From 5db8926271bba87a59bae501d5fc03baa99ab6f4 Mon Sep 17 00:00:00 2001 From: gokmen-msft <48890186+gokmen-msft@users.noreply.github.com> Date: Wed, 29 May 2024 10:44:42 -0700 Subject: [PATCH] Built-in Policy Release cf19f7a6 (#1327) Co-authored-by: Azure Policy Bot --- ...orkRulesNoAzureDatacenterAccess_Audit.json | 64 + ...ployDiagnosticLog_Deploy_LogAnalytics.json | 9 +- .../Monitoring/AzureMonitor_VMSS_AMA_new.json | 43 +- .../Monitoring/AzureMonitor_VM_AMA_new.json | 43 +- .../Regulatory Compliance/Spain_ENS.json | 15413 ++++++++++++++++ 5 files changed, 15566 insertions(+), 6 deletions(-) create mode 100644 built-in-policies/policyDefinitions/Cosmos DB/Cosmos_NetworkRulesNoAzureDatacenterAccess_Audit.json create mode 100644 built-in-policies/policySetDefinitions/Regulatory Compliance/Spain_ENS.json diff --git a/built-in-policies/policyDefinitions/Cosmos DB/Cosmos_NetworkRulesNoAzureDatacenterAccess_Audit.json b/built-in-policies/policyDefinitions/Cosmos DB/Cosmos_NetworkRulesNoAzureDatacenterAccess_Audit.json new file mode 100644 index 000000000..12d84b8ff --- /dev/null +++ b/built-in-policies/policyDefinitions/Cosmos DB/Cosmos_NetworkRulesNoAzureDatacenterAccess_Audit.json @@ -0,0 +1,64 @@ +{ + "properties": { + "displayName": "Azure Cosmos DB accounts should not allow traffic from all Azure data centers", + "policyType": "BuiltIn", + "mode": "Indexed", + "description": "Disallow the IP Firewall rule, '0.0.0.0', which allows for all traffic from any Azure data centers. Learn more at https://aka.ms/cosmosdb-firewall", + "metadata": { + "version": "1.0.0", + "category": "Cosmos DB" + }, + "version": "1.0.0", + "parameters": { + "effect": { + "type": "String", + "metadata": { + "displayName": "Policy Effect", + "description": "The desired effect of the policy." + }, + "allowedValues": [ + "Audit", + "Deny", + "Disabled" + ], + "defaultValue": "Audit" + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "field": "type", + "equals": "Microsoft.DocumentDB/databaseAccounts" + }, + { + "anyOf": [ + { + "count": { + "field": "Microsoft.DocumentDB/databaseAccounts/ipRules[*]", + "where": { + "field": "Microsoft.DocumentDB/databaseAccounts/ipRules[*].ipAddressOrRange", + "equals": "0.0.0.0" + } + }, + "greaterOrEquals": 1 + }, + { + "field": "Microsoft.DocumentDB/databaseAccounts/ipRangeFilter", + "contains": "0.0.0.0" + } + ] + } + ] + }, + "then": { + "effect": "[parameters('effect')]" + } + }, + "versions": [ + "1.0.0" + ] + }, + "id": "/providers/Microsoft.Authorization/policyDefinitions/12339a85-a25c-4f17-9f82-4766f13f5c4c", + "name": "12339a85-a25c-4f17-9f82-4766f13f5c4c" +} \ No newline at end of file diff --git a/built-in-policies/policyDefinitions/Monitoring/Batch_DeployDiagnosticLog_Deploy_LogAnalytics.json b/built-in-policies/policyDefinitions/Monitoring/Batch_DeployDiagnosticLog_Deploy_LogAnalytics.json index fbdf0890e..32ea1e394 100644 --- a/built-in-policies/policyDefinitions/Monitoring/Batch_DeployDiagnosticLog_Deploy_LogAnalytics.json +++ b/built-in-policies/policyDefinitions/Monitoring/Batch_DeployDiagnosticLog_Deploy_LogAnalytics.json @@ -5,10 +5,10 @@ "mode": "Indexed", "description": "Deploys the diagnostic settings for Batch Account to stream to a regional Log Analytics workspace when any Batch Account which is missing this diagnostic settings is created or updated.", "metadata": { - "version": "1.0.0", + "version": "1.1.0", "category": "Monitoring" }, - "version": "1.0.0", + "version": "1.1.0", "parameters": { "effect": { "type": "string", @@ -140,6 +140,10 @@ { "category": "ServiceLog", "enabled": "[parameters('logsEnabled')]" + }, + { + "category": "AuditLog", + "enabled": "[parameters('logsEnabled')]" } ] } @@ -173,6 +177,7 @@ } }, "versions": [ + "1.1.0", "1.0.0" ] }, diff --git a/built-in-policies/policySetDefinitions/Monitoring/AzureMonitor_VMSS_AMA_new.json b/built-in-policies/policySetDefinitions/Monitoring/AzureMonitor_VMSS_AMA_new.json index 29b0eaa3a..e92d20c0e 100644 --- a/built-in-policies/policySetDefinitions/Monitoring/AzureMonitor_VMSS_AMA_new.json +++ b/built-in-policies/policySetDefinitions/Monitoring/AzureMonitor_VMSS_AMA_new.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "Enable Azure Monitor for the virtual machines scale set (VMSS) with AMA.", "metadata": { - "version": "1.0.0", + "version": "1.1.0", "category": "Monitoring" }, - "version": "1.0.0", + "version": "1.1.0", "parameters": { "enableProcessesAndDependencies": { "type": "Boolean", @@ -32,6 +32,26 @@ true ] }, + "restrictBringYourOwnUserAssignedIdentityToSubscription": { + "type": "Boolean", + "metadata": { + "displayName": "Restrict Bring Your Own User-Assigned Identity to Subscription", + "description": "Enable this to enforce the user assigned identity must exist in the same subscription as the virtual machine. When true, must provide User-Assigned Managed Identity Name and User-Assigned Managed Identity Resource Group Name parameters. When false, the parameter User Assigned Managed Identity Resource Id will be used instead." + }, + "allowedValues": [ + true, + false + ], + "defaultValue": true + }, + "userAssignedIdentityResourceId": { + "type": "String", + "metadata": { + "displayName": "User-Assigned Managed Identity Resource ID", + "description": "The resource ID of the pre-created user-assigned managed identity. This parameter is only used when the restrict Bring Your Own User-Assigned Identity To Subscription parameter is false." + }, + "defaultValue": "" + }, "userAssignedManagedIdentityName": { "type": "String", "metadata": { @@ -106,6 +126,12 @@ "bringYourOwnUserAssignedManagedIdentity": { "value": "[parameters('bringYourOwnUserAssignedManagedIdentity')]" }, + "restrictBringYourOwnUserAssignedIdentityToSubscription": { + "value": "[parameters('restrictBringYourOwnUserAssignedIdentityToSubscription')]" + }, + "userAssignedIdentityResourceId": { + "value": "[parameters('userAssignedIdentityResourceId')]" + }, "userAssignedIdentityName": { "value": "[parameters('userAssignedManagedIdentityName')]" }, @@ -128,6 +154,12 @@ "bringYourOwnUserAssignedManagedIdentity": { "value": "[parameters('bringYourOwnUserAssignedManagedIdentity')]" }, + "restrictBringYourOwnUserAssignedIdentityToSubscription": { + "value": "[parameters('restrictBringYourOwnUserAssignedIdentityToSubscription')]" + }, + "userAssignedIdentityResourceId": { + "value": "[parameters('userAssignedIdentityResourceId')]" + }, "userAssignedManagedIdentityName": { "value": "[parameters('userAssignedManagedIdentityName')]" }, @@ -153,6 +185,12 @@ "bringYourOwnUserAssignedManagedIdentity": { "value": "[parameters('bringYourOwnUserAssignedManagedIdentity')]" }, + "restrictBringYourOwnUserAssignedIdentityToSubscription": { + "value": "[parameters('restrictBringYourOwnUserAssignedIdentityToSubscription')]" + }, + "userAssignedIdentityResourceId": { + "value": "[parameters('userAssignedIdentityResourceId')]" + }, "userAssignedManagedIdentityName": { "value": "[parameters('userAssignedManagedIdentityName')]" }, @@ -227,6 +265,7 @@ } ], "versions": [ + "1.1.0", "1.0.0" ] }, diff --git a/built-in-policies/policySetDefinitions/Monitoring/AzureMonitor_VM_AMA_new.json b/built-in-policies/policySetDefinitions/Monitoring/AzureMonitor_VM_AMA_new.json index 6f7e85af5..7c76a9868 100644 --- a/built-in-policies/policySetDefinitions/Monitoring/AzureMonitor_VM_AMA_new.json +++ b/built-in-policies/policySetDefinitions/Monitoring/AzureMonitor_VM_AMA_new.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "Enable Azure Monitor for the virtual machines (VMs) with AMA.", "metadata": { - "version": "1.0.0", + "version": "1.1.0", "category": "Monitoring" }, - "version": "1.0.0", + "version": "1.1.0", "parameters": { "enableProcessesAndDependencies": { "type": "Boolean", @@ -32,6 +32,26 @@ true ] }, + "restrictBringYourOwnUserAssignedIdentityToSubscription": { + "type": "Boolean", + "metadata": { + "displayName": "Restrict Bring Your Own User-Assigned Identity to Subscription", + "description": "Enable this to enforce the user assigned identity must exist in the same subscription as the virtual machine. When true, must provide User-Assigned Managed Identity Name and User-Assigned Managed Identity Resource Group Name parameters. When false, the parameter User Assigned Managed Identity Resource Id will be used instead." + }, + "allowedValues": [ + true, + false + ], + "defaultValue": true + }, + "userAssignedIdentityResourceId": { + "type": "String", + "metadata": { + "displayName": "User-Assigned Managed Identity Resource ID", + "description": "The resource ID of the pre-created user-assigned managed identity. This parameter is only used when the restrict Bring Your Own User-Assigned Identity To Subscription parameter is false." + }, + "defaultValue": "" + }, "userAssignedManagedIdentityName": { "type": "String", "metadata": { @@ -106,6 +126,12 @@ "bringYourOwnUserAssignedManagedIdentity": { "value": "[parameters('bringYourOwnUserAssignedManagedIdentity')]" }, + "restrictBringYourOwnUserAssignedIdentityToSubscription": { + "value": "[parameters('restrictBringYourOwnUserAssignedIdentityToSubscription')]" + }, + "userAssignedIdentityResourceId": { + "value": "[parameters('userAssignedIdentityResourceId')]" + }, "userAssignedIdentityName": { "value": "[parameters('userAssignedManagedIdentityName')]" }, @@ -128,6 +154,12 @@ "bringYourOwnUserAssignedManagedIdentity": { "value": "[parameters('bringYourOwnUserAssignedManagedIdentity')]" }, + "restrictBringYourOwnUserAssignedIdentityToSubscription": { + "value": "[parameters('restrictBringYourOwnUserAssignedIdentityToSubscription')]" + }, + "userAssignedIdentityResourceId": { + "value": "[parameters('userAssignedIdentityResourceId')]" + }, "userAssignedManagedIdentityName": { "value": "[parameters('userAssignedManagedIdentityName')]" }, @@ -153,6 +185,12 @@ "bringYourOwnUserAssignedManagedIdentity": { "value": "[parameters('bringYourOwnUserAssignedManagedIdentity')]" }, + "restrictBringYourOwnUserAssignedIdentityToSubscription": { + "value": "[parameters('restrictBringYourOwnUserAssignedIdentityToSubscription')]" + }, + "userAssignedIdentityResourceId": { + "value": "[parameters('userAssignedIdentityResourceId')]" + }, "userAssignedManagedIdentityName": { "value": "[parameters('userAssignedManagedIdentityName')]" }, @@ -227,6 +265,7 @@ } ], "versions": [ + "1.1.0", "1.0.0" ] }, diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/Spain_ENS.