4","policyType":"Custom","description":"desc_for_test_policy_123_new","parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","displayName":"Allowed + locations","strongType":"location"}}},"policyRule":{"if":{"not":{"in":"[parameters(''allowedLocations'')]","field":"location"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyv3qavzpbx","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyv3qavzpbx"},{"properties":{"displayName":"test_policy5koxubsg5","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyv53qgvql6","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyv53qgvql6"},{"properties":{"displayName":"test_policy7t2i6ysv7","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyvpb2ircbl","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyvpb2ircbl"},{"properties":{"displayName":"test_policyif4bjggk7","policyType":"Custom","mode":"Indexed","description":"desc_for_test_policy_123_new","metadata":{"category":"test2"},"parameters":{"allowedLocations":{"type":"Array","metadata":{"description":"The + list of locations that can be specified when deploying resources","strongType":"location","displayName":"Allowed + locations"}}},"policyRule":{"if":{"not":{"field":"location","in":"[parameters(''allowedLocations'')]"}},"then":{"effect":"deny"}}},"id":"/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/azure-cli-test-policyyuuoin4oc","type":"Microsoft.Authorization/policyDefinitions","name":"azure-cli-test-policyyuuoin4oc"}]}'} + headers: + cache-control: [no-cache] + content-length: ['237106'] + content-type: [application/json; charset=utf-8] + date: ['Tue, 27 Nov 2018 04:24:51 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -1018,8 +775,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77?api-version=2018-03-01 @@ -1030,7 +788,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:37 GMT'] + date: ['Tue, 27 Nov 2018 04:24:52 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -1044,8 +802,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77?api-version=2018-03-01 @@ -1057,16 +816,18 @@ interactions: Analytics workspace","description":"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant ''Log Analytics Contributor'' permissions (or similar) to the - policy assignment''s principal ID.","strongType":"omsWorkspace"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","sles-byos"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"OmsAgentForLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"OmsAgentForLinux","vmExtensionTypeHandlerVersion":"1.7"},"resources":[{"name":"[concat(parameters(''vmName''), + policy assignment''s principal ID.","strongType":"omsWorkspace"}},"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"OmsAgentForLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"OmsAgentForLinux","vmExtensionTypeHandlerVersion":"1.7"},"resources":[{"name":"[concat(parameters(''vmName''), ''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''), ''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''), ''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/053d3325-282c-4e5c-b944-24faffd30d77","type":"Microsoft.Authorization/policyDefinitions","name":"053d3325-282c-4e5c-b944-24faffd30d77"}'} headers: cache-control: [no-cache] - content-length: ['4286'] + content-length: ['4930'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:38 GMT'] + date: ['Tue, 27 Nov 2018 04:24:52 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -1082,8 +843,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb?api-version=2018-03-01 @@ -1094,7 +856,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:38 GMT'] + date: ['Tue, 27 Nov 2018 04:24:53 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -1108,8 +870,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/057ef27e-665e-4328-8ea3-04b3122bd9fb?api-version=2018-03-01 @@ -1126,7 +889,7 @@ interactions: cache-control: [no-cache] content-length: ['1410'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:38 GMT'] + date: ['Tue, 27 Nov 2018 04:24:54 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -1142,8 +905,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12?api-version=2018-03-01 @@ -1154,7 +918,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:39 GMT'] + date: ['Tue, 27 Nov 2018 04:24:54 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -1168,20 +932,21 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12?api-version=2018-03-01 response: body: {string: '{"properties":{"displayName":"Audit SQL DB Level Audit Setting","policyType":"BuiltIn","mode":"All","description":"Audit DB level audit setting for SQL databases","metadata":{"category":"SQL","deprecated":true},"parameters":{"setting":{"type":"String","metadata":{"displayName":"Audit - Setting"},"allowedValues":["enabled","disabled"]}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers/databases"},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Sql/servers/databases/auditingSettings","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/auditingSettings.state","equals":"[parameters(''setting'')]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a12"}'} + Setting"},"allowedValues":["enabled","disabled"]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"AuditIfNotExists","details":{"type":"Microsoft.Sql/servers/databases/auditingSettings","name":"default","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/auditingSettings.state","equals":"[parameters(''setting'')]"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"06a78e20-9358-41c9-923c-fb736d382a12"}'} headers: cache-control: [no-cache] - content-length: ['852'] + content-length: ['902'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:39 GMT'] + date: ['Tue, 27 Nov 2018 04:24:55 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -1197,8 +962,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d?api-version=2018-03-01 @@ -1209,7 +975,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:40 GMT'] + date: ['Tue, 27 Nov 2018 04:24:56 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -1223,8 +989,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d?api-version=2018-03-01 @@ -1236,7 +1003,7 @@ interactions: cache-control: [no-cache] content-length: ['897'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:40 GMT'] + date: ['Tue, 27 Nov 2018 04:24:56 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -1252,8 +1019,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c?api-version=2018-03-01 @@ -1264,7 +1032,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:40 GMT'] + date: ['Tue, 27 Nov 2018 04:24:56 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -1278,8 +1046,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c?api-version=2018-03-01 @@ -1291,16 +1060,18 @@ interactions: Analytics workspace","description":"Select Log Analytics workspace from dropdown list. If this workspace is outside of the scope of the assignment you must manually grant ''Log Analytics Contributor'' permissions (or similar) to the - policy assignment''s principal ID.","strongType":"omsWorkspace"}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"MicrosoftMonitoringAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"MicrosoftMonitoringAgent","vmExtensionTypeHandlerVersion":"1.0"},"resources":[{"name":"[concat(parameters(''vmName''), + policy assignment''s principal ID.","strongType":"omsWorkspace"}},"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + values: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"MicrosoftMonitoringAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"MicrosoftMonitoringAgent","vmExtensionTypeHandlerVersion":"1.0"},"resources":[{"name":"[concat(parameters(''vmName''), ''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''), ''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''), ''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/0868462e-646c-4fe3-9ced-a733534b6a2c","type":"Microsoft.Authorization/policyDefinitions","name":"0868462e-646c-4fe3-9ced-a733534b6a2c"}'} headers: cache-control: [no-cache] - content-length: ['4134'] + content-length: ['5553'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:40 GMT'] + date: ['Tue, 27 Nov 2018 04:24:57 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -1316,8 +1087,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b?api-version=2018-03-01 @@ -1328,7 +1100,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:41 GMT'] + date: ['Tue, 27 Nov 2018 04:24:58 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -1342,8 +1114,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/09024ccc-0c5f-475e-9457-b7c0d9ed487b?api-version=2018-03-01 @@ -1357,7 +1130,7 @@ interactions: cache-control: [no-cache] content-length: ['1054'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:41 GMT'] + date: ['Tue, 27 Nov 2018 04:24:58 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -1373,8 +1146,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d?api-version=2018-03-01 @@ -1385,7 +1159,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:42 GMT'] + date: ['Tue, 27 Nov 2018 04:24:58 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -1399,8 +1173,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d?api-version=2018-03-01 @@ -1414,7 +1189,7 @@ interactions: cache-control: [no-cache] content-length: ['1032'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:42 GMT'] + date: ['Tue, 27 Nov 2018 04:24:59 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -1430,8 +1205,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a?api-version=2018-03-01 @@ -1442,7 +1218,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:43 GMT'] + date: ['Tue, 27 Nov 2018 04:25:00 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -1456,8 +1232,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a?api-version=2018-03-01 @@ -1469,7 +1246,7 @@ interactions: cache-control: [no-cache] content-length: ['556'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:43 GMT'] + date: ['Tue, 27 Nov 2018 04:25:00 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -1485,8 +1262,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07?api-version=2018-03-01 @@ -1497,7 +1275,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:43 GMT'] + date: ['Tue, 27 Nov 2018 04:25:00 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -1511,8 +1289,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07?api-version=2018-03-01 @@ -1520,12 +1299,16 @@ interactions: body: {string: '{"properties":{"displayName":"[Preview]: Audit Dependency Agent Deployment - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the - agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","sles-byos"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.2-LTS","14.04.3-LTS","14.04.4-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","type":"Microsoft.Authorization/policyDefinitions","name":"11ac78e3-31bc-4f0c-8434-37ab963cea07"}'} + agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude_windows":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07","type":"Microsoft.Authorization/policyDefinitions","name":"11ac78e3-31bc-4f0c-8434-37ab963cea07"}'} headers: cache-control: [no-cache] - content-length: ['3310'] + content-length: ['5357'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:44 GMT'] + date: ['Tue, 27 Nov 2018 04:25:01 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -1541,8 +1324,73 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] + accept-language: [en-US] + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6?api-version=2018-03-01 + response: + body: {string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy + definition ''12f7e5d0-42a7-4630-80d8-54fb7cff9bd6'' could not be found."}}'} + headers: + cache-control: [no-cache] + content-length: ['138'] + content-type: [application/json; charset=utf-8] + date: ['Tue, 27 Nov 2018 04:25:03 GMT'] + expires: ['-1'] + pragma: [no-cache] + strict-transport-security: [max-age=31536000; includeSubDomains] + x-content-type-options: [nosniff] + status: {code: 404, message: Not Found} +- request: + body: null + headers: + Accept: [application/json] + Accept-Encoding: ['gzip, deflate'] + CommandName: [policy definition show] + Connection: [keep-alive] + Content-Type: [application/json; charset=utf-8] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] + accept-language: [en-US] + method: GET + uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6?api-version=2018-03-01 + response: + body: {string: '{"properties":{"displayName":"[Preview]: Deploy VM extension to + audit application inside Windows VMs must be present","policyType":"BuiltIn","mode":"Indexed","description":"Include + this rule to deploy the VM extensions for Microsoft Guest Configuration, Microsoft + Azure Managed Service Identity, and required content to audit applications + inside Windows VMs must be present.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"parameters":{"installedApplication":{"type":"String","metadata":{"displayName":"Application + name (supports wildcard)","description":"Application name. Example: ''Microsoft + SQL Server 2014 (64-bit)'' or ''Microsoft SQL Server 2014*'' to match any + application starting with ''Microsoft SQL Server 2014''."}}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"WhitelistedApplication","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"WhitelistedApplication"},"installedApplication":{"value":"[parameters(''installedApplication'')]"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"},"installedApplication":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*","configurationParameter":[{"name":"[InstalledApplication]bwhitelistedapp;Name","value":"[Parameters(''installedApplication'')]"}]}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), + ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/12f7e5d0-42a7-4630-80d8-54fb7cff9bd6","type":"Microsoft.Authorization/policyDefinitions","name":"12f7e5d0-42a7-4630-80d8-54fb7cff9bd6"}'} + headers: + cache-control: [no-cache] + content-length: ['3612'] + content-type: [application/json; charset=utf-8] + date: ['Tue, 27 Nov 2018 04:25:02 GMT'] + expires: ['-1'] + pragma: [no-cache] + strict-transport-security: [max-age=31536000; includeSubDomains] + transfer-encoding: [chunked] + vary: ['Accept-Encoding,Accept-Encoding'] + x-content-type-options: [nosniff] + status: {code: 200, message: OK} +- request: + body: null + headers: + Accept: [application/json] + Accept-Encoding: ['gzip, deflate'] + CommandName: [policy definition show] + Connection: [keep-alive] + Content-Type: [application/json; charset=utf-8] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df?api-version=2018-03-01 @@ -1553,7 +1401,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:44 GMT'] + date: ['Tue, 27 Nov 2018 04:25:03 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -1567,8 +1415,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df?api-version=2018-03-01 @@ -1579,14 +1428,14 @@ interactions: Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password must be used before the user can change it.