Skip to content

Commit

Permalink
Built-in Policy Release 908282b2 (#1376)
Browse files Browse the repository at this point in the history 
Co-authored-by: Azure Policy Bot <azgovpolicy@microsoft.com>
  • Loading branch information
@gokmen-msft
gokmen-msft and Azure Policy Bot authored Sep 3, 2024
1 parent 76dc6a3 commit 2abf29f
Show file tree
Hide file tree
Showing 60 changed files with 298 additions and 1,309 deletions.
8 changes: 5 additions & 3 deletions ...icies/policyDefinitions/Azure Government/Monitoring/AzureMonitor_DCRA_Arc_Linux_DINE.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,10 @@
"mode": "Indexed",
"description": "Deploy Association to link Linux Arc machines to the specified Data Collection Rule or the specified Data Collection Endpoint. The list of locations are updated over time as support is increased.",
"metadata": {
"version": "2.1.0",
"version": "2.1.1",
"category": "Monitoring"
},
"version": "2.1.0",
"version": "2.1.1",
"parameters": {
"effect": {
"type": "String",
Expand All @@ -27,7 +27,8 @@
"metadata": {
"displayName": "Data Collection Rule Resource Id or Data Collection Endpoint Resource Id",
"description": "Resource Id of the Data Collection Rule or the Data Collection Endpoint to be applied on the Linux machines in scope.",
"portalReview": "true"
"portalReview": "true",
"assignPermissions": true
}
},
"resourceType": {
Expand Down Expand Up @@ -157,6 +158,7 @@
}
},
"versions": [
"2.1.1",
"2.1.0",
"2.0.0"
]
Expand Down
8 changes: 5 additions & 3 deletions ...ies/policyDefinitions/Azure Government/Monitoring/AzureMonitor_DCRA_Arc_Windows_DINE.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,10 @@
"mode": "Indexed",
"description": "Deploy Association to link Windows Arc machines to the specified Data Collection Rule or the specified Data Collection Endpoint. The list of locations are updated over time as support is increased.",
"metadata": {
"version": "2.1.0",
"version": "2.1.1",
"category": "Monitoring"
},
"version": "2.1.0",
"version": "2.1.1",
"parameters": {
"effect": {
"type": "String",
Expand All @@ -27,7 +27,8 @@
"metadata": {
"displayName": "Data Collection Rule Resource Id or Data Collection Endpoint Resource Id",
"description": "Resource Id of the Data Collection Rule or the Data Collection Endpoint to be applied on the Linux machines in scope.",
"portalReview": "true"
"portalReview": "true",
"assignPermissions": true
}
},
"resourceType": {
Expand Down Expand Up @@ -157,6 +158,7 @@
}
},
"versions": [
"2.1.1",
"2.1.0",
"2.0.0"
]
Expand Down
8 changes: 5 additions & 3 deletions ...-policies/policyDefinitions/Azure Government/Monitoring/AzureMonitor_DCRA_Linux_DINE.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,10 @@
"mode": "Indexed",
"description": "Deploy Association to link Linux virtual machines, virtual machine scale sets, and Arc machines to the specified Data Collection Rule or the specified Data Collection Endpoint. The list of locations and OS images are updated over time as support is increased.",
"metadata": {
"version": "2.1.0",
"version": "2.1.1",
"category": "Monitoring"
},
"version": "2.1.0",
"version": "2.1.1",
"parameters": {
"effect": {
"type": "String",
Expand Down Expand Up @@ -47,7 +47,8 @@
"metadata": {
"displayName": "Data Collection Rule Resource Id or Data Collection Endpoint Resource Id",
"description": "Resource Id of the Data Collection Rule or the Data Collection Endpoint to be applied on the Linux machines in scope.",
"portalReview": "true"
"portalReview": "true",
"assignPermissions": true
}
},
"resourceType": {
Expand Down Expand Up @@ -656,6 +657,7 @@
}
},
"versions": [
"2.1.1",
"2.1.0",
"2.0.0"
]
Expand Down
8 changes: 5 additions & 3 deletions ...cies/policyDefinitions/Azure Government/Monitoring/AzureMonitor_DCRA_VMSS_Linux_DINE.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,10 @@
"mode": "Indexed",
"description": "Deploy Association to link Linux virtual machine scale sets to the specified Data Collection Rule or the specified Data Collection Endpoint. The list of locations and OS images are updated over time as support is increased.",
"metadata": {
"version": "2.1.0",
"version": "2.1.1",
"category": "Monitoring"
},
"version": "2.1.0",