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/Spain_ENS.json new file mode 100644 index 000000000..13278bcdf --- /dev/null +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/Spain_ENS.json @@ -0,0 +1,15413 @@ +{ + "properties": { + "displayName": "Spain ENS", + "policyType": "BuiltIn", + "description": "This initiative includes policies that address National Security Scheme (ENS) controls specifically for the 'CCN-STIC 884'. This policy set includes definitions that have a Deny effect by default.", + "metadata": { + "version": "1.0.0", + "category": "Regulatory Compliance" + }, + "version": "1.0.0", + "policyDefinitionGroups": [ + { + "name": "org.1 Security policy", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_org.1" + }, + { + "name": "org.2 Security regulations", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_org.2" + }, + { + "name": "org.3 Security procedures", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_org.3" + }, + { + "name": "org.4 Authorization process", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_org.4" + }, + { + "name": "op.pl.1 Risk analysis", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_op.pl.1" + }, + { + "name": "op.pl.2 Security Architecture", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_op.pl.2" + }, + { + "name": "op.pl.3 Acquisition of new components", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_op.pl.3" + }, + { + "name": "op.pl.4 Sizing and capacity management", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_op.pl.4" + }, + { + "name": "op.pl.5 Certified components", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_op.pl.5" + }, + { + "name": "op.acc.1 Identification", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_op.acc.1" + }, + { + "name": "op.acc.2 Access requirements", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_op.acc.2" + }, + { + "name": "op.acc.3 Segregation of functions and tasks", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_op.acc.3" + }, + { + "name": "op.acc.4 Access rights management process", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_op.acc.4" + }, + { + "name": "op.acc.5 Authentication mechanism (external users)", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_op.acc.5" + }, + { + "name": "op.acc.6 Authentication mechanism (organization users)", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_op.acc.6" + }, + { + "name": "op.exp.1 Asset inventory", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_op.exp.1" + }, + { + "name": "op.exp.2 Security configuration", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_op.exp.2" + }, + { + "name": "op.exp.3 Security configuration management", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_op.exp.3" + }, + { + "name": "op.exp.4 Security maintenance and updates", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_op.exp.4" + }, + { + "name": "op.exp.5 Change management", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_op.exp.5" + }, + { + "name": "op.exp.6 Protection against harmful code", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_op.exp.6" + }, + { + "name": "op.exp.7 Incident management", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_op.exp.7" + }, + { + "name": "op.exp.8 Recording of the activity", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_op.exp.8" + }, + { + "name": "op.exp.9 Incident management record", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_op.exp.9" + }, + { + "name": "op.exp.10 Cryptographic key protection", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_op.exp.10" + }, + { + "name": "op.ext.1 Contracting and service level agreements", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_op.ext.1" + }, + { + "name": "op.ext.2 Daily management", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_op.ext.2" + }, + { + "name": "op.ext.3 Protection of supply chain", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_op.ext.3" + }, + { + "name": "op.ext.4 Interconnection of systems", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_op.ext.4" + }, + { + "name": "op.nub.1 Cloud service protection", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_op.nub.1" + }, + { + "name": "op.cont.1 Impact analysis", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_op.cont.1" + }, + { + "name": "op.cont.2 Continuity plan", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_op.cont.2" + }, + { + "name": "op.cont.3 Periodic tests", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_op.cont.3" + }, + { + "name": "op.cont.4 Alternative means", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_op.cont.4" + }, + { + "name": "op.mon.1 Intrusion detection", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_op.mon.1" + }, + { + "name": "op.mon.2 Metrics system", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_op.mon.2" + }, + { + "name": "op.mon.3 Monitoring", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_op.mon.3" + }, + { + "name": "mp.if.1 Separate areas with access control", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_mp.if.1" + }, + { + "name": "mp.if.2 Identification of persons", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_mp.if.2" + }, + { + "name": "mp.if.3 Fitting-out of premises", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_mp.if.3" + }, + { + "name": "mp.if.4 Electrical energy", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_mp.if.4" + }, + { + "name": "mp.if.5 Fire protection", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_mp.if.5" + }, + { + "name": "mp.if.6 Flood protection", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_mp.if.6" + }, + { + "name": "mp.if.7 Recording of entries and exits of equipment", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_mp.if.7" + }, + { + "name": "mp.per.1 Job characterization", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_mp.per.1" + }, + { + "name": "mp.per.2 Duties and obligations", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_mp.per.2" + }, + { + "name": "mp.per.3 Awareness", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_mp.per.3" + }, + { + "name": "mp.per.4 Training", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_mp.per.4" + }, + { + "name": "mp.eq.1 Clear desk", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_mp.eq.1" + }, + { + "name": "mp.eq.2 User session lockout", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_mp.eq.2" + }, + { + "name": "mp.eq.3 Protection of portable devices", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_mp.eq.3" + }, + { + "name": "mp.eq.4 Other devices connected to the network", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_mp.eq.4" + }, + { + "name": "mp.com.1 Secure perimeter", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_mp.com.1" + }, + { + "name": "mp.com.2 Protection of confidentiality", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_mp.com.2" + }, + { + "name": "mp.com.3 Protection of integrity and authenticity", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_mp.com.3" + }, + { + "name": "mp.com.4 Separation of information flows on the network", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_mp.com.4" + }, + { + "name": "mp.si.1 Marking", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_mp.si.1" + }, + { + "name": "mp.si.2 Cryptography", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_mp.si.2" + }, + { + "name": "mp.si.3 Custody", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_mp.si.3" + }, + { + "name": "mp.si.4 Transport", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_mp.si.4" + }, + { + "name": "mp.si.5 Erasure and destruction", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_mp.si.5" + }, + { + "name": "mp.sw.1 IT Aplications development", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_mp.sw.1" + }, + { + "name": "mp.sw.2 Acceptance and commissioning", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_mp.sw.2" + }, + { + "name": "mp.info.1 Personal data", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_mp.info.1" + }, + { + "name": "mp.info.2 Rating of information", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_mp.info.2" + }, + { + "name": "mp.info.3 Electronic signature", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_mp.info.3" + }, + { + "name": "mp.info.4 Time stamps", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_mp.info.4" + }, + { + "name": "mp.info.5 Clean-up of documents", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_mp.info.5" + }, + { + "name": "mp.info.6 Backups", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_mp.info.6" + }, + { + "name": "mp.s.1 E-mail protection", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_mp.s.1" + }, + { + "name": "mp.s.2 Protection of web services and applications", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_mp.s.2" + }, + { + "name": "mp.s.3 Protection of web browsing", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_mp.s.3" + }, + { + "name": "mp.s.4 Protection against denial of service", + "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/ENS_v1_mp.s.4" + } + ], + "parameters": { + "effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy": { + "type": "String", + "metadata": { + "displayName": "Self-attest or disable the execution of the policy", + "description": "Self-attest or disable the execution of the policy" + }, + "allowedValues": [ + "Manual", + "Disabled" + ], + "defaultValue": "Manual" + }, + "effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy": { + "type": "String", + "metadata": { + "displayName": "Audit if not exists or disable the execution of the policy", + "description": "Audit if not exists or disable the execution of the policy" + }, + "allowedValues": [ + "AuditIfNotExists", + "Disabled" + ], + "defaultValue": "AuditIfNotExists" + }, + "effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy": { + "type": "String", + "metadata": { + "displayName": "Deploy if not exists or disable the execution of the policy", + "description": "Deploy if not exists or disable the execution of the policy" + }, + "allowedValues": [ + "DeployIfNotExists", + "Disabled" + ], + "defaultValue": "DeployIfNotExists" + }, + "effect-AuditNonCompliantResourcesByDefaultOrDisablePolicy": { + "type": "String", + "metadata": { + "displayName": "Audit or disable the execution of the policy", + "description": "Audit or disable the execution of the policy" + }, + "allowedValues": [ + "Audit", + "Disabled" + ], + "defaultValue": "Audit" + }, + "effect-AuditNonCompliantResourcesByDefaultOrDenyResourceRequestOrDisablePolicy": { + "type": "String", + "metadata": { + "displayName": "Audit, deny or disable the execution of the policy", + "description": "Audit, deny or disable the execution of the policy" + }, + "allowedValues": [ + "Audit", + "Deny", + "Disabled" + ], + "defaultValue": "Audit" + }, + "effect-EnableRelatedResourceAuditingOrExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy": { + "type": "String", + "metadata": { + "displayName": "Audit if not exists, deploy if not exists or disable the execution of the policy.", + "description": "Audit if not exists, deploy if not exists or disable the execution of the policy." + }, + "allowedValues": [ + "AuditIfNotExists", + "DeployIfNotExists", + "Disabled" + ], + "defaultValue": "DeployIfNotExists" + }, + "effect-DenyResourceRequestByDefaultOrDisablePolicy": { + "type": "String", + "metadata": { + "displayName": "Deny or disable the execution of the policy", + "description": "Deny or disable the execution of the policy" + }, + "allowedValues": [ + "Deny", + "Disabled" + ], + "defaultValue": "Deny" + }, + "effect-AuditNonCompliantResourcesByDefaultOrOrDisablePolicy": { + "type": "String", + "metadata": { + "displayName": "Enable or disable the execution of the policy", + "description": "Enable or disable the execution of the policy" + }, + "allowedValues": [ + "Audit", + "Disabled", + "Deny" + ], + "defaultValue": "Audit" + }, + "effect-ModifySubscriptionOrResourceByDefaultOrDisablePolicyOrDenyResourceRequest": { + "type": "String", + "metadata": { + "displayName": "Enable or disable the execution of the policy", + "description": "Enable or disable the execution of the policy" + }, + "allowedValues": [ + "Modify", + "Disabled" + ], + "defaultValue": "Modify" + }, + "effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrEnableRelatedResourceAuditingOrDisablePolicy": { + "type": "String", + "metadata": { + "displayName": "Enable or disable the execution of the policy", + "description": "Enable or disable the execution of the policy" + }, + "allowedValues": [ + "DeployIfNotExists", + "AuditIfNotExists", + "Disabled" + ], + "defaultValue": "DeployIfNotExists" + }, + "effect-EnableRelatedResourceAuditingByDefaultOrExecutesTemplateDeploymentFromAConditionOrDisablePolicy": { + "type": "String", + "metadata": { + "displayName": "Enable or disable the execution of the policy", + "description": "Enable or disable the execution of the policy" + }, + "allowedValues": [ + "AuditIfNotExists", + "DeployIfNotExists", + "Disabled" + ], + "defaultValue": "AuditIfNotExists" + }, + "effect-ModifySubscriptionOrResourceByDefaultOrAuditNonCompliantResourcesOrDisablePolicy": { + "type": "String", + "metadata": { + "displayName": "Enable or disable the execution of the policy", + "description": "Enable or disable the execution of the policy" + }, + "allowedValues": [ + "Modify", + "Audit", + "Disabled" + ], + "defaultValue": "Modify" + }, + "IncludeArcMachines-AllowedValuesMustBeInLowerCase": { + "type": "string", + "metadata": { + "displayName": "Include Arc connected servers for Guest Configuration policies", + "description": "Optionally