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"MinimumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"MinimumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"MinimumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"MinimumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/16390df4-2f73-4b42-af13-c801066763df","type":"Microsoft.Authorization/policyDefinitions","name":"16390df4-2f73-4b42-af13-c801066763df"}'} headers: cache-control: [no-cache] - content-length: ['3109'] + content-length: ['3162'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:44 GMT'] + date: ['Tue, 27 Nov 2018 04:25:03 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -1602,8 +1451,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12?api-version=2018-03-01 @@ -1614,7 +1464,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:45 GMT'] + date: ['Tue, 27 Nov 2018 04:25:05 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -1628,8 +1478,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12?api-version=2018-03-01 @@ -1637,12 +1488,12 @@ interactions: body: {string: '{"properties":{"displayName":"Audit transparent data encryption status","policyType":"BuiltIn","mode":"Indexed","description":"Audit transparent data encryption status for SQL databases","metadata":{"category":"SQL"},"parameters":{"effect":{"type":"String","metadata":{"displayName":"Effect","description":"Enable - or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers/databases"},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"enabled"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"17k78e20-9358-41c9-923c-fb736d382a12"}'} + or disable the execution of the policy"},"allowedValues":["AuditIfNotExists","Disabled"],"defaultValue":"AuditIfNotExists"}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"[parameters(''effect'')]","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"allOf":[{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"enabled"}]}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12","type":"Microsoft.Authorization/policyDefinitions","name":"17k78e20-9358-41c9-923c-fb736d382a12"}'} headers: cache-control: [no-cache] - content-length: ['964'] + content-length: ['1014'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:45 GMT'] + date: ['Tue, 27 Nov 2018 04:25:04 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -1658,8 +1509,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04?api-version=2018-03-01 @@ -1670,7 +1522,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:46 GMT'] + date: ['Tue, 27 Nov 2018 04:25:05 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -1684,8 +1536,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04?api-version=2018-03-01 @@ -1693,14 +1546,16 @@ interactions: body: {string: '{"properties":{"displayName":"[Preview]: Deploy Dependency Agent for Windows VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy Dependency Agent for Windows VMs if the VM Image (OS) is in the list defined - and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentWindows"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentWindows","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''), + and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentWindows"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentWindows","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''), ''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/1c210e94-a481-4beb-95fa-1571b434fb04","type":"Microsoft.Authorization/policyDefinitions","name":"1c210e94-a481-4beb-95fa-1571b434fb04"}'} headers: cache-control: [no-cache] - content-length: ['3454'] + content-length: ['4871'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:46 GMT'] + date: ['Tue, 27 Nov 2018 04:25:05 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -1716,8 +1571,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d?api-version=2018-03-01 @@ -1728,7 +1584,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:46 GMT'] + date: ['Tue, 27 Nov 2018 04:25:06 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -1742,8 +1598,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d?api-version=2018-03-01 @@ -1759,7 +1616,7 @@ interactions: cache-control: [no-cache] content-length: ['1035'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:46 GMT'] + date: ['Tue, 27 Nov 2018 04:25:07 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -1775,8 +1632,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62?api-version=2018-03-01 @@ -1787,7 +1645,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:47 GMT'] + date: ['Tue, 27 Nov 2018 04:25:08 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -1801,8 +1659,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/1e30110a-5ceb-460c-a204-c1c3969c6d62?api-version=2018-03-01 @@ -1816,7 +1675,7 @@ interactions: cache-control: [no-cache] content-length: ['805'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:47 GMT'] + date: ['Tue, 27 Nov 2018 04:25:08 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -1832,8 +1691,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9?api-version=2018-03-01 @@ -1844,7 +1704,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:48 GMT'] + date: ['Tue, 27 Nov 2018 04:25:09 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -1858,8 +1718,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/1f314764-cb73-4fc9-b863-8eca98ac36e9?api-version=2018-03-01 @@ -1875,7 +1736,7 @@ interactions: cache-control: [no-cache] content-length: ['1047'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:48 GMT'] + date: ['Tue, 27 Nov 2018 04:25:09 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -1891,8 +1752,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6?api-version=2018-03-01 @@ -1903,7 +1765,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:49 GMT'] + date: ['Tue, 27 Nov 2018 04:25:10 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -1917,8 +1779,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/201ea587-7c90-41c3-910f-c280ae01cfd6?api-version=2018-03-01 @@ -1933,7 +1796,7 @@ interactions: cache-control: [no-cache] content-length: ['1153'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:49 GMT'] + date: ['Tue, 27 Nov 2018 04:25:10 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -1949,8 +1812,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb?api-version=2018-03-01 @@ -1961,7 +1825,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:49 GMT'] + date: ['Tue, 27 Nov 2018 04:25:11 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -1975,8 +1839,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/22bee202-a82f-4305-9a2a-6d7f44d4dedb?api-version=2018-03-01 @@ -1992,7 +1857,7 @@ interactions: cache-control: [no-cache] content-length: ['1027'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:50 GMT'] + date: ['Tue, 27 Nov 2018 04:25:11 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -2008,8 +1873,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca?api-version=2018-03-01 @@ -2020,7 +1886,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:50 GMT'] + date: ['Tue, 27 Nov 2018 04:25:13 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -2034,8 +1900,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca?api-version=2018-03-01 @@ -2046,14 +1913,14 @@ interactions: Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the least number of characters that a password for a user account may contain.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"MinimumPasswordLength","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"MinimumPasswordLength"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"MinimumPasswordLength","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"MinimumPasswordLength"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/23020aa6-1135-4be2-bae2-149982b06eca","type":"Microsoft.Authorization/policyDefinitions","name":"23020aa6-1135-4be2-bae2-149982b06eca"}'} headers: cache-control: [no-cache] - content-length: ['3119'] + content-length: ['3172'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:50 GMT'] + date: ['Tue, 27 Nov 2018 04:25:13 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -2069,8 +1936,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc?api-version=2018-03-01 @@ -2081,7 +1949,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:51 GMT'] + date: ['Tue, 27 Nov 2018 04:25:13 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -2095,8 +1963,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/24dde96d-f0b1-425e-884f-4a1421e2dcdc?api-version=2018-03-01 @@ -2110,7 +1979,7 @@ interactions: cache-control: [no-cache] content-length: ['1361'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:51 GMT'] + date: ['Tue, 27 Nov 2018 04:25:13 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -2126,8 +1995,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7?api-version=2018-03-01 @@ -2138,7 +2008,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:51 GMT'] + date: ['Tue, 27 Nov 2018 04:25:15 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -2152,8 +2022,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7?api-version=2018-03-01 @@ -2170,7 +2041,7 @@ interactions: cache-control: [no-cache] content-length: ['1491'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:52 GMT'] + date: ['Tue, 27 Nov 2018 04:25:15 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -2186,8 +2057,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc?api-version=2018-03-01 @@ -2198,7 +2070,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:52 GMT'] + date: ['Tue, 27 Nov 2018 04:25:16 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -2212,8 +2084,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/2835b622-407b-4114-9198-6f7064cbe0dc?api-version=2018-03-01 @@ -2235,7 +2108,7 @@ interactions: cache-control: [no-cache] content-length: ['4287'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:53 GMT'] + date: ['Tue, 27 Nov 2018 04:25:17 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -2251,8 +2124,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498?api-version=2018-03-01 @@ -2263,7 +2137,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:54 GMT'] + date: ['Tue, 27 Nov 2018 04:25:17 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -2277,8 +2151,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/2a0e14a6-b0a6-4fab-991a-187a4f81c498?api-version=2018-03-01 @@ -2294,7 +2169,7 @@ interactions: cache-control: [no-cache] content-length: ['933'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:53 GMT'] + date: ['Tue, 27 Nov 2018 04:25:18 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -2310,8 +2185,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6?api-version=2018-03-01 @@ -2322,7 +2198,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:54 GMT'] + date: ['Tue, 27 Nov 2018 04:25:18 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -2336,8 +2212,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/2d60d3b7-aa10-454c-88a8-de39d99d17c6?api-version=2018-03-01 @@ -2350,7 +2227,7 @@ interactions: cache-control: [no-cache] content-length: ['1376'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:54 GMT'] + date: ['Tue, 27 Nov 2018 04:25:19 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -2366,8 +2243,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83?api-version=2018-03-01 @@ -2378,7 +2256,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:55 GMT'] + date: ['Tue, 27 Nov 2018 04:25:20 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -2392,8 +2270,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/2d67222d-05fd-4526-a171-2ee132ad9e83?api-version=2018-03-01 @@ -2406,7 +2285,7 @@ interactions: cache-control: [no-cache] content-length: ['2063'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:54 GMT'] + date: ['Tue, 27 Nov 2018 04:25:20 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -2422,8 +2301,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50?api-version=2018-03-01 @@ -2434,7 +2314,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:55 GMT'] + date: ['Tue, 27 Nov 2018 04:25:21 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -2448,8 +2328,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50?api-version=2018-03-01 @@ -2457,12 +2338,16 @@ interactions: body: {string: '{"properties":{"displayName":"[Preview]: Audit Log Analytics Agent Deployment - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports VMs as non-compliant if the VM Image (OS) is not in the list defined and the - agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","sles-byos"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","type":"Microsoft.Authorization/policyDefinitions","name":"32133ab0-ee4b-4b44-98d6-042180979d50"}'} + agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude_windows":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"not":{"anyOf":[{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50","type":"Microsoft.Authorization/policyDefinitions","name":"32133ab0-ee4b-4b44-98d6-042180979d50"}'} headers: cache-control: [no-cache] - content-length: ['3474'] + content-length: ['5563'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:56 GMT'] + date: ['Tue, 27 Nov 2018 04:25:21 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -2478,8 +2363,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe?api-version=2018-03-01 @@ -2490,7 +2376,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:56 GMT'] + date: ['Tue, 27 Nov 2018 04:25:22 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -2504,8 +2390,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe?api-version=2018-03-01 @@ -2516,14 +2403,14 @@ interactions: Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies there are no accounts without passwords.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordPolicy_msid232","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordPolicy_msid232"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordPolicy_msid232","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordPolicy_msid232"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3470477a-b35a-49db-aca5-1073d04524fe","type":"Microsoft.Authorization/policyDefinitions","name":"3470477a-b35a-49db-aca5-1073d04524fe"}'} headers: cache-control: [no-cache] - content-length: ['3786'] + content-length: ['3839'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:56 GMT'] + date: ['Tue, 27 Nov 2018 04:25:22 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -2539,8 +2426,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c?api-version=2018-03-01 @@ -2551,7 +2439,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:57 GMT'] + date: ['Tue, 27 Nov 2018 04:25:23 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -2565,8 +2453,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c?api-version=2018-03-01 @@ -2583,7 +2472,7 @@ interactions: cache-control: [no-cache] content-length: ['1158'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:58 GMT'] + date: ['Tue, 27 Nov 2018 04:25:23 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -2599,8 +2488,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d?api-version=2018-03-01 @@ -2611,7 +2501,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:58 GMT'] + date: ['Tue, 27 Nov 2018 04:25:24 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -2625,8 +2515,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/34f95f76-5386-4de7-b824-0d8478470c9d?api-version=2018-03-01 @@ -2643,7 +2534,7 @@ interactions: cache-control: [no-cache] content-length: ['1393'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:58 GMT'] + date: ['Tue, 27 Nov 2018 04:25:24 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -2659,8 +2550,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934?api-version=2018-03-01 @@ -2671,7 +2563,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:58 GMT'] + date: ['Tue, 27 Nov 2018 04:25:25 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -2685,8 +2577,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934?api-version=2018-03-01 @@ -2697,14 +2590,14 @@ interactions: Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the period of time (in days) that a password can be used before the system requires the user to change - it.","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"MaximumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"MaximumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + it.