"version": "2.1.1",
"parameters": {
"effect": {
"type": "String",
Expand Down Expand Up @@ -47,7 +47,8 @@
"metadata": {
"displayName": "Data Collection Rule Resource Id or Data Collection Endpoint Resource Id",
"description": "Resource Id of the Data Collection Rule or the Data Collection Endpoint to be applied on the Linux machines in scope.",
"portalReview": "true"
"portalReview": "true",
"assignPermissions": true
}
},
"resourceType": {
Expand Down Expand Up @@ -562,6 +563,7 @@
}
},
"versions": [
"2.1.1",
"2.1.0",
"2.0.0"
]
Expand Down
8 changes: 5 additions & 3 deletions ...es/policyDefinitions/Azure Government/Monitoring/AzureMonitor_DCRA_VMSS_Windows_DINE.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,10 @@
"mode": "Indexed",
"description": "Deploy Association to link Windows virtual machine scale sets to the specified Data Collection Rule or the specified Data Collection Endpoint. The list of locations and OS images are updated over time as support is increased.",
"metadata": {
"version": "2.4.0",
"version": "2.4.1",
"category": "Monitoring"
},
"version": "2.4.0",
"version": "2.4.1",
"parameters": {
"effect": {
"type": "String",
Expand Down Expand Up @@ -47,7 +47,8 @@
"metadata": {
"displayName": "Data Collection Rule Resource Id or Data Collection Endpoint Resource Id",
"description": "Resource Id of the Data Collection Rule or the Data Collection Endpoint to be applied on the Linux machines in scope.",
"portalReview": "true"
"portalReview": "true",
"assignPermissions": true
}
},
"resourceType": {
Expand Down Expand Up @@ -357,6 +358,7 @@
}
},
"versions": [
"2.4.1",
"2.4.0",
"2.3.0",
"2.2.0"
Expand Down
8 changes: 5 additions & 3 deletions ...licies/policyDefinitions/Azure Government/Monitoring/AzureMonitor_DCRA_VM_Linux_DINE.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,10 @@
"mode": "Indexed",
"description": "Deploy Association to link Linux virtual machines to the specified Data Collection Rule or the specified Data Collection Endpoint. The list of locations and OS images are updated over time as support is increased.",
"metadata": {
"version": "2.1.0",
"version": "2.1.1",
"category": "Monitoring"
},
"version": "2.1.0",
"version": "2.1.1",
"parameters": {
"effect": {
"type": "String",
Expand Down Expand Up @@ -47,7 +47,8 @@
"metadata": {
"displayName": "Data Collection Rule Resource Id or Data Collection Endpoint Resource Id",
"description": "Resource Id of the Data Collection Rule or the Data Collection Endpoint to be applied on the Linux machines in scope.",
"portalReview": "true"
"portalReview": "true",
"assignPermissions": true
}
},
"resourceType": {
Expand Down Expand Up @@ -562,6 +563,7 @@
}
},
"versions": [
"2.1.1",
"2.1.0",
"2.0.0"
]
Expand Down
8 changes: 5 additions & 3 deletions ...cies/policyDefinitions/Azure Government/Monitoring/AzureMonitor_DCRA_VM_Windows_DINE.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,10 @@
"mode": "Indexed",
"description": "Deploy Association to link Windows virtual machines to the specified Data Collection Rule or the specified Data Collection Endpoint. The list of locations and OS images are updated over time as support is increased.",
"metadata": {
"version": "2.4.0",
"version": "2.4.1",
"category": "Monitoring"
},
"version": "2.4.0",
"version": "2.4.1",
"parameters": {
"effect": {
"type": "String",
Expand Down Expand Up @@ -47,7 +47,8 @@
"metadata": {
"displayName": "Data Collection Rule Resource Id or Data Collection Endpoint Resource Id",
"description": "Resource Id of the Data Collection Rule or the Data Collection Endpoint to be applied on the Linux machines in scope.",
"portalReview": "true"
"portalReview": "true",
"assignPermissions": true
}
},
"resourceType": {
Expand Down Expand Up @@ -357,6 +358,7 @@
}
},
"versions": [
"2.4.1",
"2.4.0",
"2.3.0",
"2.2.0"
Expand Down
8 changes: 5 additions & 3 deletions ...olicies/policyDefinitions/Azure Government/Monitoring/AzureMonitor_DCRA_Windows_DINE.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,10 @@
"mode": "Indexed",
"description": "Deploy Association to link Windows virtual machines, virtual machine scale sets, and Arc machines to the specified Data Collection Rule or the specified Data Collection Endpoint. The list of locations and OS images are updated over time as support is increased.",