choose to audit settings inside Arc connected servers using Guest Configuration policies. By selecting this option, you agree to be charged monthly per Arc connected machine." + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "false" + }, + "IncludeArcMachines-AllowedValuesMustBeInUpperCase": { + "type": "string", + "metadata": { + "displayName": "Include Arc connected servers", + "description": "By selecting this option, you agree to be charged monthly per Arc connected machine." + }, + "allowedValues": [ + "True", + "False" + ], + "defaultValue": "False" + }, + "MinimumPasswordAge": { + "type": "String", + "metadata": { + "displayName": "Minimum password age", + "description": "The Minimum password age setting determines the period of time (in days) that a password must be used before the user can change it.", + "portalReview": "true" + }, + "defaultValue": "1" + }, + "MaximumPasswordAge": { + "type": "String", + "metadata": { + "displayName": "Maximum password age", + "description": "The Maximum password age setting determines the period of time (in days) that a password can be used before the system requires the user to change it.", + "portalReview": "true" + }, + "defaultValue": "70" + }, + "EnforcePasswordHistory": { + "type": "String", + "metadata": { + "displayName": "Enforce password history", + "description": "The Enforce password history setting determines the number of unique new passwords that must be associated with a user account before an old password can be reused.", + "portalReview": "true" + }, + "defaultValue": "24" + }, + "MinimumPasswordLength": { + "type": "String", + "metadata": { + "displayName": "Minimum password length", + "description": "The Minimum password length setting determines the least number of characters that can make up a password for a user account.", + "portalReview": "true" + }, + "defaultValue": "14" + }, + "listOfApplicableLocations": { + "type": "Array", + "metadata": { + "displayName": "Applicable Locations", + "description": "The list of locations where the policy should be applied.", + "strongType": "location" + }, + "allowedValues": [ + "australiasoutheast", + "australiaeast", + "brazilsouth", + "canadacentral", + "centralindia", + "centralus", + "eastasia", + "eastus2euap", + "eastus", + "eastus2", + "francecentral", + "japaneast", + "koreacentral", + "northcentralus", + "northeurope", + "norwayeast", + "southcentralus", + "southeastasia", + "switzerlandnorth", + "uaenorth", + "uksouth", + "westcentralus", + "westeurope", + "westus", + "westus2" + ], + "defaultValue": [ + "australiasoutheast", + "australiaeast", + "brazilsouth", + "canadacentral", + "centralindia", + "centralus", + "eastasia", + "eastus2euap", + "eastus", + "eastus2", + "francecentral", + "japaneast", + "koreacentral", + "northcentralus", + "northeurope", + "norwayeast", + "southcentralus", + "southeastasia", + "switzerlandnorth", + "uaenorth", + "uksouth", + "westcentralus", + "westeurope", + "westus", + "westus2" + ] + }, + "dcrResourceId": { + "type": "String", + "metadata": { + "displayName": "Data Collection Rule Resource Id", + "description": "Resource Id of the Data Collection Rule to be applied on the Linux Arc machines in scope." + } + }, + "bringYourOwnUserAssignedManagedIdentity": { + "type": "Boolean", + "metadata": { + "displayName": "Bring Your Own User-Assigned Managed Identity", + "description": "If set to true, Azure Monitor Agent will use the user-assigned managed identity specified via the 'User-Assigned Managed Identity ...' parameters for authentication. Otherwise, Azure Monitor Agent will use the user-assigned managed identity /subscriptions//resourceGroups/built-in-identity-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/built-in-identity- for authentication." + }, + "allowedValues": [ + false, + true + ] + }, + "userAssignedManagedIdentityName": { + "type": "String", + "metadata": { + "displayName": "User-Assigned Managed Identity Name", + "description": "The name of the user-assigned managed identity which Azure Monitor Agent will use for authentication when 'Bring Your Own User-Assigned Managed Identity' is set to true." + }, + "defaultValue": "" + }, + "userAssignedManagedIdentityResourceGroup": { + "type": "String", + "metadata": { + "displayName": "User-Assigned Managed Identity Resource Group", + "description": "The resource group of the user-assigned managed identity which Azure Monitor Agent will use for authentication when 'Bring Your Own User-Assigned Managed Identity' is set to true." + }, + "defaultValue": "" + }, + "vaType": { + "type": "String", + "metadata": { + "displayName": "Vulnerability assessment provider type", + "description": "Select the vulnerability assessment solution to provision to machines." + }, + "allowedValues": [ + "default", + "mdeTvm" + ], + "defaultValue": "default" + }, + "selectedProvider": { + "type": "String", + "metadata": { + "displayName": "Slected Vulnerability Assessment provider", + "description": "Select the vulnerability assessment solution to provision to machines." + }, + "allowedValues": [ + "MdeTvm" + ], + "defaultValue": "MdeTvm" + }, + "effects": { + "type": "String", + "metadata": { + "displayName": "Effect", + "description": "The effect determines what happens when the policy rule is evaluated to match." + }, + "allowedValues": [ + "Audit", + "Disabled" + ], + "defaultValue": "Audit" + }, + "vaultLocation": { + "type": "String", + "metadata": { + "displayName": "Location (Specify the location of the VMs that you want to protect)", + "description": "Specify the location of the VMs that you want to protect. VMs should be backed up to a vault in the same location. For example - southeastasia.", + "strongType": "location" + } + }, + "backupPolicyId": { + "type": "String", + "metadata": { + "displayName": "Backup Policy (of type Azure VM from a vault in the location chosen above)", + "description": "Specify the id of the Azure backup policy to configure backup of the virtual machines. The selected Azure backup policy should be of type Azure virtual machine. This policy needs to be in a vault that is present in the location chosen above. For example - /subscriptions//resourceGroups//providers/Microsoft.RecoveryServices/vaults//backupPolicies/.", + "strongType": "Microsoft.RecoveryServices/vaults/backupPolicies" + } + }, + "exclusionTagName": { + "type": "String", + "metadata": { + "displayName": "Exclusion Tag Name", + "description": "Name of the tag to use for excluding VMs from the scope of this policy. This should be used along with the Exclusion Tag Value parameter. Learn more at https://aka.ms/AppCentricVMBackupPolicy." + }, + "defaultValue": "" + }, + "exclusionTagValue": { + "type": "Array", + "metadata": { + "displayName": "Exclusion Tag Values", + "description": "Value of the tag to use for excluding VMs from the scope of this policy (in case of multiple values, use a comma-separated list). This should be used along with the Exclusion Tag Name parameter. Learn more at https://aka.ms/AppCentricVMBackupPolicy." + }, + "defaultValue": [] + }, + "inclusionTagName": { + "type": "String", + "metadata": { + "displayName": "Inclusion Tag Name", + "description": "Name of the tag to use for including VMs in the scope of this policy. This should be used along with the Inclusion Tag Value parameter. Learn more at https://aka.ms/AppCentricVMBackupPolicy" + }, + "defaultValue": "" + }, + "inclusionTagValue": { + "type": "Array", + "metadata": { + "displayName": "Inclusion Tag Values", + "description": "Value of the tag to use for including VMs in the scope of this policy (in case of multiple values, use a comma-separated list). This should be used along with the Inclusion Tag Name parameter. Learn more at https://aka.ms/AppCentricVMBackupPolicy." + } + }, + "WindowsPythonLatestVersion": { + "type": "String", + "metadata": { + "displayName": "[Deprecated]: Latest Windows Python version", + "description": "Latest supported Python version for App Services", + "deprecated": true + }, + "defaultValue": "3.6" + }, + "LinuxPythonLatestVersion": { + "type": "String", + "metadata": { + "displayName": "[Deprecated]: Linux Latest Python version", + "description": "Latest supported Python version for App Services", + "deprecated": true + }, + "defaultValue": "3.9" + }, + "LinuxPythonVersion": { + "type": "String", + "metadata": { + "displayName": "Linux Python version", + "description": "Specify a supported Python version for App Service" + }, + "defaultValue": "" + }, + "userWorkspaceResourceId": { + "type": "String", + "metadata": { + "displayName": "Workspace Resource Id", + "description": "Workspace resource Id of the Log Analytics workspace destination for the Data Collection Rule.", + "strongType": "omsWorkspace" + } + }, + "workspaceRegion": { + "type": "String", + "metadata": { + "displayName": "Workspace region", + "description": "Region of the Log Analytics workspace destination for the Data Collection Rule.", + "strongType": "location" + } + }, + "userWorkspaceId": { + "type": "String", + "metadata": { + "displayName": "Workspace Id", + "description": "Workspace Id of the Log Analytics workspace destination for the Data Collection Rule." + }, + "defaultValue": "" + }, + "enableCollectionOfSqlQueriesForSecurityResearch": { + "type": "Boolean", + "metadata": { + "displayName": "Enable collection of SQL queries for security research", + "description": "Enable or disable the collection of SQL queries for security research." + }, + "allowedValues": [ + true, + false + ], + "defaultValue": false + }, + "logAnalyticsWorkspaceResourceId": { + "type": "String", + "metadata": { + "displayName": "LogAnalyticsWorkspaceResourceId", + "description": "Optional Log Analytics workspace resource id. If provided, will be used as part of the feature configuration. Otherwise, default workspace will be provisioned. Value format should be '/subscriptions/XXX/resourcegroups/XXX/providers/Microsoft.OperationalInsights/workspaces/XXX'.", + "strongType": "Microsoft.OperationalInsights/workspaces", + "assignPermissions": true + }, + "defaultValue": "" + }, + "resourceGroupName": { + "type": "String", + "metadata": { + "displayName": "Resource group name", + "description": "The resource group name where the export to Event Hub configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Event Hub configured." + } + }, + "resourceGroupLocation": { + "type": "String", + "metadata": { + "displayName": "Resource group location", + "description": "The location where the resource group and the export to Event Hub configuration are created.", + "strongType": "location" + } + }, + "createResourceGroup": { + "type": "Boolean", + "metadata": { + "displayName": "Create resource group", + "description": "If a resource group does not exists in the scope, a new resource group will be created. If the resource group exists and this flag is set to 'true' the policy will re-deploy the resource group. Please note this will reset any Azure Tag on the resource group." + }, + "allowedValues": [ + true, + false + ], + "defaultValue": true + }, + "exportedDataTypes": { + "type": "Array", + "metadata": { + "displayName": "Exported data types", + "description": "The data types to be exported. To export a snapshot (preview) of the data once a week, choose the data types which contains 'snapshot', other data types will be sent in real-time streaming." + }, + "allowedValues": [ + "Security recommendations", + "Security alerts", + "Overall secure score", + "Secure score controls", + "Regulatory compliance", + "Overall secure score - snapshot", + "Secure score controls - snapshot", + "Regulatory compliance - snapshot", + "Security recommendations - snapshot", + "Security findings - snapshot" + ], + "defaultValue": [ + "Security recommendations", + "Security alerts", + "Overall secure score", + "Secure score controls", + "Regulatory compliance", + "Overall secure score - snapshot", + "Secure score controls - snapshot", + "Regulatory compliance - snapshot", + "Security recommendations - snapshot", + "Security findings - snapshot" + ] + }, + "recommendationNames": { + "type": "Array", + "metadata": { + "displayName": "Recommendation IDs", + "description": "Applicable only for export of security recommendations. To export all recommendations, leave this empty. To export specific recommendations, enter a list of recommendation IDs separated by semicolons (';'). Recommendation IDs are available through the Assessments API (https://docs.microsoft.com/rest/api/securitycenter/assessments), or Azure Resource Graph Explorer, choose securityresources and microsoft.security/assessments." + }, + "defaultValue": [] + }, + "recommendationSeverities": { + "type": "Array", + "metadata": { + "displayName": "Recommendation severities", + "description": "Applicable only for export of security recommendations. Determines recommendation severities. Example: High;Medium;Low;" + }, + "allowedValues": [ + "High", + "Medium", + "Low" + ], + "defaultValue": [ + "High", + "Medium", + "Low" + ] + }, + "isSecurityFindingsEnabled": { + "type": "Boolean", + "metadata": { + "displayName": "Include security findings", + "description": "Security findings are results from vulnerability assessment solutions, and can be thought of as 'sub' recommendations grouped into a 'parent' recommendation." + }, + "allowedValues": [ + true, + false + ], + "defaultValue": true + }, + "secureScoreControlsNames": { + "type": "Array", + "metadata": { + "displayName": "Secure Score Controls IDs", + "description": "Applicable only for export of secure score controls. To export all secure score controls, leave this empty. To export specific secure score controls, enter a list of secure score controls IDs separated by semicolons (';'). Secure score controls IDs are available through the Secure score controls API (https://docs.microsoft.com/rest/api/securitycenter/securescorecontrols), or Azure Resource Graph Explorer, choose securityresources and microsoft.security/securescores/securescorecontrols." + }, + "defaultValue": [] + }, + "alertSeverities": { + "type": "Array", + "metadata": { + "displayName": "Alert severities", + "description": "Applicable only for export of security alerts. Determines alert severities. Example: High;Medium;Low;" + }, + "allowedValues": [ + "High", + "Medium", + "Low" + ], + "defaultValue": [ + "High", + "Medium", + "Low" + ] + }, + "regulatoryComplianceStandardsNames": { + "type": "Array", + "metadata": { + "displayName": "Regulatory compliance standards names", + "description": "Applicable only for export of regulatory compliance. To export all regulatory compliance, leave this empty. To export specific regulatory compliance standards, enter a list of these standards names separated by semicolons (';'). Regulatory compliance standards names are available through the regulatory compliance standards API (https://docs.microsoft.com/rest/api/securitycenter/regulatorycompliancestandards), or Azure Resource Graph Explorer, choose securityresources and microsoft.security/regulatorycompliancestandards." + }, + "defaultValue": [] + }, + "eventHubDetails": { + "type": "String", + "metadata": { + "displayName": "Event Hub details", + "description": "The Event Hub details of where the data should be exported to: Subscription, Event Hub Namespace, Event Hub.", + "strongType": "Microsoft.EventHub/namespaces/eventhubs", + "assignPermissions": true + } + }, + "NotAvailableMachineState": { + "type": "String", + "metadata": { + "displayName": "Status if Windows Defender is not available on machine", + "description": "Windows Defender Exploit Guard is only available starting with Windows 10/Windows Server with update 1709. Setting this value to 'Non-Compliant' shows machines with older versions on which Windows Defender Exploit Guard is not available (such as Windows Server 2012 R2) as non-compliant. Setting this value to 'Compliant' shows these machines as compliant." + }, + "allowedValues": [ + "Compliant", + "Non-Compliant" + ], + "defaultValue": "Compliant" + }, + "isOnUploadMalwareScanningEnabled": { + "type": "String", + "metadata": { + "displayName": "Malware Scanning Enabled", + "description": "Enable or disable the Malware Scanning add-on feature" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true" + }, + "isSensitiveDataDiscoveryEnabled": { + "type": "String", + "metadata": { + "displayName": "Sensitive Data Threat Detection Enabled", + "description": "Enable or disable the Sensitive Data Threat Detection add-on feature" + }, + "allowedValues": [ + "true", + "false" + ], + "defaultValue": "true" + }, + "excludedNamespaces": { + "type": "Array", + "metadata": { + "displayName": "Namespace exclusions", + "description": "List of Kubernetes namespaces to exclude from policy evaluation. System namespaces \"kube-system\", \"gatekeeper-system\" and \"azure-arc\" are always excluded by design. \"azure-extensions-usage-system\" is optional to remove." + }, + "defaultValue": [ + "kube-system", + "gatekeeper-system", + "azure-arc", + "azure-extensions-usage-system" + ] + }, + "namespaces": { + "type": "Array", + "metadata": { + "displayName": "Namespace inclusions", + "description": "List of Kubernetes namespaces to only include in policy evaluation. An empty list means the policy is applied to all resources in all namespaces." + }, + "defaultValue": [] + }, + "labelSelector": { + "type": "Object", + "metadata": { + "displayName": "Kubernetes label selector", + "description": "Label query to select Kubernetes resources for policy evaluation. An empty label selector matches all Kubernetes resources." + }, + "defaultValue": {}, + "schema": { + "description": "A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all resources.", + "type": "object", + "properties": { + "matchLabels": { + "description": "matchLabels is a map of {key,value} pairs.", + "type": "object", + "additionalProperties": { + "type": "string" + }, + "minProperties": 1 + }, + "matchExpressions": { + "description": "matchExpressions is a list of values, a key, and an operator.", + "type": "array", + "items": { + "type": "object", + "properties": { + "key": { + "description": "key is the label key that the selector applies to.", + "type": "string" + }, + "operator": { + "description": "operator represents a key's relationship to a set of values.", + "type": "string", + "enum": [ + "In", + "NotIn", + "Exists", + "DoesNotExist" + ] + }, + "values": { + "description": "values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty.", + "type": "array", + "items": { + "type": "string" + } + } + }, + "required": [ + "key", + "operator" + ], + "additionalProperties": false + }, + "minItems": 1 + } + }, + "additionalProperties": false + } + }, + "allowedContainerImagesRegex": { + "type": "string", + "defaultValue": "^(.+){0}$", + "metadata": { + "displayName": "Allowed registry or registries regex", + "description": "The RegEx rule used to match allowed container image field in a Kubernetes cluster. For example, to allow any Azure Container Registry image by matching partial path: ^[^\\/]+\\.azurecr\\.io\\/.+$ and for multiple registries: ^([^\\/]+\\.azurecr\\.io|registry\\.io)\\/.+$" + } + }, + "excludedContainers": { + "type": "Array", + "metadata": { + "displayName": "Containers exclusions", + "description": "The list of InitContainers and Containers to exclude from policy evaluation. The identify is the name of container. Use an empty list to apply this policy to all containers in all namespaces." + }, + "defaultValue": [] + }, + "requiredRetentionDays": { + "type": "String", + "metadata": { + "displayName": "Required retention (days)", + "description": "The required resource logs retention in days" + }, + "defaultValue": "365" + }, + "listOfImageIdToInclude_windows": { + "type": "Array", + "metadata": { + "displayName": "Optional: List of virtual machine images that have supported Windows OS to add to scope", + "description": "Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'" + }, + "defaultValue": [] + }, + "listOfImageIdToInclude_linux": { + "type": "Array", + "metadata": { + "displayName": "Optional: List of virtual machine images that have supported Linux OS to add to scope", + "description": "Example value: '/subscriptions//resourceGroups/YourResourceGroup/providers/Microsoft.Compute/images/ContosoStdImage'" + }, + "defaultValue": [] + }, + "listOfResourceTypesWithDiagnosticLogsEnabled": { + "type": "Array", + "metadata": { + "displayName": "List of resource types that should have resource logs enabled", + "strongType": "resourceTypes" + }, + "defaultValue": [ + "Microsoft.AnalysisServices/servers", + "Microsoft.ApiManagement/service", + "Microsoft.Network/applicationGateways", + "Microsoft.Automation/automationAccounts", + "Microsoft.ContainerInstance/containerGroups", + "Microsoft.ContainerRegistry/registries", + "Microsoft.ContainerService/managedClusters", + "Microsoft.Batch/batchAccounts", + "Microsoft.Cdn/profiles/endpoints", + "Microsoft.CognitiveServices/accounts", + "Microsoft.DocumentDB/databaseAccounts", + "Microsoft.DataFactory/factories", + "Microsoft.DataLakeAnalytics/accounts", + "Microsoft.DataLakeStore/accounts", + "Microsoft.EventGrid/eventSubscriptions", + "Microsoft.EventGrid/topics", + "Microsoft.EventHub/namespaces", + "Microsoft.Network/expressRouteCircuits", + "Microsoft.Network/azureFirewalls", + "Microsoft.HDInsight/clusters", + "Microsoft.Devices/IotHubs", + "Microsoft.KeyVault/vaults", + "Microsoft.Network/loadBalancers", + "Microsoft.Logic/integrationAccounts", + "Microsoft.Logic/workflows", + "Microsoft.DBforMySQL/servers", + "Microsoft.Network/networkInterfaces", + "Microsoft.Network/networkSecurityGroups", + "Microsoft.DBforPostgreSQL/servers", + "Microsoft.PowerBIDedicated/capacities", + "Microsoft.Network/publicIPAddresses", + "Microsoft.RecoveryServices/vaults", + "Microsoft.Cache/redis", + "Microsoft.Relay/namespaces", + "Microsoft.Search/searchServices", + "Microsoft.ServiceBus/namespaces", + "Microsoft.SignalRService/SignalR", + "Microsoft.Sql/servers/databases", + "Microsoft.Sql/servers/elasticPools", + "Microsoft.StreamAnalytics/streamingjobs", + "Microsoft.TimeSeriesInsights/environments", + "Microsoft.Network/trafficManagerProfiles", + "Microsoft.Compute/virtualMachines", + "Microsoft.Compute/virtualMachineScaleSets", + "Microsoft.Network/virtualNetworks", + "Microsoft.Network/virtualNetworkGateways" + ], + "allowedValues": [ + "Microsoft.AnalysisServices/servers", + "Microsoft.ApiManagement/service", + "Microsoft.Network/applicationGateways", + "Microsoft.Automation/automationAccounts", + "Microsoft.ContainerInstance/containerGroups", + "Microsoft.ContainerRegistry/registries", + "Microsoft.ContainerService/managedClusters", + "Microsoft.Batch/batchAccounts", + "Microsoft.Cdn/profiles/endpoints", + "Microsoft.CognitiveServices/accounts", + "Microsoft.DocumentDB/databaseAccounts", + "Microsoft.DataFactory/factories", + "Microsoft.DataLakeAnalytics/accounts", + "Microsoft.DataLakeStore/accounts", + "Microsoft.EventGrid/eventSubscriptions", + "Microsoft.EventGrid/topics", + "Microsoft.EventHub/namespaces", + "Microsoft.Network/expressRouteCircuits", + "Microsoft.Network/azureFirewalls", + "Microsoft.HDInsight/clusters", + "Microsoft.Devices/IotHubs", + "Microsoft.KeyVault/vaults", + "Microsoft.Network/loadBalancers", + "Microsoft.Logic/integrationAccounts", + "Microsoft.Logic/workflows", + "Microsoft.DBforMySQL/servers", + "Microsoft.Network/networkInterfaces", + "Microsoft.Network/networkSecurityGroups", + "Microsoft.DBforPostgreSQL/servers", + "Microsoft.PowerBIDedicated/capacities", + "Microsoft.Network/publicIPAddresses", + "Microsoft.RecoveryServices/vaults", + "Microsoft.Cache/redis", + "Microsoft.Relay/namespaces", + "Microsoft.Search/searchServices", + "Microsoft.ServiceBus/namespaces", + "Microsoft.SignalRService/SignalR", + "Microsoft.Sql/servers/databases", + "Microsoft.Sql/servers/elasticPools", + "Microsoft.StreamAnalytics/streamingjobs", + "Microsoft.TimeSeriesInsights/environments", + "Microsoft.Network/trafficManagerProfiles", + "Microsoft.Compute/virtualMachines", + "Microsoft.Compute/virtualMachineScaleSets", + "Microsoft.Network/virtualNetworks", + "Microsoft.Network/virtualNetworkGateways" + ] + }, + "logsEnabled-AllowedValuesMustBeBoolean": { + "type": "Boolean", + "metadata": { + "displayName": "Logs