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"MaximumPasswordAge","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"MaximumPasswordAge"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/356a906e-05e5-4625-8729-90771e0ee934","type":"Microsoft.Authorization/policyDefinitions","name":"356a906e-05e5-4625-8729-90771e0ee934"}'} headers: cache-control: [no-cache] - content-length: ['3129'] + content-length: ['3182'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:58 GMT'] + date: ['Tue, 27 Nov 2018 04:25:25 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -2720,8 +2613,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735?api-version=2018-03-01 @@ -2732,7 +2626,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:00 GMT'] + date: ['Tue, 27 Nov 2018 04:25:26 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -2746,8 +2640,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735?api-version=2018-03-01 @@ -2761,7 +2656,7 @@ interactions: cache-control: [no-cache] content-length: ['927'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:59 GMT'] + date: ['Tue, 27 Nov 2018 04:25:27 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -2777,8 +2672,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5?api-version=2018-03-01 @@ -2789,7 +2685,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:38:59 GMT'] + date: ['Tue, 27 Nov 2018 04:25:28 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -2803,8 +2699,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5?api-version=2018-03-01 @@ -2816,7 +2713,7 @@ interactions: cache-control: [no-cache] content-length: ['1349'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:00 GMT'] + date: ['Tue, 27 Nov 2018 04:25:27 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -2832,8 +2729,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606?api-version=2018-03-01 @@ -2844,7 +2742,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:01 GMT'] + date: ['Tue, 27 Nov 2018 04:25:29 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -2858,8 +2756,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606?api-version=2018-03-01 @@ -2875,7 +2774,71 @@ interactions: cache-control: [no-cache] content-length: ['1054'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:01 GMT'] + date: ['Tue, 27 Nov 2018 04:25:30 GMT'] + expires: ['-1'] + pragma: [no-cache] + strict-transport-security: [max-age=31536000; includeSubDomains] + transfer-encoding: [chunked] + vary: ['Accept-Encoding,Accept-Encoding'] + x-content-type-options: [nosniff] + status: {code: 200, message: OK} +- request: + body: null + headers: + Accept: [application/json] + Accept-Encoding: ['gzip, deflate'] + CommandName: [policy definition show] + Connection: [keep-alive] + Content-Type: [application/json; charset=utf-8] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] + accept-language: [en-US] + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9?api-version=2018-03-01 + response: + body: {string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy + definition ''3be22e3b-d919-47aa-805e-8985dbeb0ad9'' could not be found."}}'} + headers: + cache-control: [no-cache] + content-length: ['138'] + content-type: [application/json; charset=utf-8] + date: ['Tue, 27 Nov 2018 04:25:30 GMT'] + expires: ['-1'] + pragma: [no-cache] + strict-transport-security: [max-age=31536000; includeSubDomains] + x-content-type-options: [nosniff] + status: {code: 404, message: Not Found} +- request: + body: null + headers: + Accept: [application/json] + Accept-Encoding: ['gzip, deflate'] + CommandName: [policy definition show] + Connection: [keep-alive] + Content-Type: [application/json; charset=utf-8] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] + accept-language: [en-US] + method: GET + uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9?api-version=2018-03-01 + response: + body: {string: '{"properties":{"displayName":"[Preview]: Deploy Dependency Agent + for Windows VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy + Dependency Agent for Windows VM Scale Sets if the VM Image (OS) is in the + list defined and the agent is not installed. Note: if your scale set upgradePolicy + is set to Manual, you need to apply the extension to the all VMs in the set + by calling upgrade on them. In CLI this would be az vmss update-instances.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"DependencyAgentWindows"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentWindows","vmExtensionTypeHandlerVersion":"9.7"},"resources":[{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","name":"[concat(parameters(''vmName''), + ''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled + extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3be22e3b-d919-47aa-805e-8985dbeb0ad9","type":"Microsoft.Authorization/policyDefinitions","name":"3be22e3b-d919-47aa-805e-8985dbeb0ad9"}'} + headers: + cache-control: [no-cache] + content-length: ['5024'] + content-type: [application/json; charset=utf-8] + date: ['Tue, 27 Nov 2018 04:25:31 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -2891,8 +2854,79 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] + accept-language: [en-US] + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038?api-version=2018-03-01 + response: + body: {string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy + definition ''3c1b3629-c8f8-4bf6-862c-037cb9094038'' could not be found."}}'} + headers: + cache-control: [no-cache] + content-length: ['138'] + content-type: [application/json; charset=utf-8] + date: ['Tue, 27 Nov 2018 04:25:31 GMT'] + expires: ['-1'] + pragma: [no-cache] + strict-transport-security: [max-age=31536000; includeSubDomains] + x-content-type-options: [nosniff] + status: {code: 404, message: Not Found} +- request: + body: null + headers: + Accept: [application/json] + Accept-Encoding: ['gzip, deflate'] + CommandName: [policy definition show] + Connection: [keep-alive] + Content-Type: [application/json; charset=utf-8] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] + accept-language: [en-US] + method: GET + uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038?api-version=2018-03-01 + response: + body: {string: '{"properties":{"displayName":"[Preview]: Deploy Log Analytics + Agent for Windows VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy + Log Analytics Agent for Windows VM Scale Sets if the VM Image (OS) is in the + list defined and the agent is not installed. Note: if your scale set upgradePolicy + is set to Manual, you need to apply the extension to the all VMs in the set + by calling upgrade on them. In CLI this would be az vmss update-instances.","metadata":{"category":"Monitoring"},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log + Analytics workspace","description":"Select Log Analytics workspace from dropdown + list. If this workspace is outside of the scope of the assignment you must + manually grant ''Log Analytics Contributor'' permissions (or similar) to the + policy assignment''s principal ID.","strongType":"omsWorkspace"}},"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293","/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"MicrosoftMonitoringAgent"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"MicrosoftMonitoringAgent","vmExtensionTypeHandlerVersion":"1.0"},"resources":[{"name":"[concat(parameters(''vmName''), + ''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachineScaleSets/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''), + ''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''), + ''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled + extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/3c1b3629-c8f8-4bf6-862c-037cb9094038","type":"Microsoft.Authorization/policyDefinitions","name":"3c1b3629-c8f8-4bf6-862c-037cb9094038"}'} + headers: + cache-control: [no-cache] + content-length: ['5795'] + content-type: [application/json; charset=utf-8] + date: ['Tue, 27 Nov 2018 04:25:33 GMT'] + expires: ['-1'] + pragma: [no-cache] + strict-transport-security: [max-age=31536000; includeSubDomains] + transfer-encoding: [chunked] + vary: ['Accept-Encoding,Accept-Encoding'] + x-content-type-options: [nosniff] + status: {code: 200, message: OK} +- request: + body: null + headers: + Accept: [application/json] + Accept-Encoding: ['gzip, deflate'] + CommandName: [policy definition show] + Connection: [keep-alive] + Content-Type: [application/json; charset=utf-8] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38?api-version=2018-03-01 @@ -2903,7 +2937,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:02 GMT'] + date: ['Tue, 27 Nov 2018 04:25:34 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -2917,8 +2951,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/3d8640fc-63f6-4734-8dcb-cfd3d8c78f38?api-version=2018-03-01 @@ -2938,7 +2973,7 @@ interactions: cache-control: [no-cache] content-length: ['2759'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:01 GMT'] + date: ['Tue, 27 Nov 2018 04:25:34 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -2954,8 +2989,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9?api-version=2018-03-01 @@ -2966,7 +3002,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:02 GMT'] + date: ['Tue, 27 Nov 2018 04:25:35 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -2980,8 +3016,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9?api-version=2018-03-01 @@ -2998,7 +3035,7 @@ interactions: cache-control: [no-cache] content-length: ['1161'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:03 GMT'] + date: ['Tue, 27 Nov 2018 04:25:35 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -3014,8 +3051,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d?api-version=2018-03-01 @@ -3026,7 +3064,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:04 GMT'] + date: ['Tue, 27 Nov 2018 04:25:36 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -3040,8 +3078,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d?api-version=2018-03-01 @@ -3058,7 +3097,7 @@ interactions: cache-control: [no-cache] content-length: ['1396'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:03 GMT'] + date: ['Tue, 27 Nov 2018 04:25:37 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -3074,8 +3113,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed?api-version=2018-03-01 @@ -3086,7 +3126,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:04 GMT'] + date: ['Tue, 27 Nov 2018 04:25:37 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -3100,8 +3140,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/44452482-524f-4bf4-b852-0bff7cc4a3ed?api-version=2018-03-01 @@ -3115,7 +3156,7 @@ interactions: cache-control: [no-cache] content-length: ['1102'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:04 GMT'] + date: ['Tue, 27 Nov 2018 04:25:38 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -3131,8 +3172,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf?api-version=2018-03-01 @@ -3143,7 +3185,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:05 GMT'] + date: ['Tue, 27 Nov 2018 04:25:39 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -3157,8 +3199,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/464dbb85-3d5f-4a1d-bb09-95a9b5dd19cf?api-version=2018-03-01 @@ -3169,7 +3212,7 @@ interactions: cache-control: [no-cache] content-length: ['569'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:05 GMT'] + date: ['Tue, 27 Nov 2018 04:25:40 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -3185,8 +3228,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a?api-version=2018-03-01 @@ -3197,7 +3241,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:06 GMT'] + date: ['Tue, 27 Nov 2018 04:25:40 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -3211,8 +3255,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/465f0161-0087-490a-9ad9-ad6217f4f43a?api-version=2018-03-01 @@ -3226,7 +3271,7 @@ interactions: cache-control: [no-cache] content-length: ['934'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:06 GMT'] + date: ['Tue, 27 Nov 2018 04:25:40 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -3242,8 +3287,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc?api-version=2018-03-01 @@ -3254,7 +3300,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:06 GMT'] + date: ['Tue, 27 Nov 2018 04:25:41 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -3268,8 +3314,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc?api-version=2018-03-01 @@ -3283,7 +3330,7 @@ interactions: cache-control: [no-cache] content-length: ['1078'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:06 GMT'] + date: ['Tue, 27 Nov 2018 04:25:42 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -3299,8 +3346,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71?api-version=2018-03-01 @@ -3311,7 +3359,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:07 GMT'] + date: ['Tue, 27 Nov 2018 04:25:42 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -3325,8 +3373,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/49c88fc8-6fd1-46fd-a676-f12d1d3a4c71?api-version=2018-03-01 @@ -3343,7 +3392,7 @@ interactions: cache-control: [no-cache] content-length: ['1038'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:07 GMT'] + date: ['Tue, 27 Nov 2018 04:25:43 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -3359,8 +3408,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee?api-version=2018-03-01 @@ -3371,7 +3421,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:08 GMT'] + date: ['Tue, 27 Nov 2018 04:25:44 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -3385,8 +3435,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee?api-version=2018-03-01 @@ -3394,14 +3445,16 @@ interactions: body: {string: '{"properties":{"displayName":"[Preview]: Deploy Dependency Agent for Linux VMs","policyType":"BuiltIn","mode":"Indexed","description":"Deploy Dependency Agent for Linux VMs if the VM Image (OS) is in the list defined - and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.2-LTS","14.04.3-LTS","14.04.4-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","sles-byos"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentLinux","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''), + and the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachines/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachines/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachines/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"},{"field":"Microsoft.Compute/virtualMachines/extensions/provisioningState","equals":"Succeeded"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentLinux","vmExtensionTypeHandlerVersion":"9.6"},"resources":[{"type":"Microsoft.Compute/virtualMachines/extensions","name":"[concat(parameters(''vmName''), ''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled extension for VM'', '': '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/4da21710-ce6f-4e06-8cdb-5cc4c93ffbee","type":"Microsoft.Authorization/policyDefinitions","name":"4da21710-ce6f-4e06-8cdb-5cc4c93ffbee"}'} headers: cache-control: [no-cache] - content-length: ['3451'] + content-length: ['4052'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:08 GMT'] + date: ['Tue, 27 Nov 2018 04:25:45 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -3417,8 +3470,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c?api-version=2018-03-01 @@ -3429,7 +3483,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:09 GMT'] + date: ['Tue, 27 Nov 2018 04:25:47 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -3443,8 +3497,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/4f11b553-d42e-4e3a-89be-32ca364cad4c?api-version=2018-03-01 @@ -3459,7 +3514,7 @@ interactions: cache-control: [no-cache] content-length: ['1068'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:09 GMT'] + date: ['Tue, 27 Nov 2018 04:25:48 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -3475,8 +3530,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7?api-version=2018-03-01 @@ -3487,7 +3543,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:10 GMT'] + date: ['Tue, 27 Nov 2018 04:25:49 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -3501,8 +3557,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/5aa11bbc-5c76-4302-80e5-aba46a4282e7?api-version=2018-03-01 @@ -3515,7 +3572,7 @@ interactions: cache-control: [no-cache] content-length: ['1341'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:10 GMT'] + date: ['Tue, 27 Nov 2018 04:25:48 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -3531,8 +3588,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec?api-version=2018-03-01 @@ -3543,7 +3601,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:10 GMT'] + date: ['Tue, 27 Nov 2018 04:25:50 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -3557,8 +3615,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/5aebc8d1-020d-4037-89a0-02043a7524ec?api-version=2018-03-01 @@ -3571,7 +3630,69 @@ interactions: cache-control: [no-cache] content-length: ['1348'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:11 GMT'] + date: ['Tue, 27 Nov 2018 04:25:50 GMT'] + expires: ['-1'] + pragma: [no-cache] + strict-transport-security: [max-age=31536000; includeSubDomains] + transfer-encoding: [chunked] + vary: ['Accept-Encoding,Accept-Encoding'] + x-content-type-options: [nosniff] + status: {code: 200, message: OK} +- request: + body: null + headers: + Accept: [application/json] + Accept-Encoding: ['gzip, deflate'] + CommandName: [policy definition show] + Connection: [keep-alive] + Content-Type: [application/json; charset=utf-8] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] + accept-language: [en-US] + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138?api-version=2018-03-01 + response: + body: {string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy + definition ''5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138'' could not be found."}}'} + headers: + cache-control: [no-cache] + content-length: ['138'] + content-type: [application/json; charset=utf-8] + date: ['Tue, 27 Nov 2018 04:25:51 GMT'] + expires: ['-1'] + pragma: [no-cache] + strict-transport-security: [max-age=31536000; includeSubDomains] + x-content-type-options: [nosniff] + status: {code: 404, message: Not Found} +- request: + body: null + headers: + Accept: [application/json] + Accept-Encoding: ['gzip, deflate'] + CommandName: [policy definition show] + Connection: [keep-alive] + Content-Type: [application/json; charset=utf-8] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] + accept-language: [en-US] + method: GET + uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138?api-version=2018-03-01 + response: + body: {string: '{"properties":{"displayName":"[Preview]: Audit Log Analytics Agent + Deployment in VMSS - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports + VMSS as non-compliant if the VM Image (OS) is not in the list defined and + the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude_windows":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138","type":"Microsoft.Authorization/policyDefinitions","name":"5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138"}'} + headers: + cache-control: [no-cache] + content-length: ['5596'] + content-type: [application/json; charset=utf-8] + date: ['Tue, 27 Nov 2018 04:25:51 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -3587,8 +3708,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4?api-version=2018-03-01 @@ -3599,7 +3721,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:11 GMT'] + date: ['Tue, 27 Nov 2018 04:25:52 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -3613,8 +3735,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/5c607a2e-c700-4744-8254-d77e7c9eb5e4?api-version=2018-03-01 @@ -3628,7 +3751,7 @@ interactions: cache-control: [no-cache] content-length: ['1091'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:11 GMT'] + date: ['Tue, 27 Nov 2018 04:25:54 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -3644,8 +3767,68 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] + accept-language: [en-US] + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9?api-version=2018-03-01 + response: + body: {string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy + definition ''5e393799-e3ca-4e43-a9a5-0ec4648a57d9'' could not be found."}}'} + headers: + cache-control: [no-cache] + content-length: ['138'] + content-type: [application/json; charset=utf-8] + date: ['Tue, 27 Nov 2018 04:25:54 GMT'] + expires: ['-1'] + pragma: [no-cache] + strict-transport-security: [max-age=31536000; includeSubDomains] + x-content-type-options: [nosniff] + status: {code: 404, message: Not Found} +- request: + body: null + headers: + Accept: [application/json] + Accept-Encoding: ['gzip, deflate'] + CommandName: [policy definition show] + Connection: [keep-alive] + Content-Type: [application/json; charset=utf-8] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] + accept-language: [en-US] + method: GET + uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9?api-version=2018-03-01 + response: + body: {string: '{"properties":{"displayName":"[Preview]: Audit application inside + Windows VMs must be present","policyType":"BuiltIn","mode":"Indexed","description":"This + policy will audit instances of applications running inside Windows virtual + machines, to verify that the application exists.","metadata":{"category":"Guest + Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","name":"WhitelistedApplication","existenceCondition":{"field":"Microsoft.GuestConfiguration/guestConfigurationAssignments/complianceStatus","equals":"Compliant"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5e393799-e3ca-4e43-a9a5-0ec4648a57d9","type":"Microsoft.Authorization/policyDefinitions","name":"5e393799-e3ca-4e43-a9a5-0ec4648a57d9"}'} + headers: + cache-control: [no-cache] + content-length: ['1361'] + content-type: [application/json; charset=utf-8] + date: ['Tue, 27 Nov 2018 04:25:55 GMT'] + expires: ['-1'] + pragma: [no-cache] + strict-transport-security: [max-age=31536000; includeSubDomains] + transfer-encoding: [chunked] + vary: ['Accept-Encoding,Accept-Encoding'] + x-content-type-options: [nosniff] + status: {code: 200, message: OK} +- request: + body: null + headers: + Accept: [application/json] + Accept-Encoding: ['gzip, deflate'] + CommandName: [policy definition show] + Connection: [keep-alive] + Content-Type: [application/json; charset=utf-8] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54?api-version=2018-03-01 @@ -3656,7 +3839,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:12 GMT'] + date: ['Tue, 27 Nov 2018 04:25:56 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -3670,8 +3853,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/5ee85ce5-e7eb-44d6-b4a2-32a24be1ca54?api-version=2018-03-01 @@ -3684,7 +3868,77 @@ interactions: cache-control: [no-cache] content-length: ['602'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:11 GMT'] + date: ['Tue, 27 Nov 2018 04:25:55 GMT'] + expires: ['-1'] + pragma: [no-cache] + strict-transport-security: [max-age=31536000; includeSubDomains] + transfer-encoding: [chunked] + vary: ['Accept-Encoding,Accept-Encoding'] + x-content-type-options: [nosniff] + status: {code: 200, message: OK} +- request: + body: null + headers: + Accept: [application/json] + Accept-Encoding: ['gzip, deflate'] + CommandName: [policy definition show] + Connection: [keep-alive] + Content-Type: [application/json; charset=utf-8] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] + accept-language: [en-US] + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069?api-version=2018-03-01 + response: + body: {string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy + definition ''5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069'' could not be found."}}'} + headers: + cache-control: [no-cache] + content-length: ['138'] + content-type: [application/json; charset=utf-8] + date: ['Tue, 27 Nov 2018 04:25:57 GMT'] + expires: ['-1'] + pragma: [no-cache] + strict-transport-security: [max-age=31536000; includeSubDomains] + x-content-type-options: [nosniff] + status: {code: 404, message: Not Found} +- request: + body: null + headers: + Accept: [application/json] + Accept-Encoding: ['gzip, deflate'] + CommandName: [policy definition show] + Connection: [keep-alive] + Content-Type: [application/json; charset=utf-8] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] + accept-language: [en-US] + method: GET + uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069?api-version=2018-03-01 + response: + body: {string: '{"properties":{"displayName":"[Preview]: Deploy Log Analytics + Agent for Linux VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy + Log Analytics Agent for Linux VM Scale Sets if the VM Image (OS) is in the + list defined and the agent is not installed. Note: if your scale set upgradePolicy + is set to Manual, you need to apply the extension to the all VMs in the set + by calling upgrade on them. In CLI this would be az vmss update-instances.","metadata":{"category":"Monitoring"},"parameters":{"logAnalytics":{"type":"String","metadata":{"displayName":"Log + Analytics workspace","description":"Select Log Analytics workspace from dropdown + list. If this workspace is outside of the scope of the assignment you must + manually grant ''Log Analytics Contributor'' permissions (or similar) to the + policy assignment''s principal ID.","strongType":"omsWorkspace"}},"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"12*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"14.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"16.04*LTS"},{"field":"Microsoft.Compute/imageSKU","like":"18.04*LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Oracle"},{"field":"Microsoft.Compute/imageOffer","equals":"Oracle-Linux"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7.*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/92aaf0da-9dab-42b6-94a3-d43ce8d16293","/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"OmsAgentForLinux"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.EnterpriseCloud.Monitoring"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"logAnalytics":{"type":"string"}},"variables":{"vmExtensionName":"MMAExtension","vmExtensionPublisher":"Microsoft.EnterpriseCloud.Monitoring","vmExtensionType":"OmsAgentForLinux","vmExtensionTypeHandlerVersion":"1.7"},"resources":[{"name":"[concat(parameters(''vmName''), + ''/'', variables(''vmExtensionName''))]","type":"Microsoft.Compute/virtualMachineScaleSets/extensions","location":"[parameters(''location'')]","apiVersion":"2018-06-01","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true,"settings":{"workspaceId":"[reference(parameters(''logAnalytics''), + ''2015-03-20'').customerId]","stopOnMultipleConnections":"true"},"protectedSettings":{"workspaceKey":"[listKeys(parameters(''logAnalytics''), + ''2015-03-20'').primarySharedKey]"}}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled + extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"logAnalytics":{"value":"[parameters(''logAnalytics'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069","type":"Microsoft.Authorization/policyDefinitions","name":"5ee9e9ed-0b42-41b7-8c9c-3cfb2fbe2069"}'} + headers: + cache-control: [no-cache] + content-length: ['5173'] + content-type: [application/json; charset=utf-8] + date: ['Tue, 27 Nov 2018 04:25:58 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -3700,8 +3954,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60?api-version=2018-03-01 @@ -3712,7 +3967,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:12 GMT'] + date: ['Tue, 27 Nov 2018 04:25:58 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -3726,8 +3981,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/5f76cf89-fbf2-47fd-a3f4-b891fa780b60?api-version=2018-03-01 @@ -3741,7 +3997,7 @@ interactions: cache-control: [no-cache] content-length: ['1088'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:12 GMT'] + date: ['Tue, 27 Nov 2018 04:25:59 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -3757,8 +4013,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c?api-version=2018-03-01 @@ -3769,7 +4026,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:13 GMT'] + date: ['Tue, 27 Nov 2018 04:26:00 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -3783,8 +4040,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/60ffe3e2-4604-4460-8f22-0f1da058266c?api-version=2018-03-01 @@ -3798,7 +4056,7 @@ interactions: cache-control: [no-cache] content-length: ['1433'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:13 GMT'] + date: ['Tue, 27 Nov 2018 04:26:00 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -3814,8 +4072,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68?api-version=2018-03-01 @@ -3826,7 +4085,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:14 GMT'] + date: ['Tue, 27 Nov 2018 04:26:01 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -3840,8 +4099,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68?api-version=2018-03-01 @@ -3857,7 +4117,7 @@ interactions: cache-control: [no-cache] content-length: ['1334'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:14 GMT'] + date: ['Tue, 27 Nov 2018 04:26:02 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -3873,8 +4133,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759?api-version=2018-03-01 @@ -3885,7 +4146,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:15 GMT'] + date: ['Tue, 27 Nov 2018 04:26:03 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -3899,8 +4160,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/655cb504-bcee-4362-bd4c-402e6aa38759?api-version=2018-03-01 @@ -3916,7 +4178,7 @@ interactions: cache-control: [no-cache] content-length: ['1068'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:15 GMT'] + date: ['Tue, 27 Nov 2018 04:26:04 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -3932,8 +4194,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474?api-version=2018-03-01 @@ -3944,7 +4207,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:15 GMT'] + date: ['Tue, 27 Nov 2018 04:26:04 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -3958,8 +4221,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/6b1cbf55-e8b6-442f-ba4c-7246b6381474?api-version=2018-03-01 @@ -3974,7 +4238,7 @@ interactions: cache-control: [no-cache] content-length: ['1072'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:15 GMT'] + date: ['Tue, 27 Nov 2018 04:26:05 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -3990,8 +4254,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749?api-version=2018-03-01 @@ -4002,7 +4267,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:16 GMT'] + date: ['Tue, 27 Nov 2018 04:26:06 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -4016,8 +4281,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749?api-version=2018-03-01 @@ -4031,7 +4297,7 @@ interactions: cache-control: [no-cache] content-length: ['750'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:16 GMT'] + date: ['Tue, 27 Nov 2018 04:26:07 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -4047,8 +4313,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4?api-version=2018-03-01 @@ -4059,7 +4326,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:17 GMT'] + date: ['Tue, 27 Nov 2018 04:26:08 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -4073,8 +4340,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/6fdb9205-3462-4cfc-87d8-16c7860b53f4?api-version=2018-03-01 @@ -4086,7 +4354,7 @@ interactions: cache-control: [no-cache] content-length: ['570'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:17 GMT'] + date: ['Tue, 27 Nov 2018 04:26:09 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -4102,8 +4370,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6?api-version=2018-03-01 @@ -4114,7 +4383,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:17 GMT'] + date: ['Tue, 27 Nov 2018 04:26:10 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -4128,8 +4397,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6?api-version=2018-03-01 @@ -4140,14 +4410,14 @@ interactions: Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines the number of unique new passwords that have to be associated with a user account before an old - password can be reused.","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"EnforcePasswordHistory","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"EnforcePasswordHistory"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + password can be reused.