"metadata": {
"version": "2.2.0",
"version": "2.2.1",
"category": "Monitoring"
},
"version": "2.2.0",
"version": "2.2.1",
"parameters": {
"effect": {
"type": "String",
Expand Down Expand Up @@ -47,7 +47,8 @@
"metadata": {
"displayName": "Data Collection Rule Resource Id or Data Collection Endpoint Resource Id",
"description": "Resource Id of the Data Collection Rule or the Data Collection Endpoint to be applied on the Linux machines in scope.",
"portalReview": "true"
"portalReview": "true",
"assignPermissions": true
}
},
"resourceType": {
Expand Down Expand Up @@ -451,6 +452,7 @@
}
},
"versions": [
"2.2.1",
"2.2.0",
"2.1.0"
]
Expand Down
15 changes: 3 additions & 12 deletions built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/CISv1_1_0.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,10 @@
"policyType": "BuiltIn",
"description": "The Center for Internet Security (CIS) is a nonprofit entity whose mission is to 'identify, develop, validate, promote, and sustain best practice solutions for cyberdefense.' CIS benchmarks are configuration baselines and best practices for securely configuring a system. These policies address a subset of CIS Microsoft Azure Foundations Benchmark v1.1.0 controls. For more information, visit https://aka.ms/cisazure110-initiative",
"metadata": {
"version": "15.4.0",
"version": "15.5.0",
"category": "Regulatory Compliance"
},
"version": "15.4.0",
"version": "15.5.0",
"policyDefinitionGroups": [
{
"name": "CIS_Azure_1.1.0_1.1",
Expand Down Expand Up @@ -617,16 +617,6 @@
"CIS_Azure_1.1.0_2.4"
]
},
{
"policyDefinitionReferenceId": "CISv110x2x5CISv110x7x6",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9",
"definitionVersion": "3.*.*",
"parameters": {},
"groupNames": [
"CIS_Azure_1.1.0_2.5",
"CIS_Azure_1.1.0_7.6"
]
},
{
"policyDefinitionReferenceId": "CISv110x2x9",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517",
Expand Down Expand Up @@ -1183,6 +1173,7 @@
}
],
"versions": [
"15.5.0",
"15.4.0",
"15.3.0",
"15.2.0"
Expand Down
23 changes: 6 additions & 17 deletions built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/CISv1_3_0.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,10 @@
"policyType": "BuiltIn",
"description": "The Center for Internet Security (CIS) is a nonprofit entity whose mission is to 'identify, develop, validate, promote, and sustain best practice solutions for cyberdefense.' CIS benchmarks are configuration baselines and best practices for securely configuring a system. These policies address a subset of CIS Microsoft Azure Foundations Benchmark v1.3.0 controls. For more information, visit https://aka.ms/cisazure130-initiative",
"metadata": {
"version": "7.6.0",
"version": "7.7.0",
"category": "Regulatory Compliance"
},
"version": "7.6.0",
"version": "7.7.0",
"policyDefinitionGroups": [
{
"name": "CIS_Azure_1.3.0_1.1",
Expand Down Expand Up @@ -1449,14 +1449,15 @@
},
"effect-af6cd1bd-1635-48cb-bde7-5b15693900b9": {
"type": "String",
"defaultValue": "AuditIfNotExists",
"defaultValue": "Disabled",
"allowedValues": [
"AuditIfNotExists",
"Disabled"
],
"metadata": {
"displayName": "Effect for policy: Monitor missing Endpoint Protection in Azure Security Center",
"description": "For more information about effects, visit https://aka.ms/policyeffects"
"description": "For more information about effects, visit https://aka.ms/policyeffects",
"deprecated": true
}
},
"effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53": {
Expand Down Expand Up @@ -2680,19 +2681,6 @@
"CIS_Azure_1.3.0_7.5"
]
},
{
"policyDefinitionReferenceId": "af6cd1bd-1635-48cb-bde7-5b15693900b9",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9",
"definitionVersion": "3.*.*",
"parameters": {
"effect": {
"value": "[parameters('effect-af6cd1bd-1635-48cb-bde7-5b15693900b9')]"
}
},
"groupNames": [
"CIS_Azure_1.3.0_7.6"
]
},
{
"policyDefinitionReferenceId": "0b60c0b2-2dc2-4e1c-b5c9-abbed971de53",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53",
Expand Down Expand Up @@ -2886,6 +2874,7 @@
}
],
"versions": [
"7.7.0",
"7.6.0",
"7.5.0",
"7.4.0"
Expand Down
Loading

0 comments on commit 2abf29f

Please sign in to comment.