Enabled" + }, + "allowedValues": [ + true, + false + ], + "defaultValue": true + }, + "logsEnabled-AllowedValuesMustBeString": { + "type": "String", + "metadata": { + "displayName": "Enable Logs", + "description": "Enable Logs - True or False" + }, + "allowedValues": [ + "True", + "False" + ], + "defaultValue": "True" + }, + "metricsEnabled-Boolean": { + "type": "Boolean", + "metadata": { + "displayName": "Metrics Enabled" + }, + "allowedValues": [ + true, + false + ], + "defaultValue": true + }, + "metricsEnabled-String": { + "type": "String", + "metadata": { + "displayName": "Enable metrics", + "description": "Whether to enable metrics stream to the Log Analytics workspace - True or False" + }, + "allowedValues": [ + "True", + "False" + ], + "defaultValue": "False" + }, + "setting": { + "type": "String", + "metadata": { + "displayName": "Desired Auditing setting" + }, + "allowedValues": [ + "enabled", + "disabled" + ], + "defaultValue": "enabled" + }, + "allowedKeyTypes": { + "type": "Array", + "metadata": { + "displayName": "Allowed key types", + "description": "The list of allowed key types" + }, + "allowedValues": [ + "RSA", + "RSA-HSM", + "EC", + "EC-HSM" + ], + "defaultValue": [ + "RSA", + "RSA-HSM", + "EC", + "EC-HSM" + ] + }, + "checkLockedImmutabiltyOnly": { + "type": "Boolean", + "metadata": { + "displayName": "CheckLockedImmutabiltyOnly", + "description": "This parameter checks if Immutability is locked for Backup Vaults in scope. Selecting 'true' will mark only vaults with Immutability 'Locked' as compliant. Selecting 'false' will mark vaults that have Immutability either 'Enabled' or 'Locked' as compliant." + }, + "allowedValues": [ + true, + false + ], + "defaultValue": true + }, + "enableDoubleEncryption": { + "type": "Boolean", + "metadata": { + "displayName": "Double encryption should be enabled on Recovery Services vaults for Backup", + "description": "Check if double encryption is enabled on Recovery Services vaults for Backup. For more details refer to https://aka.ms/AB-InfraEncryption." + }, + "allowedValues": [ + true, + false + ], + "defaultValue": false + }, + "crossSubscriptionRestoreState": { + "type": "String", + "metadata": { + "displayName": "[Deprecated]: Cross Subscription Restore State", + "description": "Settings to disable or permanently disable Cross Subscription Restore. Please note that Cross Subscription Restore once permanently disabled on a vault cannot be re-enabled.", + "deprecated": true + }, + "allowedValues": [ + "Disable", + "PermanentlyDisable" + ], + "defaultValue": "Disable" + }, + "crossSubscriptionRestoreStateParameter": { + "type": "String", + "metadata": { + "displayName": "Cross Subscription Restore State", + "description": "Settings to disable or permanently disable Cross Subscription Restore. Please note that Cross Subscription Restore once permanently disabled on a vault cannot be re-enabled." + }, + "allowedValues": [ + "Disabled", + "PermanentlyDisabled" + ], + "defaultValue": "Disabled" + }, + "privateEndpointSubnetId": { + "type": "String", + "metadata": { + "displayName": "Private endpoint subnet ID", + "description": "A subnet with private endpoint network policies disabled.", + "strongType": "Microsoft.Network/virtualNetworks/subnets" + } + }, + "checkAlwaysOnSoftDeleteOnly": { + "type": "Boolean", + "metadata": { + "displayName": "CheckAlwaysOnSoftDeleteOnly", + "description": "This parameter checks if Soft Delete is 'Locked' for Backup Vaults in scope. Selecting 'true' will mark only vaults with Soft Delete 'AlwaysOn' as compliant. Selecting 'false' will mark vaults that have Soft Delete either 'On' or 'AlwaysOn' as compliant." + }, + "allowedValues": [ + true, + false + ], + "defaultValue": true + }, + "privateDnsZone-Backup": { + "type": "String", + "metadata": { + "displayName": "Private DNS Zone ID for backup", + "description": "Specifies private DNS Zone ID required to resolve DNS to private IP for the Azure Backup service.", + "strongType": "Microsoft.Network/privateDnsZones", + "assignPermissions": true + } + }, + "privateDnsZone-Blob": { + "type": "String", + "metadata": { + "displayName": "Private DNS Zone ID for blobs", + "description": "Specifies private DNS Zone ID required to resolve DNS to private IP for the Azure Blob service.", + "strongType": "Microsoft.Network/privateDnsZones", + "assignPermissions": true + } + }, + "privateDnsZone-Queue": { + "type": "String", + "metadata": { + "displayName": "Private DNS Zone ID for queues", + "description": "Specifies private DNS Zone ID required to resolve DNS to private IP for the Azure Queue service.", + "strongType": "Microsoft.Network/privateDnsZones", + "assignPermissions": true + } + }, + "checkLockedImmutabilityOnly": { + "type": "Boolean", + "metadata": { + "displayName": "CheckLockedImmutabilityOnly", + "description": "This parameter checks if Immutability is locked for Recovery Services Vaults in scope. Selecting 'true' will mark only vaults with Immutability 'Locked' as compliant. Selecting 'false' will mark vaults that have Immutability either 'Enabled' or 'Locked' as compliant." + }, + "allowedValues": [ + true, + false + ], + "defaultValue": true + }, + "inclusionTagValues": { + "type": "Array", + "metadata": { + "displayName": "Inclusion Tag Values", + "description": "Value of the tag to use for including storage accounts in the scope of this policy (in case of multiple values, use a comma-separated list). This should be used along with the Inclusion Tag Name parameter. Learn more at https://aka.ms/AB-BlobBackupAzPolicies." + } + }, + "exclusionTagValues": { + "type": "Array", + "metadata": { + "displayName": "Exclusion Tag Values", + "description": "Value of the tag to use for excluding storage accounts in the scope of this policy (in case of multiple values, use a comma-separated list). This should be used along with the Exclusion Tag Name parameter. Learn more at https://aka.ms/AB-BlobBackupAzPolicies." + } + }, + "modeRequirement": { + "type": "String", + "metadata": { + "displayName": "Mode Requirement", + "description": "Mode required for all WAF policies" + }, + "allowedValues": [ + "Prevention", + "Detection" + ], + "defaultValue": "Detection" + }, + "WindowsFirewallDomainUseProfileSettings": { + "type": "String", + "metadata": { + "displayName": "Windows Firewall (Domain): Use profile settings", + "description": "Specifies whether Windows Firewall with Advanced Security uses the settings for the Domain profile to filter network traffic. If you select Off, Windows Firewall with Advanced Security will not use any of the firewall rules or connection security rules for this profile." + }, + "defaultValue": "1" + }, + "WindowsFirewallDomainBehaviorForOutboundConnections": { + "type": "String", + "metadata": { + "displayName": "Windows Firewall (Domain): Behavior for outbound connections", + "description": "Specifies the behavior for outbound connections for the Domain profile that do not match an outbound firewall rule. The default value of 0 means to allow connections, and a value of 1 means to block connections." + }, + "defaultValue": "0" + }, + "WindowsFirewallDomainApplyLocalConnectionSecurityRules": { + "type": "String", + "metadata": { + "displayName": "Windows Firewall (Domain): Apply local connection security rules", + "description": "Specifies whether local administrators are allowed to create connection security rules that apply together with connection security rules configured by Group Policy for the Domain profile." + }, + "defaultValue": "1" + }, + "WindowsFirewallDomainApplyLocalFirewallRules": { + "type": "String", + "metadata": { + "displayName": "Windows Firewall (Domain): Apply local firewall rules", + "description": "Specifies whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy for the Domain profile." + }, + "defaultValue": "1" + }, + "WindowsFirewallDomainDisplayNotifications": { + "type": "String", + "metadata": { + "displayName": "Windows Firewall (Domain): Display notifications", + "description": "Specifies whether Windows Firewall with Advanced Security displays notifications to the user when a program is blocked from receiving inbound connections, for the Domain profile." + }, + "defaultValue": "1" + }, + "WindowsFirewallPrivateUseProfileSettings": { + "type": "String", + "metadata": { + "displayName": "Windows Firewall (Private): Use profile settings", + "description": "Specifies whether Windows Firewall with Advanced Security uses the settings for the Private profile to filter network traffic. If you select Off, Windows Firewall with Advanced Security will not use any of the firewall rules or connection security rules for this profile." + }, + "defaultValue": "1" + }, + "WindowsFirewallPrivateBehaviorForOutboundConnections": { + "type": "String", + "metadata": { + "displayName": "Windows Firewall (Private): Behavior for outbound connections", + "description": "Specifies the behavior for outbound connections for the Private profile that do not match an outbound firewall rule. The default value of 0 means to allow connections, and a value of 1 means to block connections." + }, + "defaultValue": "0" + }, + "WindowsFirewallPrivateApplyLocalConnectionSecurityRules": { + "type": "String", + "metadata": { + "displayName": "Windows Firewall (Private): Apply local connection security rules", + "description": "Specifies whether local administrators are allowed to create connection security rules that apply together with connection security rules configured by Group Policy for the Private profile." + }, + "defaultValue": "1" + }, + "WindowsFirewallPrivateApplyLocalFirewallRules": { + "type": "String", + "metadata": { + "displayName": "Windows Firewall (Private): Apply local firewall rules", + "description": "Specifies whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy for the Private profile." + }, + "defaultValue": "1" + }, + "WindowsFirewallPrivateDisplayNotifications": { + "type": "String", + "metadata": { + "displayName": "Windows Firewall (Private): Display notifications", + "description": "Specifies whether Windows Firewall with Advanced Security displays notifications to the user when a program is blocked from receiving inbound connections, for the Private profile." + }, + "defaultValue": "1" + }, + "WindowsFirewallPublicUseProfileSettings": { + "type": "String", + "metadata": { + "displayName": "Windows Firewall (Public): Use profile settings", + "description": "Specifies whether Windows Firewall with Advanced Security uses the settings for the Public profile to filter network traffic. If you select Off, Windows Firewall with Advanced Security will not use any of the firewall rules or connection security rules for this profile." + }, + "defaultValue": "1" + }, + "WindowsFirewallPublicBehaviorForOutboundConnections": { + "type": "String", + "metadata": { + "displayName": "Windows Firewall (Public): Behavior for outbound connections", + "description": "Specifies the behavior for outbound connections for the Public profile that do not match an outbound firewall rule. The default value of 0 means to allow connections, and a value of 1 means to block connections." + }, + "defaultValue": "0" + }, + "WindowsFirewallPublicApplyLocalConnectionSecurityRules": { + "type": "String", + "metadata": { + "displayName": "Windows Firewall (Public): Apply local connection security rules", + "description": "Specifies whether local administrators are allowed to create connection security rules that apply together with connection security rules configured by Group Policy for the Public profile." + }, + "defaultValue": "1" + }, + "WindowsFirewallPublicApplyLocalFirewallRules": { + "type": "String", + "metadata": { + "displayName": "Windows Firewall (Public): Apply local firewall rules", + "description": "Specifies whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy for the Public