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"EnforcePasswordHistory","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"EnforcePasswordHistory"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/726671ac-c4de-4908-8c7d-6043ae62e3b6","type":"Microsoft.Authorization/policyDefinitions","name":"726671ac-c4de-4908-8c7d-6043ae62e3b6"}'} headers: cache-control: [no-cache] - content-length: ['3160'] + content-length: ['3213'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:18 GMT'] + date: ['Tue, 27 Nov 2018 04:26:10 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -4163,8 +4433,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1?api-version=2018-03-01 @@ -4175,7 +4446,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:18 GMT'] + date: ['Tue, 27 Nov 2018 04:26:12 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -4189,8 +4460,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/7433c107-6db4-4ad1-b57a-a76dce0154a1?api-version=2018-03-01 @@ -4204,7 +4476,7 @@ interactions: cache-control: [no-cache] content-length: ['849'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:19 GMT'] + date: ['Tue, 27 Nov 2018 04:26:12 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -4220,8 +4492,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac?api-version=2018-03-01 @@ -4232,7 +4505,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:19 GMT'] + date: ['Tue, 27 Nov 2018 04:26:13 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -4246,8 +4519,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/752c6934-9bcc-4749-b004-655e676ae2ac?api-version=2018-03-01 @@ -4262,7 +4536,7 @@ interactions: cache-control: [no-cache] content-length: ['1162'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:20 GMT'] + date: ['Tue, 27 Nov 2018 04:26:14 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -4278,8 +4552,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c?api-version=2018-03-01 @@ -4290,7 +4565,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:20 GMT'] + date: ['Tue, 27 Nov 2018 04:26:14 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -4304,8 +4579,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/760a85ff-6162-42b3-8d70-698e268f648c?api-version=2018-03-01 @@ -4320,7 +4596,7 @@ interactions: cache-control: [no-cache] content-length: ['1151'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:20 GMT'] + date: ['Tue, 27 Nov 2018 04:26:15 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -4336,8 +4612,73 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] + accept-language: [en-US] + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0?api-version=2018-03-01 + response: + body: {string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy + definition ''765266ab-e40e-4c61-bcb2-5a5275d0b7c0'' could not be found."}}'} + headers: + cache-control: [no-cache] + content-length: ['138'] + content-type: [application/json; charset=utf-8] + date: ['Tue, 27 Nov 2018 04:26:16 GMT'] + expires: ['-1'] + pragma: [no-cache] + strict-transport-security: [max-age=31536000; includeSubDomains] + x-content-type-options: [nosniff] + status: {code: 404, message: Not Found} +- request: + body: null + headers: + Accept: [application/json] + Accept-Encoding: ['gzip, deflate'] + CommandName: [policy definition show] + Connection: [keep-alive] + Content-Type: [application/json; charset=utf-8] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] + accept-language: [en-US] + method: GET + uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0?api-version=2018-03-01 + response: + body: {string: '{"properties":{"displayName":"[Preview]: Deploy Dependency Agent + for Linux VM Scale Sets (VMSS)","policyType":"BuiltIn","mode":"Indexed","description":"Deploy + Dependency Agent for Linux VM Scale Sets if the VM Image (OS) is in the list + defined and the agent is not installed. Note: if your scale set upgradePolicy + is set to Manual, you need to apply the extension to the all VMs in the set + by calling upgrade on them. In CLI this would be az vmss update-instances.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude'')]"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["CentOS","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9980e02c-c2be-4d73-94e8-173b1dc7cf3c"],"existenceCondition":{"allOf":[{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/type","equals":"DependencyAgentLinux"},{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}]},"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"}},"variables":{"vmExtensionName":"DependencyAgent","vmExtensionPublisher":"Microsoft.Azure.Monitoring.DependencyAgent","vmExtensionType":"DependencyAgentLinux","vmExtensionTypeHandlerVersion":"9.7"},"resources":[{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","name":"[concat(parameters(''vmName''), + ''/'', variables(''vmExtensionName''))]","apiVersion":"2018-06-01","location":"[parameters(''location'')]","properties":{"publisher":"[variables(''vmExtensionPublisher'')]","type":"[variables(''vmExtensionType'')]","typeHandlerVersion":"[variables(''vmExtensionTypeHandlerVersion'')]","autoUpgradeMinorVersion":true}}],"outputs":{"policy":{"type":"string","value":"[concat(''Enabled + extension for: '', parameters(''vmName''))]"}}},"parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/765266ab-e40e-4c61-bcb2-5a5275d0b7c0","type":"Microsoft.Authorization/policyDefinitions","name":"765266ab-e40e-4c61-bcb2-5a5275d0b7c0"}'} + headers: + cache-control: [no-cache] + content-length: ['4205'] + content-type: [application/json; charset=utf-8] + date: ['Tue, 27 Nov 2018 04:26:17 GMT'] + expires: ['-1'] + pragma: [no-cache] + strict-transport-security: [max-age=31536000; includeSubDomains] + transfer-encoding: [chunked] + vary: ['Accept-Encoding,Accept-Encoding'] + x-content-type-options: [nosniff] + status: {code: 200, message: OK} +- request: + body: null + headers: + Accept: [application/json] + Accept-Encoding: ['gzip, deflate'] + CommandName: [policy definition show] + Connection: [keep-alive] + Content-Type: [application/json; charset=utf-8] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1?api-version=2018-03-01 @@ -4348,7 +4689,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:21 GMT'] + date: ['Tue, 27 Nov 2018 04:26:18 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -4362,8 +4703,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/7c1b1214-f927-48bf-8882-84f0af6588b1?api-version=2018-03-01 @@ -4377,7 +4719,7 @@ interactions: cache-control: [no-cache] content-length: ['1456'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:20 GMT'] + date: ['Tue, 27 Nov 2018 04:26:18 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -4393,8 +4735,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f?api-version=2018-03-01 @@ -4405,7 +4748,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:21 GMT'] + date: ['Tue, 27 Nov 2018 04:26:19 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -4419,8 +4762,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/7c5a74bf-ae94-4a74-8fcf-644d1e0e6e6f?api-version=2018-03-01 @@ -4433,7 +4777,7 @@ interactions: cache-control: [no-cache] content-length: ['716'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:22 GMT'] + date: ['Tue, 27 Nov 2018 04:26:20 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -4449,8 +4793,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8?api-version=2018-03-01 @@ -4461,7 +4806,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:22 GMT'] + date: ['Tue, 27 Nov 2018 04:26:21 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -4475,8 +4820,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8?api-version=2018-03-01 @@ -4487,14 +4833,14 @@ interactions: Azure Managed Service Identity, and required content to check settings inside the virtual machine. If this policy is enabled, passwords must meet minimum requirements. See documentation for full details at URL http://aka.ms/gcpol.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordMustMeetComplexityRequirements","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordMustMeetComplexityRequirements"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordMustMeetComplexityRequirements","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordMustMeetComplexityRequirements"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8","type":"Microsoft.Authorization/policyDefinitions","name":"7ed40801-8a0f-4ceb-85c0-9fd25c1d61a8"}'} headers: cache-control: [no-cache] - content-length: ['3175'] + content-length: ['3228'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:23 GMT'] + date: ['Tue, 27 Nov 2018 04:26:22 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -4510,8 +4856,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9?api-version=2018-03-01 @@ -4522,7 +4869,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:23 GMT'] + date: ['Tue, 27 Nov 2018 04:26:23 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -4536,8 +4883,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9?api-version=2018-03-01 @@ -4549,7 +4897,7 @@ interactions: cache-control: [no-cache] content-length: ['890'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:23 GMT'] + date: ['Tue, 27 Nov 2018 04:26:24 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -4565,8 +4913,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a?api-version=2018-03-01 @@ -4577,7 +4926,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:24 GMT'] + date: ['Tue, 27 Nov 2018 04:26:25 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -4591,8 +4940,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a?api-version=2018-03-01 @@ -4609,7 +4959,7 @@ interactions: cache-control: [no-cache] content-length: ['1393'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:24 GMT'] + date: ['Tue, 27 Nov 2018 04:26:25 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -4625,8 +4975,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f?api-version=2018-03-01 @@ -4637,7 +4988,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:25 GMT'] + date: ['Tue, 27 Nov 2018 04:26:26 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -4651,20 +5002,21 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f?api-version=2018-03-01 response: body: {string: '{"properties":{"displayName":"Deploy SQL DB transparent data encryption","policyType":"BuiltIn","mode":"Indexed","description":"Enables - transparent data encryption on SQL databases","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"field":"type","equals":"Microsoft.Sql/servers/databases"},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"fullDbName":{"type":"string"}},"resources":[{"name":"[concat(parameters(''fullDbName''), + transparent data encryption on SQL databases","metadata":{"category":"SQL"},"parameters":{},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Sql/servers/databases"},{"field":"name","notEquals":"master"}]},"then":{"effect":"DeployIfNotExists","details":{"type":"Microsoft.Sql/servers/databases/transparentDataEncryption","name":"current","existenceCondition":{"field":"Microsoft.Sql/transparentDataEncryption.status","equals":"Enabled"},"roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/9b7fa17d-e63e-47b0-bb0a-15c516ac86ec"],"deployment":{"properties":{"mode":"incremental","template":{"$schema":"http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"fullDbName":{"type":"string"}},"resources":[{"name":"[concat(parameters(''fullDbName''), ''/current'')]","type":"Microsoft.Sql/servers/databases/transparentDataEncryption","apiVersion":"2014-04-01","properties":{"status":"Enabled"}}]},"parameters":{"fullDbName":{"value":"[field(''fullName'')]"}}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f","type":"Microsoft.Authorization/policyDefinitions","name":"86a912f6-9a06-4e26-b447-11b16ba8659f"}'} headers: cache-control: [no-cache] - content-length: ['1335'] + content-length: ['1385'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:25 GMT'] + date: ['Tue, 27 Nov 2018 04:26:27 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -4680,8 +5032,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60?api-version=2018-03-01 @@ -4692,7 +5045,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:26 GMT'] + date: ['Tue, 27 Nov 2018 04:26:28 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -4706,8 +5059,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60?api-version=2018-03-01 @@ -4721,7 +5075,7 @@ interactions: cache-control: [no-cache] content-length: ['1130'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:25 GMT'] + date: ['Tue, 27 Nov 2018 04:26:28 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -4737,8 +5091,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46?api-version=2018-03-01 @@ -4749,7 +5104,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:27 GMT'] + date: ['Tue, 27 Nov 2018 04:26:30 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -4763,8 +5118,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/8ce3da23-7156-49e4-b145-24f95f9dcb46?api-version=2018-03-01 @@ -4779,7 +5135,7 @@ interactions: cache-control: [no-cache] content-length: ['905'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:27 GMT'] + date: ['Tue, 27 Nov 2018 04:26:31 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -4795,8 +5151,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78?api-version=2018-03-01 @@ -4807,7 +5164,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:28 GMT'] + date: ['Tue, 27 Nov 2018 04:26:31 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -4821,8 +5178,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78?api-version=2018-03-01 @@ -4833,14 +5191,14 @@ interactions: Azure Managed Service Identity, and required content to check settings inside the virtual machine. This security setting determines whether the operating system stores passwords using reversible encryption.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"StorePasswordsUsingReversibleEncryption","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"StorePasswordsUsingReversibleEncryption"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"StorePasswordsUsingReversibleEncryption","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"StorePasswordsUsingReversibleEncryption"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/8ff0b18b-262e-4512-857a-48ad0aeb9a78","type":"Microsoft.Authorization/policyDefinitions","name":"8ff0b18b-262e-4512-857a-48ad0aeb9a78"}'} headers: cache-control: [no-cache] - content-length: ['3165'] + content-length: ['3218'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:27 GMT'] + date: ['Tue, 27 Nov 2018 04:26:32 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -4856,8 +5214,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3?api-version=2018-03-01 @@ -4868,7 +5227,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:28 GMT'] + date: ['Tue, 27 Nov 2018 04:26:34 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -4882,8 +5241,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/9297c21d-2ed6-4474-b48f-163f75654ce3?api-version=2018-03-01 @@ -4898,7 +5258,7 @@ interactions: cache-control: [no-cache] content-length: ['1125'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:28 GMT'] + date: ['Tue, 27 Nov 2018 04:26:35 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -4914,8 +5274,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b?api-version=2018-03-01 @@ -4926,7 +5287,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:29 GMT'] + date: ['Tue, 27 Nov 2018 04:26:35 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -4940,8 +5301,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/94c19f19-8192-48cd-a11b-e37099d3e36b?api-version=2018-03-01 @@ -4953,7 +5315,7 @@ interactions: cache-control: [no-cache] content-length: ['579'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:28 GMT'] + date: ['Tue, 27 Nov 2018 04:26:36 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -4969,8 +5331,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/983211ba-f348-4758-983b-21fa29294869?api-version=2018-03-01 @@ -4981,7 +5344,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:30 GMT'] + date: ['Tue, 27 Nov 2018 04:26:37 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -4995,8 +5358,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/983211ba-f348-4758-983b-21fa29294869?api-version=2018-03-01 @@ -5009,7 +5373,7 @@ interactions: cache-control: [no-cache] content-length: ['680'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:30 GMT'] + date: ['Tue, 27 Nov 2018 04:26:37 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -5025,8 +5389,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6?api-version=2018-03-01 @@ -5037,7 +5402,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:31 GMT'] + date: ['Tue, 27 Nov 2018 04:26:39 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -5051,8 +5416,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6?api-version=2018-03-01 @@ -5067,7 +5433,7 @@ interactions: cache-control: [no-cache] content-length: ['1123'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:31 GMT'] + date: ['Tue, 27 Nov 2018 04:26:40 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -5083,8 +5449,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c?api-version=2018-03-01 @@ -5095,7 +5462,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:31 GMT'] + date: ['Tue, 27 Nov 2018 04:26:40 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -5109,8 +5476,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c?api-version=2018-03-01 @@ -5124,7 +5492,7 @@ interactions: cache-control: [no-cache] content-length: ['738'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:32 GMT'] + date: ['Tue, 27 Nov 2018 04:26:41 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -5140,8 +5508,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee?api-version=2018-03-01 @@ -5152,7 +5521,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:32 GMT'] + date: ['Tue, 27 Nov 2018 04:26:43 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -5166,8 +5535,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/a1817ec0-a368-432a-8057-8371e17ac6ee?api-version=2018-03-01 @@ -5184,7 +5554,7 @@ interactions: cache-control: [no-cache] content-length: ['1079'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:32 GMT'] + date: ['Tue, 27 Nov 2018 04:26:43 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -5200,8 +5570,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5?api-version=2018-03-01 @@ -5212,7 +5583,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:33 GMT'] + date: ['Tue, 27 Nov 2018 04:26:44 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -5226,8 +5597,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5?api-version=2018-03-01 @@ -5241,7 +5613,7 @@ interactions: cache-control: [no-cache] content-length: ['975'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:33 GMT'] + date: ['Tue, 27 Nov 2018 04:26:45 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -5257,8 +5629,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9?api-version=2018-03-01 @@ -5269,7 +5642,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:33 GMT'] + date: ['Tue, 27 Nov 2018 04:26:47 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -5283,8 +5656,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9?api-version=2018-03-01 @@ -5298,7 +5672,7 @@ interactions: cache-control: [no-cache] content-length: ['1073'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:34 GMT'] + date: ['Tue, 27 Nov 2018 04:26:47 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -5314,8 +5688,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a?api-version=2018-03-01 @@ -5326,7 +5701,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:34 GMT'] + date: ['Tue, 27 Nov 2018 04:26:48 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -5340,8 +5715,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/a7ff3161-0087-490a-9ad9-ad6217f4f43a?api-version=2018-03-01 @@ -5354,7 +5730,7 @@ interactions: cache-control: [no-cache] content-length: ['654'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:34 GMT'] + date: ['Tue, 27 Nov 2018 04:26:49 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -5370,8 +5746,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16?api-version=2018-03-01 @@ -5382,7 +5759,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:35 GMT'] + date: ['Tue, 27 Nov 2018 04:26:50 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -5396,8 +5773,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/a8bef009-a5c9-4d0f-90d7-6018734e8a16?api-version=2018-03-01 @@ -5411,7 +5789,7 @@ interactions: cache-control: [no-cache] content-length: ['1054'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:36 GMT'] + date: ['Tue, 27 Nov 2018 04:26:51 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -5427,8 +5805,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9?api-version=2018-03-01 @@ -5439,7 +5818,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:36 GMT'] + date: ['Tue, 27 Nov 2018 04:26:52 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -5453,8 +5832,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/a9b99dd8-06c5-4317-8629-9d86a3c6e7d9?api-version=2018-03-01 @@ -5469,7 +5849,7 @@ interactions: cache-control: [no-cache] content-length: ['1465'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:36 GMT'] + date: ['Tue, 27 Nov 2018 04:26:53 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -5485,8 +5865,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed?api-version=2018-03-01 @@ -5497,7 +5878,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:37 GMT'] + date: ['Tue, 27 Nov 2018 04:26:54 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -5511,8 +5892,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/aa633080-8b72-40c4-a2d7-d00c03e80bed?api-version=2018-03-01 @@ -5527,7 +5909,7 @@ interactions: cache-control: [no-cache] content-length: ['1126'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:36 GMT'] + date: ['Tue, 27 Nov 2018 04:26:54 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -5543,8 +5925,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24?api-version=2018-03-01 @@ -5555,7 +5938,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:37 GMT'] + date: ['Tue, 27 Nov 2018 04:26:56 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -5569,8 +5952,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/abcc6037-1fc4-47f6-aac5-89706589be24?api-version=2018-03-01 @@ -5584,7 +5968,7 @@ interactions: cache-control: [no-cache] content-length: ['944'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:38 GMT'] + date: ['Tue, 27 Nov 2018 04:26:56 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -5600,8 +5984,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9?api-version=2018-03-01 @@ -5612,7 +5997,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:39 GMT'] + date: ['Tue, 27 Nov 2018 04:26:58 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -5626,8 +6011,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/ac7e5fc0-c029-4b12-91d4-a8500ce697f9?api-version=2018-03-01 @@ -5640,7 +6026,7 @@ interactions: cache-control: [no-cache] content-length: ['647'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:38 GMT'] + date: ['Tue, 27 Nov 2018 04:26:59 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -5656,8 +6042,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9?api-version=2018-03-01 @@ -5668,7 +6055,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:39 GMT'] + date: ['Tue, 27 Nov 2018 04:27:00 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -5682,8 +6069,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9?api-version=2018-03-01 @@ -5697,7 +6085,7 @@ interactions: cache-control: [no-cache] content-length: ['1147'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:39 GMT'] + date: ['Tue, 27 Nov 2018 04:27:01 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -5713,8 +6101,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d?api-version=2018-03-01 @@ -5725,7 +6114,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:39 GMT'] + date: ['Tue, 27 Nov 2018 04:27:02 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -5739,8 +6128,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/af8051bf-258b-44e2-a2bf-165330459f9d?api-version=2018-03-01 @@ -5755,7 +6145,7 @@ interactions: cache-control: [no-cache] content-length: ['1081'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:40 GMT'] + date: ['Tue, 27 Nov 2018 04:27:03 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -5771,8 +6161,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c?api-version=2018-03-01 @@ -5783,7 +6174,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:41 GMT'] + date: ['Tue, 27 Nov 2018 04:27:04 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -5797,8 +6188,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c?api-version=2018-03-01 @@ -5812,7 +6204,7 @@ interactions: cache-control: [no-cache] content-length: ['1064'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:40 GMT'] + date: ['Tue, 27 Nov 2018 04:27:05 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -5828,8 +6220,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b?api-version=2018-03-01 @@ -5840,7 +6233,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:41 GMT'] + date: ['Tue, 27 Nov 2018 04:27:07 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -5854,8 +6247,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/b18175dd-c599-4c64-83ba-bb018a06d35b?api-version=2018-03-01 @@ -5869,7 +6263,7 @@ interactions: cache-control: [no-cache] content-length: ['2097'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:41 GMT'] + date: ['Tue, 27 Nov 2018 04:27:07 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -5885,8 +6279,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7?api-version=2018-03-01 @@ -5897,7 +6292,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:42 GMT'] + date: ['Tue, 27 Nov 2018 04:27:08 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -5911,8 +6306,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/b278e460-7cfc-4451-8294-cccc40a940d7?api-version=2018-03-01 @@ -5929,7 +6325,7 @@ interactions: cache-control: [no-cache] content-length: ['1071'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:42 GMT'] + date: ['Tue, 27 Nov 2018 04:27:09 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -5945,8 +6341,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8?api-version=2018-03-01 @@ -5957,7 +6354,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:43 GMT'] + date: ['Tue, 27 Nov 2018 04:27:10 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -5971,8 +6368,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8?api-version=2018-03-01 @@ -5983,14 +6381,14 @@ interactions: Azure Managed Service Identity, and required content to audit instances of Internet Information Services (IIS) running inside Windows virtual machines, to verify that TLS minimum version 1.1 is used for encryption.