profile." + }, + "defaultValue": "1" + }, + "WindowsFirewallPublicDisplayNotifications": { + "type": "String", + "metadata": { + "displayName": "Windows Firewall (Public): Display notifications", + "description": "Specifies whether Windows Firewall with Advanced Security displays notifications to the user when a program is blocked from receiving inbound connections, for the Public profile." + }, + "defaultValue": "1" + }, + "WindowsFirewallDomainAllowUnicastResponse": { + "type": "String", + "metadata": { + "displayName": "Windows Firewall: Domain: Allow unicast response", + "description": "Specifies whether Windows Firewall with Advanced Security permits the local computer to receive unicast responses to its outgoing multicast or broadcast messages; for the Domain profile." + }, + "defaultValue": "0" + }, + "WindowsFirewallPrivateAllowUnicastResponse": { + "type": "String", + "metadata": { + "displayName": "Windows Firewall: Private: Allow unicast response", + "description": "Specifies whether Windows Firewall with Advanced Security permits the local computer to receive unicast responses to its outgoing multicast or broadcast messages; for the Private profile." + }, + "defaultValue": "0" + }, + "WindowsFirewallPublicAllowUnicastResponse": { + "type": "String", + "metadata": { + "displayName": "Windows Firewall: Public: Allow unicast response", + "description": "Specifies whether Windows Firewall with Advanced Security permits the local computer to receive unicast responses to its outgoing multicast or broadcast messages; for the Public profile." + }, + "defaultValue": "1" + }, + "restrictIPAddresses": { + "type": "String", + "metadata": { + "displayName": "Would you like to restrict specific IP addresses?", + "description": "Select (Yes) to allow or forbid a list of IP addresses. If (No), the list of IP addresses won't have any effect in the policy enforcement" + }, + "allowedValues": [ + "Yes", + "No" + ], + "defaultValue": "No" + }, + "allowedIPAddresses": { + "type": "Array", + "metadata": { + "displayName": "Allowed IP addresses", + "description": "Array with allowed public IP addresses. An empty array is evaluated as to allow all IPs." + }, + "defaultValue": [] + }, + "forbiddenIPAddresses": { + "type": "Array", + "metadata": { + "displayName": "Forbidden IP addresses", + "description": "Array with forbidden public IP addresses. An empty array is evaluated as there are no forbidden IP addresses." + }, + "defaultValue": [] + }, + "subnetId": { + "type": "String", + "metadata": { + "displayName": "Subnet ID", + "strongType": "Microsoft.Network/virtualNetworks/subnets", + "description": "The resource ID of the virtual network subnet that should have a rule enabled. Example: /subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/Default/providers/Microsoft.Network/virtualNetworks/testvnet/subnets/testsubnet" + } + }, + "privateDnsZoneId": { + "type": "String", + "metadata": { + "displayName": "Private DNS Zone Id", + "description": "Private DNS zone to integrate with private endpoint.", + "strongType": "Microsoft.Network/privateDnsZones" + } + }, + "diagnosticSettingName": { + "type": "String", + "metadata": { + "displayName": "Diagnostic Setting Name", + "description": "Diagnostic Setting Name" + }, + "defaultValue": "setByPolicy-LogAnalytics" + }, + "categoryGroup": { + "type": "String", + "metadata": { + "displayName": "Category Group", + "description": "Diagnostic category group - none, audit, or allLogs." + }, + "allowedValues": [ + "audit", + "allLogs" + ], + "defaultValue": "audit" + }, + "resourceLocationList": { + "type": "Array", + "metadata": { + "displayName": "Resource Location List", + "description": "Resource Location List to send logs to nearby Log Analytics. A single entry \"*\" selects all locations (default)." + }, + "defaultValue": [ + "*" + ] + }, + "logAnalytics": { + "type": "String", + "metadata": { + "displayName": "Log Analytics Workspace", + "description": "Log Analytics Workspace", + "strongType": "omsWorkspace", + "assignPermissions": true + } + }, + "resourceLocation": { + "type": "String", + "metadata": { + "displayName": "Resource Location", + "description": "Resource Location must be in the same location as the Event Hub Namespace.", + "strongType": "location" + } + }, + "eventHubAuthorizationRuleId": { + "type": "String", + "metadata": { + "displayName": "Event Hub Authorization Rule Id", + "description": "Event Hub Authorization Rule Id - the authorization rule needs to be at Event Hub namespace level. e.g. /subscriptions/{subscription Id}/resourceGroups/{resource group}/providers/Microsoft.EventHub/namespaces/{Event Hub namespace}/authorizationrules/{authorization rule}", + "strongType": "Microsoft.EventHub/Namespaces/AuthorizationRules", + "assignPermissions": true + } + }, + "eventHubName": { + "type": "String", + "metadata": { + "displayName": "Event Hub Name", + "description": "Event Hub Name." + }, + "defaultValue": "Monitoring" + }, + "storageAccount": { + "type": "String", + "metadata": { + "displayName": "Storage Account", + "description": "Full path (resourceId) to the storage account.", + "assignPermissions": true + } + }, + "profileName": { + "type": "String", + "metadata": { + "displayName": "Diagnostic setting name", + "description": "Profile name for the Azure diagnostic settings resource" + } + }, + "ddosPlan": { + "type": "String", + "metadata": { + "displayName": "DDoS Protection Plan", + "description": "DDoS Protection Plan resource to be associated to the virtual networks", + "strongType": "Microsoft.Network/ddosProtectionPlans" + } + } + }, + "policyDefinitions": [ + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/03d550b4-34ee-03f4-515f-f2e2faf7a413", + "policyDefinitionReferenceId": "ReviewAccessControlPoliciesAndProcedures", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.2 Security regulations", + "org.3 Security procedures", + "org.4 Authorization process", + "op.acc.2 Access requirements", + "op.acc.6 Authentication mechanism (organization users)", + "mp.info.1 Personal data", + "mp.info.2 Rating of information", + "mp.info.6 Backups", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0803eaa7-671c-08a7-52fd-ac419f775e75", + "policyDefinitionReferenceId": "DocumentAcquisitionContractAcceptanceCriteria", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.4 Authorization process", + "op.pl.3 Acquisition of new components", + "op.pl.5 Certified components", + "op.ext.1 Contracting and service level agreements", + "op.ext.2 Daily management", + "op.nub.1 Cloud service protection", + "mp.per.1 Job characterization", + "mp.per.2 Duties and obligations", + "mp.sw.1 IT Aplications development", + "mp.sw.2 Acceptance and commissioning", + "mp.s.1 E-mail protection", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0ba211ef-0e85-2a45-17fc-401d1b3f8f85", + "policyDefinitionReferenceId": "DocumentRequirementsForTheUseOfSharedDataInContracts", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.4 Authorization process", + "op.pl.3 Acquisition of new components", + "op.pl.5 Certified components", + "op.ext.1 Contracting and service level agreements", + "op.ext.2 Daily management", + "op.nub.1 Cloud service protection", + "mp.per.1 Job characterization", + "mp.per.2 Duties and obligations", + "mp.sw.1 IT Aplications development", + "mp.sw.2 Acceptance and commissioning", + "mp.s.1 E-mail protection", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/13efd2d7-3980-a2a4-39d0-527180c009e8", + "policyDefinitionReferenceId": "DocumentSecurityAssuranceRequirementsInAcquisitionContracts", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.4 Authorization process", + "op.pl.3 Acquisition of new components", + "op.pl.5 Certified components", + "op.ext.1 Contracting and service level agreements", + "op.ext.2 Daily management", + "op.nub.1 Cloud service protection", + "mp.per.1 Job characterization", + "mp.per.2 Duties and obligations", + "mp.sw.1 IT Aplications development", + "mp.sw.2 Acceptance and commissioning", + "mp.s.1 E-mail protection", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1a2a03a4-9992-5788-5953-d8f6615306de", + "policyDefinitionReferenceId": "GovernPoliciesAndProcedures", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.2 Security regulations", + "org.3 Security procedures", + "org.4 Authorization process", + "op.acc.2 Access requirements", + "op.acc.6 Authentication mechanism (organization users)", + "mp.info.1 Personal data", + "mp.info.2 Rating of information", + "mp.info.6 Backups", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/20012034-96f0-85c2-4a86-1ae1eb457802", + "policyDefinitionReferenceId": "ReviewAndUpdateRiskAssessmentPoliciesAndProcedures", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.2 Security regulations", + "org.3 Security procedures", + "org.4 Authorization process", + "op.pl.1 Risk analysis", + "mp.info.1 Personal data", + "mp.info.6 Backups", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2067b904-9552-3259-0cdd-84468e284b7c", + "policyDefinitionReferenceId": "ReviewAndUpdateSystemMaintenancePoliciesAndProcedures", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.2 Security regulations", + "org.3 Security procedures", + "org.4 Authorization process", + "mp.info.1 Personal data", + "mp.info.6 Backups", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/28aa060e-25c7-6121-05d8-a846f11433df", + "policyDefinitionReferenceId": "ReviewAndUpdatePlanningPoliciesAndProcedures", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.2 Security regulations", + "org.3 Security procedures", + "org.4 Authorization process", + "mp.info.1 Personal data", + "mp.info.6 Backups", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2e7a98c9-219f-0d58-38dc-d69038224442", + "policyDefinitionReferenceId": "ProtectTheInformationSecurityProgramPlan", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.2 Security regulations", + "org.4 Authorization process", + "mp.info.1 Personal data", + "mp.info.6 Backups", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/39eb03c1-97cc-11ab-0960-6209ed2869f7", + "policyDefinitionReferenceId": "EstablishAPrivacyProgram", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.2 Security regulations", + "org.3 Security procedures", + "org.4 Authorization process", + "op.pl.3 Acquisition of new components", + "op.exp.7 Incident management", + "mp.per.1 Job characterization", + "mp.per.2 Duties and obligations", + "mp.info.1 Personal data", + "mp.info.6 Backups", + "mp.s.1 E-mail protection", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4e400494-53a5-5147-6f4d-718b539c7394", + "policyDefinitionReferenceId": "ManageComplianceActivities", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "mp.info.1 Personal data", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5226dee6-3420-711b-4709-8e675ebd828f", + "policyDefinitionReferenceId": "UpdateInformationSecurityPolicies", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.2 Security regulations", + "org.3 Security procedures", + "org.4 Authorization process", + "mp.per.2 Duties and obligations", + "mp.info.1 Personal data", + "mp.info.6 Backups", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/524e7136-9f6a-75ba-9089-501018151346", + "policyDefinitionReferenceId": "DocumentSecurityAndPrivacyTrainingActivities", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.2 Security regulations", + "org.3 Security procedures", + "org.4 Authorization process", + "mp.per.1 Job characterization", + "mp.per.3 Awareness", + "mp.per.4 Training", + "mp.eq.3 Protection of portable devices", + "mp.si.3 Custody", + "mp.info.1 Personal data", + "mp.info.6 Backups", + "mp.s.1 E-mail protection", + "mp.s.2 Protection of web services and applications", + "mp.s.3 Protection of web browsing" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/57927290-8000-59bf-3776-90c468ac5b4b", + "policyDefinitionReferenceId": "DocumentSecurityFunctionalRequirementsInAcquisitionContracts", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.4 Authorization process", + "op.pl.3 Acquisition of new