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"AuditSecureProtocol","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AuditSecureProtocol"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"AuditSecureProtocol","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"AuditSecureProtocol"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforWindows'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforWindows","typeHandlerVersion":"1.1","autoUpgradeMinorVersion":true,"settings":{},"protectedSettings":{}},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/b2fc8f91-866d-4434-9089-5ebfe38d6fd8","type":"Microsoft.Authorization/policyDefinitions","name":"b2fc8f91-866d-4434-9089-5ebfe38d6fd8"}'} headers: cache-control: [no-cache] - content-length: ['3142'] + content-length: ['3195'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:43 GMT'] + date: ['Tue, 27 Nov 2018 04:27:11 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -6006,8 +6404,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4?api-version=2018-03-01 @@ -6018,7 +6417,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:44 GMT'] + date: ['Tue, 27 Nov 2018 04:27:12 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -6032,8 +6431,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4?api-version=2018-03-01 @@ -6050,7 +6450,7 @@ interactions: cache-control: [no-cache] content-length: ['1400'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:44 GMT'] + date: ['Tue, 27 Nov 2018 04:27:13 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -6066,8 +6466,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0?api-version=2018-03-01 @@ -6078,7 +6479,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:44 GMT'] + date: ['Tue, 27 Nov 2018 04:27:14 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -6092,8 +6493,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0?api-version=2018-03-01 @@ -6107,7 +6509,7 @@ interactions: cache-control: [no-cache] content-length: ['1019'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:45 GMT'] + date: ['Tue, 27 Nov 2018 04:27:15 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -6123,8 +6525,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c1b9cbed-08e3-427d-b9ce-7c535b1e9b94?api-version=2018-03-01 @@ -6135,7 +6538,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:45 GMT'] + date: ['Tue, 27 Nov 2018 04:27:16 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -6149,8 +6552,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/c1b9cbed-08e3-427d-b9ce-7c535b1e9b94?api-version=2018-03-01 @@ -6163,7 +6567,7 @@ interactions: cache-control: [no-cache] content-length: ['703'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:45 GMT'] + date: ['Tue, 27 Nov 2018 04:27:17 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -6179,8 +6583,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05?api-version=2018-03-01 @@ -6191,7 +6596,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:46 GMT'] + date: ['Tue, 27 Nov 2018 04:27:18 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -6205,8 +6610,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/c40c9087-1981-4e73-9f53-39743eda9d05?api-version=2018-03-01 @@ -6219,7 +6625,7 @@ interactions: cache-control: [no-cache] content-length: ['2004'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:46 GMT'] + date: ['Tue, 27 Nov 2018 04:27:19 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -6235,8 +6641,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c?api-version=2018-03-01 @@ -6247,7 +6654,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:47 GMT'] + date: ['Tue, 27 Nov 2018 04:27:20 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -6261,8 +6668,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c?api-version=2018-03-01 @@ -6279,7 +6687,7 @@ interactions: cache-control: [no-cache] content-length: ['1412'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:47 GMT'] + date: ['Tue, 27 Nov 2018 04:27:21 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -6295,8 +6703,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89?api-version=2018-03-01 @@ -6307,7 +6716,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:48 GMT'] + date: ['Tue, 27 Nov 2018 04:27:22 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -6321,8 +6730,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/c9c29499-c1d1-4195-99bd-2ec9e3a9dc89?api-version=2018-03-01 @@ -6341,7 +6751,7 @@ interactions: cache-control: [no-cache] content-length: ['3613'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:48 GMT'] + date: ['Tue, 27 Nov 2018 04:27:23 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -6357,8 +6767,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3?api-version=2018-03-01 @@ -6369,7 +6780,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:49 GMT'] + date: ['Tue, 27 Nov 2018 04:27:24 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -6383,8 +6794,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/cccc23c7-8427-4f53-ad12-b6a63eb452b3?api-version=2018-03-01 @@ -6398,7 +6810,7 @@ interactions: cache-control: [no-cache] content-length: ['844'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:49 GMT'] + date: ['Tue, 27 Nov 2018 04:27:25 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -6414,8 +6826,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064?api-version=2018-03-01 @@ -6426,7 +6839,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:49 GMT'] + date: ['Tue, 27 Nov 2018 04:27:26 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -6440,8 +6853,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/cd8dc879-a2ae-43c3-8211-1877c5755064?api-version=2018-03-01 @@ -6453,7 +6867,7 @@ interactions: cache-control: [no-cache] content-length: ['539'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:49 GMT'] + date: ['Tue, 27 Nov 2018 04:27:27 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -6469,8 +6883,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293?api-version=2018-03-01 @@ -6481,7 +6896,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:50 GMT'] + date: ['Tue, 27 Nov 2018 04:27:29 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -6495,8 +6910,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/cdbf72d9-ac9c-4026-8a3a-491a5ac59293?api-version=2018-03-01 @@ -6510,7 +6926,7 @@ interactions: cache-control: [no-cache] content-length: ['1388'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:50 GMT'] + date: ['Tue, 27 Nov 2018 04:27:29 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -6526,8 +6942,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21?api-version=2018-03-01 @@ -6538,7 +6955,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:50 GMT'] + date: ['Tue, 27 Nov 2018 04:27:30 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -6552,8 +6969,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21?api-version=2018-03-01 @@ -6570,7 +6988,7 @@ interactions: cache-control: [no-cache] content-length: ['1391'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:51 GMT'] + date: ['Tue, 27 Nov 2018 04:27:32 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -6586,8 +7004,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697?api-version=2018-03-01 @@ -6598,7 +7017,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:52 GMT'] + date: ['Tue, 27 Nov 2018 04:27:33 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -6612,8 +7031,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/e01598e8-6538-41ed-95e8-8b29746cd697?api-version=2018-03-01 @@ -6625,7 +7045,7 @@ interactions: cache-control: [no-cache] content-length: ['570'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:52 GMT'] + date: ['Tue, 27 Nov 2018 04:27:33 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -6641,8 +7061,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15?api-version=2018-03-01 @@ -6653,7 +7074,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:53 GMT'] + date: ['Tue, 27 Nov 2018 04:27:35 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -6667,8 +7088,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15?api-version=2018-03-01 @@ -6682,7 +7104,69 @@ interactions: cache-control: [no-cache] content-length: ['1135'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:52 GMT'] + date: ['Tue, 27 Nov 2018 04:27:36 GMT'] + expires: ['-1'] + pragma: [no-cache] + strict-transport-security: [max-age=31536000; includeSubDomains] + transfer-encoding: [chunked] + vary: ['Accept-Encoding,Accept-Encoding'] + x-content-type-options: [nosniff] + status: {code: 200, message: OK} +- request: + body: null + headers: + Accept: [application/json] + Accept-Encoding: ['gzip, deflate'] + CommandName: [policy definition show] + Connection: [keep-alive] + Content-Type: [application/json; charset=utf-8] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] + accept-language: [en-US] + method: GET + uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10?api-version=2018-03-01 + response: + body: {string: '{"error":{"code":"PolicyDefinitionNotFound","message":"The policy + definition ''e2dd799a-a932-4e9d-ac17-d473bc3c6c10'' could not be found."}}'} + headers: + cache-control: [no-cache] + content-length: ['138'] + content-type: [application/json; charset=utf-8] + date: ['Tue, 27 Nov 2018 04:27:37 GMT'] + expires: ['-1'] + pragma: [no-cache] + strict-transport-security: [max-age=31536000; includeSubDomains] + x-content-type-options: [nosniff] + status: {code: 404, message: Not Found} +- request: + body: null + headers: + Accept: [application/json] + Accept-Encoding: ['gzip, deflate'] + CommandName: [policy definition show] + Connection: [keep-alive] + Content-Type: [application/json; charset=utf-8] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] + accept-language: [en-US] + method: GET + uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10?api-version=2018-03-01 + response: + body: {string: '{"properties":{"displayName":"[Preview]: Audit Dependency Agent + Deployment in VMSS - VM Image (OS) unlisted","policyType":"BuiltIn","mode":"Indexed","description":"Reports + VMSS as non-compliant if the VM Image (OS) is not in the list defined and + the agent is not installed.","metadata":{"category":"Monitoring"},"parameters":{"listOfImageIdToInclude_windows":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Windows OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]},"listOfImageIdToInclude_linux":{"type":"Array","metadata":{"displayName":"Optional: + List of VM images that have supported Linux OS to add to scope","description":"Example + value: ''/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage''"},"defaultValue":[]}},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachineScaleSets"},{"not":{"anyOf":[{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_windows'')]"},{"field":"Microsoft.Compute/imageId","in":"[parameters(''listOfImageIdToInclude_linux'')]"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServer"},{"field":"Microsoft.Compute/imageSKU","in":["2008-R2-SP1","2008-R2-SP1-smalldisk","2012-Datacenter","2012-Datacenter-smalldisk","2012-R2-Datacenter","2012-R2-Datacenter-smalldisk","2016-Datacenter","2016-Datacenter-Server-Core","2016-Datacenter-Server-Core-smalldisk","2016-Datacenter-smalldisk","2016-Datacenter-with-Containers","2016-Datacenter-with-RDSH"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServer"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerSemiAnnual"},{"field":"Microsoft.Compute/imageSKU","in":["Datacenter-Core-1709-smalldisk","Datacenter-Core-1709-with-Containers-smalldisk","Datacenter-Core-1803-with-Containers-smalldisk"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsServerHPCPack"},{"field":"Microsoft.Compute/imageOffer","equals":"WindowsServerHPCPack"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftSQLServer"},{"anyOf":[{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2016-BYOL"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2"},{"field":"Microsoft.Compute/imageOffer","like":"*-WS2012R2-BYOL"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftRServer"},{"field":"Microsoft.Compute/imageOffer","equals":"MLServer-WS2016"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftVisualStudio"},{"field":"Microsoft.Compute/imageOffer","in":["VisualStudio","Windows"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftDynamicsAX"},{"field":"Microsoft.Compute/imageOffer","equals":"Dynamics"},{"field":"Microsoft.Compute/imageSKU","equals":"Pre-Req-AX7-Onebox-U8"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"microsoft-ads"},{"field":"Microsoft.Compute/imageOffer","equals":"windows-data-science-vm"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"MicrosoftWindowsDesktop"},{"field":"Microsoft.Compute/imageOffer","equals":"Windows-10"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","in":["RHEL","RHEL-SAP-HANA"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"SUSE"},{"field":"Microsoft.Compute/imageOffer","in":["SLES","SLES-HPC","SLES-HPC-Priority","SLES-SAP","SLES-SAP-BYOS","SLES-Priority","SLES-BYOS","SLES-SAPCAL","SLES-Standard"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["12-SP2"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","in":["14.04.0-LTS","14.04.1-LTS","14.04.5-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["16.04-LTS","16.04.0-LTS"]},{"field":"Microsoft.Compute/imageSKU","in":["18.04-LTS"]}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","in":["Centos","Centos-LVM","CentOS-SRIOV"]},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","like":"6.*"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"cloudera"},{"field":"Microsoft.Compute/imageOffer","equals":"cloudera-centos-os"},{"field":"Microsoft.Compute/imageSKU","like":"7*"}]}]}}]},"then":{"effect":"auditIfNotExists","details":{"type":"Microsoft.Compute/virtualMachineScaleSets/extensions","existenceCondition":{"field":"Microsoft.Compute/virtualMachineScaleSets/extensions/publisher","equals":"Microsoft.Azure.Monitoring.DependencyAgent"}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10","type":"Microsoft.Authorization/policyDefinitions","name":"e2dd799a-a932-4e9d-ac17-d473bc3c6c10"}'} + headers: + cache-control: [no-cache] + content-length: ['5390'] + content-type: [application/json; charset=utf-8] + date: ['Tue, 27 Nov 2018 04:27:38 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -6698,8 +7182,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64?api-version=2018-03-01 @@ -6710,7 +7195,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:53 GMT'] + date: ['Tue, 27 Nov 2018 04:27:39 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -6724,8 +7209,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/e3576e28-8b17-4677-84c3-db2990658d64?api-version=2018-03-01 @@ -6740,7 +7226,7 @@ interactions: cache-control: [no-cache] content-length: ['1122'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:54 GMT'] + date: ['Tue, 27 Nov 2018 04:27:40 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -6756,8 +7242,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c?api-version=2018-03-01 @@ -6768,7 +7255,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:54 GMT'] + date: ['Tue, 27 Nov 2018 04:27:42 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -6782,8 +7269,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c?api-version=2018-03-01 @@ -6799,7 +7287,7 @@ interactions: cache-control: [no-cache] content-length: ['1049'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:55 GMT'] + date: ['Tue, 27 Nov 2018 04:27:42 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -6815,8 +7303,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988?api-version=2018-03-01 @@ -6827,7 +7316,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:55 GMT'] + date: ['Tue, 27 Nov 2018 04:27:43 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -6841,8 +7330,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988?api-version=2018-03-01 @@ -6856,7 +7346,7 @@ interactions: cache-control: [no-cache] content-length: ['908'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:55 GMT'] + date: ['Tue, 27 Nov 2018 04:27:44 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -6872,8 +7362,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad?api-version=2018-03-01 @@ -6884,7 +7375,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:56 GMT'] + date: ['Tue, 27 Nov 2018 04:27:45 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -6898,8 +7389,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/ebb62a0c-3560-49e1-89ed-27e074e9f8ad?api-version=2018-03-01 @@ -6914,7 +7406,7 @@ interactions: cache-control: [no-cache] content-length: ['1137'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:56 GMT'] + date: ['Tue, 27 Nov 2018 04:27:47 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -6930,8 +7422,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592?api-version=2018-03-01 @@ -6942,7 +7435,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:56 GMT'] + date: ['Tue, 27 Nov 2018 04:27:48 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -6956,8 +7449,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592?api-version=2018-03-01 @@ -6968,14 +7462,14 @@ interactions: Microsoft Azure Managed Service Identity, and required content to check settings inside the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies remote connections from accounts - with empty passwords is disabled.","metadata":{"category":"Guest Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordPolicy_msid110","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordPolicy_msid110"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + with empty passwords is disabled.","metadata":{"category":"Guest Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordPolicy_msid110","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordPolicy_msid110"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/ec49586f-4939-402d-a29e-6ff502b20592","type":"Microsoft.Authorization/policyDefinitions","name":"ec49586f-4939-402d-a29e-6ff502b20592"}'} headers: cache-control: [no-cache] - content-length: ['3848'] + content-length: ['3901'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:56 GMT'] + date: ['Tue, 27 Nov 2018 04:27:50 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -6991,8 +7485,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9?api-version=2018-03-01 @@ -7003,7 +7498,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:57 GMT'] + date: ['Tue, 27 Nov 2018 04:27:51 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -7017,8 +7512,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9?api-version=2018-03-01 @@ -7030,14 +7526,14 @@ interactions: the virtual machine. For Linux servers this includes Chef Inspec, Ruby, and Python. This security setting verifies /etc/passwd file permissions are set to 0644 to prevent unauthorized changes that could allow access to the server.","metadata":{"category":"Guest - Configuration"},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordPolicy_msid121","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordPolicy_msid121"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), + Configuration","requiredProviders":["Microsoft.GuestConfiguration"]},"policyRule":{"if":{"allOf":[{"field":"type","equals":"Microsoft.Compute/virtualMachines"},{"anyOf":[{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Canonical"},{"field":"Microsoft.Compute/imageOffer","equals":"UbuntuServer"},{"anyOf":[{"field":"Microsoft.Compute/imageSKU","match":"14.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"16.04.#-LTS"},{"field":"Microsoft.Compute/imageSKU","equals":"16.04-LTS"},{"field":"Microsoft.Compute/imageSKU","match":"18.04-LTS"}]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"Suse"},{"field":"Microsoft.Compute/imageOffer","equals":"SLES"},{"field":"Microsoft.Compute/imageSKU","equals":"12-SP3"}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"RedHat"},{"field":"Microsoft.Compute/imageOffer","equals":"RHEL"},{"field":"Microsoft.Compute/imageSKU","in":["7-RAW","7.4"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"credativ"},{"field":"Microsoft.Compute/imageOffer","equals":"Debian"},{"field":"Microsoft.Compute/imageSKU","in":["9","8"]}]},{"allOf":[{"field":"Microsoft.Compute/imagePublisher","equals":"OpenLogic"},{"field":"Microsoft.Compute/imageOffer","equals":"CentOS"},{"field":"Microsoft.Compute/imageSKU","in":["7.5","7.4","7.3"]}]}]}]},"then":{"effect":"deployIfNotExists","details":{"type":"Microsoft.GuestConfiguration/guestConfigurationAssignments","roleDefinitionIds":["/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"],"name":"PasswordPolicy_msid121","deployment":{"properties":{"mode":"incremental","parameters":{"vmName":{"value":"[field(''name'')]"},"location":{"value":"[field(''location'')]"},"configurationName":{"value":"PasswordPolicy_msid121"}},"template":{"$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#","contentVersion":"1.0.0.0","parameters":{"vmName":{"type":"string"},"location":{"type":"string"},"configurationName":{"type":"string"}},"resources":[{"apiVersion":"2018-06-30-preview","type":"Microsoft.Compute/virtualMachines/providers/guestConfigurationAssignments","name":"[concat(parameters(''vmName''), ''/Microsoft.GuestConfiguration/'', parameters(''configurationName''))]","location":"[parameters(''location'')]","properties":{"guestConfiguration":{"name":"[parameters(''configurationName'')]","version":"1.*"}}},{"apiVersion":"2017-03-30","type":"Microsoft.Compute/virtualMachines","identity":{"type":"SystemAssigned"},"name":"[parameters(''vmName'')]","location":"[parameters(''location'')]"},{"apiVersion":"2015-05-01-preview","name":"[concat(parameters(''vmName''), ''/AzurePolicyforLinux'')]","type":"Microsoft.Compute/virtualMachines/extensions","location":"[parameters(''location'')]","properties":{"publisher":"Microsoft.GuestConfiguration","type":"ConfigurationforLinux","typeHandlerVersion":"1.0","autoUpgradeMinorVersion":true},"dependsOn":["[concat(''Microsoft.Compute/virtualMachines/'',parameters(''vmName''),''/providers/Microsoft.GuestConfiguration/guestConfigurationAssignments/'',parameters(''configurationName''))]"]}]}}}}}}},"id":"/providers/Microsoft.Authorization/policyDefinitions/f19aa1c1-6b91-4c27-ae6a-970279f03db9","type":"Microsoft.Authorization/policyDefinitions","name":"f19aa1c1-6b91-4c27-ae6a-970279f03db9"}'} headers: cache-control: [no-cache] - content-length: ['3858'] + content-length: ['3911'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:58 GMT'] + date: ['Tue, 27 Nov 2018 04:27:52 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -7053,8 +7549,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917?api-version=2018-03-01 @@ -7065,7 +7562,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:58 GMT'] + date: ['Tue, 27 Nov 2018 04:27:53 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -7079,8 +7576,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/f47b5582-33ec-4c5c-87c0-b010a6b2e917?api-version=2018-03-01 @@ -7096,7 +7594,7 @@ interactions: cache-control: [no-cache] content-length: ['1136'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:58 GMT'] + date: ['Tue, 27 Nov 2018 04:27:54 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -7112,8 +7610,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d?api-version=2018-03-01 @@ -7124,7 +7623,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:59 GMT'] + date: ['Tue, 27 Nov 2018 04:27:56 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -7138,8 +7637,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/f4826e5f-6a27-407c-ae3e-9582eb39891d?api-version=2018-03-01 @@ -7153,7 +7653,7 @@ interactions: cache-control: [no-cache] content-length: ['902'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:39:59 GMT'] + date: ['Tue, 27 Nov 2018 04:27:56 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -7169,8 +7669,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb?api-version=2018-03-01 @@ -7181,7 +7682,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:40:00 GMT'] + date: ['Tue, 27 Nov 2018 04:27:58 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -7195,8 +7696,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/f48b2913-1dc5-4834-8c72-ccc1dfd819bb?api-version=2018-03-01 @@ -7210,7 +7712,7 @@ interactions: cache-control: [no-cache] content-length: ['1387'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:40:00 GMT'] + date: ['Tue, 27 Nov 2018 04:27:59 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -7226,8 +7728,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036?api-version=2018-03-01 @@ -7238,7 +7741,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:40:01 GMT'] + date: ['Tue, 27 Nov 2018 04:28:00 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -7252,8 +7755,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/f4c68484-132f-41f9-9b6d-3e4b1cb55036?api-version=2018-03-01 @@ -7278,7 +7782,7 @@ interactions: cache-control: [no-cache] content-length: ['4046'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:40:01 GMT'] + date: ['Tue, 27 Nov 2018 04:28:01 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -7294,8 +7798,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9?api-version=2018-03-01 @@ -7306,7 +7811,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:40:01 GMT'] + date: ['Tue, 27 Nov 2018 04:28:04 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -7320,8 +7825,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/f8456c1c-aa66-4dfb-861a-25d127b775c9?api-version=2018-03-01 @@ -7335,7 +7841,7 @@ interactions: cache-control: [no-cache] content-length: ['1096'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:40:02 GMT'] + date: ['Tue, 27 Nov 2018 04:28:05 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -7351,8 +7857,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45?api-version=2018-03-01 @@ -7363,7 +7870,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:40:02 GMT'] + date: ['Tue, 27 Nov 2018 04:28:09 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -7377,8 +7884,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45?api-version=2018-03-01 @@ -7395,7 +7903,7 @@ interactions: cache-control: [no-cache] content-length: ['1401'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:40:02 GMT'] + date: ['Tue, 27 Nov 2018 04:28:11 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -7411,8 +7919,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46?api-version=2018-03-01 @@ -7423,7 +7932,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:40:03 GMT'] + date: ['Tue, 27 Nov 2018 04:28:14 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -7437,8 +7946,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46?api-version=2018-03-01 @@ -7455,7 +7965,7 @@ interactions: cache-control: [no-cache] content-length: ['1425'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:40:03 GMT'] + date: ['Tue, 27 Nov 2018 04:28:16 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -7471,8 +7981,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc?api-version=2018-03-01 @@ -7483,7 +7994,7 @@ interactions: cache-control: [no-cache] content-length: ['138'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:40:04 GMT'] + date: ['Tue, 27 Nov 2018 04:28:17 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] @@ -7497,8 +8008,9 @@ interactions: CommandName: [policy definition show] Connection: [keep-alive] Content-Type: [application/json; charset=utf-8] - User-Agent: [python/3.6.6 (Windows-10-10.0.17134-SP0) requests/2.19.1 msrest/0.5.5 - msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.48] + ParameterSetName: [-n] + User-Agent: [python/3.5.4 (Windows-10-10.0.17763-SP0) requests/2.20.1 msrest/0.5.4 + msrest_azure/0.4.34 policyclient/2.0.0 Azure-SDK-For-Python AZURECLI/2.0.52] accept-language: [en-US] method: GET uri: https://management.azure.com/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc?api-version=2018-03-01 @@ -7512,7 +8024,7 @@ interactions: cache-control: [no-cache] content-length: ['1119'] content-type: [application/json; charset=utf-8] - date: ['Mon, 22 Oct 2018 19:40:04 GMT'] + date: ['Tue, 27 Nov 2018 04:28:19 GMT'] expires: ['-1'] pragma: [no-cache] strict-transport-security: [max-age=31536000; includeSubDomains] diff --git a/src/command_modules/azure-cli-resource/azure/cli/command_modules/resource/tests/latest/test_resource.py b/src/command_modules/azure-cli-resource/azure/cli/command_modules/resource/tests/latest/test_resource.py index 6be861805ed..bf263298714 100644 --- a/src/command_modules/azure-cli-resource/azure/cli/command_modules/resource/tests/latest/test_resource.py +++ b/src/command_modules/azure-cli-resource/azure/cli/command_modules/resource/tests/latest/test_resource.py @@ -6,10 +6,12 @@ import json import os import time +import mock import unittest +from azure_devtools.scenario_tests.const import MOCKED_SUBSCRIPTION_ID from azure_devtools.scenario_tests import AllowLargeResponse -from azure.cli.testsdk import ScenarioTest, LiveScenarioTest, ResourceGroupPreparer, create_random_name, live_only +from azure.cli.testsdk import ScenarioTest, LiveScenarioTest, ResourceGroupPreparer, create_random_name, live_only, record_only from azure.cli.core.util import get_file_json @@ -549,7 +551,7 @@ def test_feature_list(self): self.cmd('feature show --namespace Microsoft.Network -n AllowLBPreview') -class PolicyScenarioTest(LiveScenarioTest): +class PolicyScenarioTest(ScenarioTest): def cmdstring(self, basic, management_group=None, subscription=None): cmd = basic @@ -769,36 +771,63 @@ def resource_policyset_operations(self, resource_group, management_group=None, s self.cmd(cmd, checks=self.check("length([?name=='{pn}'])", 0)) @ResourceGroupPreparer(name_prefix='cli_test_policy') - @AllowLargeResponse() + @AllowLargeResponse(8192) def test_resource_policy_default(self, resource_group): self.resource_policy_operations(resource_group) @ResourceGroupPreparer(name_prefix='cli_test_policy_management_group') @AllowLargeResponse() def test_resource_policy_management_group(self, resource_group): - self.resource_policy_operations(resource_group, 'AzGovTest8') + management_group_name = self.create_random_name('cli-test-mgmt-group', 30) + self.cmd('account management-group create -n ' + management_group_name) + try: + self.resource_policy_operations(resource_group, management_group_name) + finally: + self.cmd('account management-group delete -n ' + management_group_name) + @record_only() @ResourceGroupPreparer(name_prefix='cli_test_policy_subscription_id') @AllowLargeResponse() def test_resource_policy_subscription_id(self, resource_group): - self.resource_policy_operations(resource_group, None, 'e8a0d3c2-c26a-4363-ba6b-f56ac74c5ae0') + # under playback, we mock it so the subscription id will be '00000000...' and it will match + # the same sanitized value in the recording + if not self.in_recording: + with mock.patch('azure.cli.command_modules.resource.custom._get_subscription_id_from_subscription', + return_value=MOCKED_SUBSCRIPTION_ID): + self.resource_policy_operations(resource_group, None, 'e8a0d3c2-c26a-4363-ba6b-f56ac74c5ae0') + else: + self.resource_policy_operations(resource_group, None, 'e8a0d3c2-c26a-4363-ba6b-f56ac74c5ae0') @ResourceGroupPreparer(name_prefix='cli_test_policyset') @AllowLargeResponse() def test_resource_policyset_default(self, resource_group): self.resource_policyset_operations(resource_group) + @unittest.skip('to investigate why playback fails') @ResourceGroupPreparer(name_prefix='cli_test_policyset_management_group') @AllowLargeResponse() def test_resource_policyset_management_group(self, resource_group): - self.resource_policyset_operations(resource_group, 'AzGovTest8') + management_group_name = self.create_random_name('cli-test-mgmt-group', 30) + self.cmd('account management-group create -n ' + management_group_name) + try: + self.resource_policyset_operations(resource_group, management_group_name) + finally: + self.cmd('account management-group delete -n ' + management_group_name) + @record_only() @ResourceGroupPreparer(name_prefix='cli_test_policyset_subscription_id') @AllowLargeResponse() def test_resource_policyset_subscription_id(self, resource_group): - self.resource_policyset_operations(resource_group, None, 'e8a0d3c2-c26a-4363-ba6b-f56ac74c5ae0') + # under playback, we mock it so the subscription id will be '00000000...' and it will match + # the same sanitized value in the recording + if not self.in_recording: + with mock.patch('azure.cli.command_modules.resource.custom._get_subscription_id_from_subscription', + return_value=MOCKED_SUBSCRIPTION_ID): + self.resource_policyset_operations(resource_group, None, 'e8a0d3c2-c26a-4363-ba6b-f56ac74c5ae0') + else: + self.resource_policyset_operations(resource_group, None, 'e8a0d3c2-c26a-4363-ba6b-f56ac74c5ae0') - @AllowLargeResponse() + @AllowLargeResponse(8192) def test_show_built_in_policy(self): # get the list of builtins, then retrieve each via show and validate the results match results = self.cmd('policy definition list --query "[?policyType==\'BuiltIn\']"').get_output_in_json()