components", + "op.pl.5 Certified components", + "op.ext.1 Contracting and service level agreements", + "op.ext.2 Daily management", + "op.nub.1 Cloud service protection", + "mp.per.1 Job characterization", + "mp.per.2 Duties and obligations", + "mp.sw.1 IT Aplications development", + "mp.sw.2 Acceptance and commissioning", + "mp.s.1 E-mail protection", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/59f7feff-02aa-6539-2cf7-bea75b762140", + "policyDefinitionReferenceId": "DevelopAccessControlPoliciesAndProcedures", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.2 Security regulations", + "org.3 Security procedures", + "org.4 Authorization process", + "op.acc.2 Access requirements", + "op.acc.6 Authentication mechanism (organization users)", + "mp.info.1 Personal data", + "mp.info.2 Rating of information", + "mp.info.6 Backups", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/67ada943-8539-083d-35d0-7af648974125", + "policyDefinitionReferenceId": "DetermineSupplierContractObligations", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.4 Authorization process", + "op.pl.3 Acquisition of new components", + "op.pl.4 Sizing and capacity management", + "op.pl.5 Certified components", + "op.ext.1 Contracting and service level agreements", + "op.ext.2 Daily management", + "op.nub.1 Cloud service protection", + "mp.per.1 Job characterization", + "mp.per.2 Duties and obligations", + "mp.sw.1 IT Aplications development", + "mp.sw.2 Acceptance and commissioning", + "mp.s.1 E-mail protection", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6bededc0-2985-54d5-4158-eb8bad8070a0", + "policyDefinitionReferenceId": "ReviewAndUpdateInformationIntegrityPoliciesAndProcedures", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.2 Security regulations", + "org.3 Security procedures", + "org.4 Authorization process", + "mp.info.1 Personal data", + "mp.info.6 Backups", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/77acc53d-0f67-6e06-7d04-5750653d4629", + "policyDefinitionReferenceId": "DocumentTheProtectionOfCardholderDataInThirdPartyContracts", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.4 Authorization process", + "op.pl.3 Acquisition of new components", + "op.pl.5 Certified components", + "op.ext.1 Contracting and service level agreements", + "op.ext.2 Daily management", + "op.nub.1 Cloud service protection", + "mp.per.1 Job characterization", + "mp.per.2 Duties and obligations", + "mp.sw.1 IT Aplications development", + "mp.sw.2 Acceptance and commissioning", + "mp.s.1 E-mail protection", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/84245967-7882-54f6-2d34-85059f725b47", + "policyDefinitionReferenceId": "EstablishAnInformationSecurityProgram", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.2 Security regulations", + "org.4 Authorization process", + "mp.info.1 Personal data", + "mp.info.6 Backups", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/91cf132e-0c9f-37a8-a523-dc6a92cd2fb2", + "policyDefinitionReferenceId": "ReviewAndUpdatePhysicalAndEnvironmentalPoliciesAndProcedures", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.2 Security regulations", + "org.3 Security procedures", + "org.4 Authorization process", + "mp.if.1 Separate areas with access control", + "mp.if.2 Identification of persons", + "mp.if.3 Fitting-out of premises", + "mp.if.5 Fire protection", + "mp.if.6 Flood protection", + "mp.if.7 Recording of entries and exits of equipment", + "mp.info.1 Personal data", + "mp.info.6 Backups", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/96333008-988d-4add-549b-92b3a8c42063", + "policyDefinitionReferenceId": "UpdatePrivacyPlanPoliciesAndProcedures", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.2 Security regulations", + "org.4 Authorization process", + "mp.info.1 Personal data", + "mp.info.6 Backups", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a28323fe-276d-3787-32d2-cef6395764c4", + "policyDefinitionReferenceId": "DevelopAuditAndAccountabilityPoliciesAndProcedures", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.2 Security regulations", + "org.3 Security procedures", + "org.4 Authorization process", + "mp.info.1 Personal data", + "mp.info.6 Backups", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a4493012-908c-5f48-a468-1e243be884ce", + "policyDefinitionReferenceId": "ReviewSecurityAssessmentAndAuthorizationPoliciesAndProcedures", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.2 Security regulations", + "org.3 Security procedures", + "org.4 Authorization process", + "mp.info.1 Personal data", + "mp.info.6 Backups", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a465e8e9-0095-85cb-a05f-1dd4960d02af", + "policyDefinitionReferenceId": "DocumentSecurityDocumentationRequirementsInAcquisitionContract", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.4 Authorization process", + "op.pl.3 Acquisition of new components", + "op.pl.5 Certified components", + "op.ext.1 Contracting and service level agreements", + "op.ext.2 Daily management", + "op.nub.1 Cloud service protection", + "mp.per.1 Job characterization", + "mp.per.2 Duties and obligations", + "mp.sw.1 IT Aplications development", + "mp.sw.2 Acceptance and commissioning", + "mp.s.1 E-mail protection", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/adf517f3-6dcd-3546-9928-34777d0c277e", + "policyDefinitionReferenceId": "ReviewAndUpdateSystemAndCommunicationsProtectionPoliciesAndProcedures", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.2 Security regulations", + "org.3 Security procedures", + "org.4 Authorization process", + "op.acc.6 Authentication mechanism (organization users)", + "op.exp.10 Cryptographic key protection", + "mp.si.2 Cryptography", + "mp.si.4 Transport", + "mp.info.1 Personal data", + "mp.info.3 Electronic signature", + "mp.info.6 Backups", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af227964-5b8b-22a2-9364-06d2cb9d6d7c", + "policyDefinitionReferenceId": "DevelopInformationSecurityPoliciesAndProcedures", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.2 Security regulations", + "org.3 Security procedures", + "org.4 Authorization process", + "op.pl.3 Acquisition of new components", + "mp.info.1 Personal data", + "mp.info.6 Backups", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/afbecd30-37ee-a27b-8e09-6ac49951a0ee", + "policyDefinitionReferenceId": "EstablishSecurityRequirementsForTheManufacturingOfConnectedDevices", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.2 Security regulations", + "org.3 Security procedures", + "org.4 Authorization process", + "op.pl.3 Acquisition of new components", + "mp.info.1 Personal data", + "mp.info.6 Backups", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b1666a13-8f67-9c47-155e-69e027ff6823", + "policyDefinitionReferenceId": "EnforceMandatoryAndDiscretionaryAccessControlPolicies", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.pl.2 Security Architecture", + "op.pl.3 Acquisition of new components", + "op.acc.1 Identification", + "op.acc.2 Access requirements", + "op.acc.3 Segregation of functions and tasks", + "op.acc.4 Access rights management process", + "op.ext.4 Interconnection of systems", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.com.4 Separation of information flows on the network", + "mp.sw.1 IT Aplications development", + "mp.info.1 Personal data", + "mp.info.2 Rating of information", + "mp.info.3 Electronic signature", + "mp.info.4 Time stamps", + "mp.info.6 Backups" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b28c8687-4bbd-8614-0b96-cdffa1ac6d9c", + "policyDefinitionReferenceId": "ReviewAndUpdateIncidentResponsePoliciesAndProcedures", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.2 Security regulations", + "org.3 Security procedures", + "org.4 Authorization process", + "op.exp.7 Incident management", + "mp.info.1 Personal data", + "mp.info.6 Backups", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b2ea1058-8998-3dd1-84f1-82132ad482fd", + "policyDefinitionReferenceId": "DevelopAndEstablishASystemSecurityPlan", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.2 Security regulations", + "org.3 Security procedures", + "org.4 Authorization process", + "op.pl.3 Acquisition of new components", + "mp.info.1 Personal data", + "mp.info.6 Backups", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b4e19d22-8c0e-7cad-3219-c84c62dc250f", + "policyDefinitionReferenceId": "ReviewAndUpdateMediaProtectionPoliciesAndProcedures", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.2 Security regulations", + "org.3 Security procedures", + "org.4 Authorization process", + "mp.info.1 Personal data", + "mp.info.6 Backups", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c148208b-1a6f-a4ac-7abc-23b1d41121b1", + "policyDefinitionReferenceId": "DocumentTheInformationSystemEnvironmentInAcquisitionContracts", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.4 Authorization process", + "op.pl.3 Acquisition of new components", + "op.pl.5 Certified components", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "op.ext.1 Contracting and service level agreements", + "op.ext.2 Daily management", + "op.nub.1 Cloud service protection", + "mp.per.1 Job characterization", + "mp.per.2 Duties and obligations", + "mp.eq.2 User session lockout", + "mp.sw.1 IT Aplications development", + "mp.sw.2 Acceptance and commissioning", + "mp.s.1 E-mail protection", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d78f95ba-870a-a500-6104-8a5ce2534f19", + "policyDefinitionReferenceId": "DocumentProtectionOfSecurityInformationInAcquisitionContracts", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.4 Authorization process", + "op.pl.3 Acquisition of new components", + "op.pl.5 Certified components", + "op.ext.1 Contracting and service level agreements", + "op.ext.2 Daily management", + "op.nub.1 Cloud service protection", + "mp.per.1 Job characterization", + "mp.per.2 Duties and obligations", + "mp.sw.1 IT Aplications development", + "mp.sw.2 Acceptance and commissioning", + "mp.s.1 E-mail protection", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/df2e9507-169b-4114-3a52-877561ee3198", + "policyDefinitionReferenceId": "ImplementSecurityEngineeringPrinciplesOfInformationSystems", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.2 Security regulations", + "org.3 Security procedures", + "org.4 Authorization process", + "op.pl.3 Acquisition of new components", + "mp.info.1 Personal data", + "mp.info.6 Backups", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9", + "policyDefinitionReferenceId": "ReviewAndUpdatePersonnelSecurityPoliciesAndProcedures", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.2 Security regulations", + "org.3 Security procedures", + "org.4 Authorization process", + "op.pl.4 Sizing and capacity management", + "op.pl.5 Certified components", + "op.ext.1 Contracting and service level agreements", + "op.nub.1 Cloud service protection", + "mp.info.1 Personal data", + "mp.info.6 Backups", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e9c60c37-65b0-2d72-6c3c-af66036203ae", + "policyDefinitionReferenceId": "ReviewAndUpdateContingencyPlanningPoliciesAndProcedures", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.2 Security regulations", + "org.3 Security procedures", + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means", + "mp.if.1 Separate areas with access control", + "mp.if.2 Identification of persons", + "mp.if.3 Fitting-out of premises", + "mp.if.5 Fire protection", + "mp.if.6 Flood protection", + "mp.if.7 Recording of entries and exits of equipment", + "mp.info.1 Personal data", + "mp.info.6 Backups", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/eb8a8df9-521f-3ccd-7e2c-3d1fcc812340", + "policyDefinitionReferenceId": "ReviewAndUpdateConfigurationManagementPoliciesAndProcedures", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.2 Security regulations", + "org.3 Security procedures", + "org.4 Authorization process", + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "op.mon.3 Monitoring", + "mp.info.1 Personal data", + "mp.info.6 Backups", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ebb0ba89-6d8c-84a7-252b-7393881e43de", + "policyDefinitionReferenceId": "DocumentSecurityStrengthRequirementsInAcquisitionContracts", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "op.pl.3 Acquisition of new components", + "op.pl.5 Certified components", + "op.acc.1 Identification", + "op.acc.2 Access requirements", + "op.acc.5 Authentication mechanism (external users)", + "op.exp.10 Cryptographic key protection", + "op.ext.1 Contracting and service level agreements", + "op.ext.2 Daily management", + "op.nub.1 Cloud service protection", + "mp.per.1 Job characterization", + "mp.per.2 Duties and obligations", + "mp.sw.1 IT Aplications development", + "mp.sw.2 Acceptance and commissioning", + "mp.s.1 E-mail protection", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f49925aa-9b11-76ae-10e2-6e973cc60f37", + "policyDefinitionReferenceId": "ReviewAndUpdateSystemAndServicesAcquisitionPoliciesAndProcedures", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.2 Security regulations", + "org.3 Security procedures", + "org.4 Authorization process", + "op.pl.4 Sizing and capacity management", + "op.pl.5 Certified components", + "op.ext.1 Contracting and service level agreements", + "op.nub.1 Cloud service protection", + "mp.info.1 Personal data", + "mp.info.6 Backups", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f8d141b7-4e21-62a6-6608-c79336e36bc9", + "policyDefinitionReferenceId": "EstablishPrivacyRequirementsForContractorsAndServiceProviders", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f9ec3263-9562-1768-65a1-729793635a8d", + "policyDefinitionReferenceId": "DocumentProtectionOfPersonalDataInAcquisitionContracts", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.4 Authorization process", + "op.pl.3 Acquisition of new components", + "op.pl.5 Certified components", + "op.ext.1 Contracting and service level agreements", + "op.ext.2 Daily management", + "op.nub.1 Cloud service protection", + "mp.per.1 Job characterization", + "mp.per.2 Duties and obligations", + "mp.sw.1 IT Aplications development", + "mp.sw.2 Acceptance and commissioning", + "mp.s.1 E-mail protection", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/00f12b6f-10d7-8117-9577-0f2b76488385", + "policyDefinitionReferenceId": "IntegrateRiskManagementProcessIntoSdlc", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.4 Authorization process", + "op.pl.1 Risk analysis", + "op.pl.3 Acquisition of new components", + "mp.sw.1 IT Aplications development" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/04837a26-2601-1982-3da7-bf463e6408f4", + "policyDefinitionReferenceId": "DevelopConfigurationManagementPlan", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.4 Authorization process", + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "op.mon.3 Monitoring" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0dcbaf2f-075e-947b-8f4c-74ecc5cd302c", + "policyDefinitionReferenceId": "IdentifyIndividualsWithSecurityRolesAndResponsibilities", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.4 Authorization process", + "op.pl.3 Acquisition of new components", + "mp.sw.1 IT Aplications development" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/14a4fd0a-9100-1e12-1362-792014a28155", + "policyDefinitionReferenceId": "UpdateContingencyPlan", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.4 Authorization process", + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means", + "mp.eq.3 Protection of portable devices", + "mp.eq.4 Other devices connected to the network", + "mp.info.6 Backups" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1beb1269-62ee-32cd-21ad-43d6c9750eb6", + "policyDefinitionReferenceId": "EnsurePrivacyProgramInformationIsPubliclyAvailable", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.4 Authorization process", + "mp.per.1 Job characterization", + "mp.per.2 Duties and obligations", + "mp.s.1 E-mail protection" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2f20840e-7925-221c-725d-757442753e7c", + "policyDefinitionReferenceId": "DevelopAndMaintainBaselineConfigurations", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.4 Authorization process" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/33832848-42ab-63f3-1a55-c0ad309d44cd", + "policyDefinitionReferenceId": "ImplementAnAutomatedConfigurationManagementTool", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.4 Authorization process", + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "op.mon.3 Monitoring" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3881168c-5d38-6f04-61cc-b5d87b2c4c58", + "policyDefinitionReferenceId": "EstablishThirdPartyPersonnelSecurityRequirements", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.4 Authorization process" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4e45863d-9ea9-32b4-a204-2680bc6007a6", + "policyDefinitionReferenceId": "RequireExternalServiceProvidersToComplyWithSecurityRequirements", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.3 Security procedures", + "org.4 Authorization process", + "op.acc.6 Authentication mechanism (organization users)", + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.ext.1 Contracting and service level agreements", + "op.ext.2 Daily management", + "op.ext.4 Interconnection of systems", + "op.nub.1 Cloud service protection", + "op.mon.1 Intrusion detection", + "mp.com.1 Secure perimeter", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.com.4 Separation of information flows on the network" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/526ed90e-890f-69e7-0386-ba5c0f1f784f", + "policyDefinitionReferenceId": "EstablishAndDocumentAConfigurationManagementPlan", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.4 Authorization process", + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "op.mon.3 Monitoring" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/53fc1282-0ee3-2764-1319-e20143bb0ea5", + "policyDefinitionReferenceId": "ReviewContingencyPlan", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.4 Authorization process", + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means", + "mp.eq.3 Protection of portable devices", + "mp.eq.4 Other devices connected to the network", + "mp.info.6 Backups" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6baae474-434f-2e91-7163-a72df30c4847", + "policyDefinitionReferenceId": "ManageSecurityStateOfInformationSystems", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.4 Authorization process" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/75b42dcf-7840-1271-260b-852273d7906e", + "policyDefinitionReferenceId": "DevelopContingencyPlanningPoliciesAndProcedures", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.4 Authorization process", + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means", + "mp.eq.3 Protection of portable devices", + "mp.eq.4 Other devices connected to the network", + "mp.info.6 Backups" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7ded6497-815d-6506-242b-e043e0273928", + "policyDefinitionReferenceId": "PlanForResumptionOfEssentialBusinessFunctions", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.4 Authorization process", + "mp.eq.3 Protection of portable devices", + "mp.eq.4 Other devices connected to the network", + "mp.info.6 Backups" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/836f8406-3b8a-11bb-12cb-6c7fa0765668", + "policyDefinitionReferenceId": "DevelopConfigurationItemIdentificationPlan", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.4 Authorization process" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/874a6f2e-2098-53bc-3a16-20dcdc425a7e", + "policyDefinitionReferenceId": "CreateConfigurationPlanProtection", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.4 Authorization process" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8b077bff-516f-3983-6c42-c86e9a11868b", + "policyDefinitionReferenceId": "DesignateIndividualsToFulfillSpecificRolesAndResponsibilities", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.4 Authorization process" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/91a54089-2d69-0f56-62dc-b6371a1671c0", + "policyDefinitionReferenceId": "ResumeAllMissionAndBusinessFunctions", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.4 Authorization process", + "mp.eq.3 Protection of portable devices", + "mp.eq.4 Other devices connected to the network", + "mp.info.6 Backups" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9b55929b-0101-47c0-a16e-d6ac5c7d21f8", + "policyDefinitionReferenceId": "UndergoIndependentSecurityReview", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.2 Security regulations", + "org.3 Security procedures", + "org.4 Authorization process", + "op.acc.6 Authentication mechanism (organization users)", + "op.exp.2 Security configuration", + "op.ext.1 Contracting and service level agreements", + "op.ext.2 Daily management", + "op.ext.4 Interconnection of systems", + "op.nub.1 Cloud service protection", + "op.mon.1 Intrusion detection", + "op.mon.2 Metrics system", + "mp.com.1 Secure perimeter", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.com.4 Separation of information flows on the network" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a1334a65-2622-28ee-5067-9d7f5b915cc5", + "policyDefinitionReferenceId": "CommunicateContingencyPlanChanges", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.4 Authorization process", + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means", + "mp.eq.3 Protection of portable devices", + "mp.eq.4 Other devices connected to the network", + "mp.info.6 Backups" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/aa305b4d-8c84-1754-0c74-dec004e66be0", + "policyDefinitionReferenceId": "DevelopContingencyPlan", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.4 Authorization process", + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means", + "mp.eq.3 Protection of portable devices", + "mp.eq.4 Other devices connected to the network", + "mp.info.6 Backups" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/afd5d60a-48d2-8073-1ec2-6687e22f2ddd", + "policyDefinitionReferenceId": "RequireNotificationOfThirdPartyPersonnelTransferOrTermination", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.4 Authorization process" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b320aa42-33b4-53af-87ce-100091d48918", + "policyDefinitionReferenceId": "DocumentThirdPartyPersonnelSecurityRequirements", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.4 Authorization process" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bd6cbcba-4a2d-507c-53e3-296b5c238a8e", + "policyDefinitionReferenceId": "DevelopAndDocumentABusinessContinuityAndDisasterRecoveryPlan", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.4 Authorization process", + "mp.eq.3 Protection of portable devices", + "mp.eq.4 Other devices connected to the network", + "mp.info.6 Backups" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c5784049-959f-6067-420c-f4cefae93076", + "policyDefinitionReferenceId": "CoordinateContingencyPlansWithRelatedPlans", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "op.exp.7 Incident management", + "op.exp.9 Incident management record", + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means", + "mp.if.1 Separate areas with access control", + "mp.if.2 Identification of persons", + "mp.if.3 Fitting-out of premises", + "mp.if.5 Fire protection", + "mp.if.6 Flood protection", + "mp.if.7 Recording of entries and exits of equipment", + "mp.eq.3 Protection of portable devices", + "mp.eq.4 Other devices connected to the network", + "mp.info.6 Backups" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928", + "policyDefinitionReferenceId": "AppointASeniorInformationSecurityOfficer", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.4 Authorization process" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/cbfa1bd0-714d-8d6f-0480-2ad6a53972df", + "policyDefinitionReferenceId": "DefineAndDocumentGovernmentOversight", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.3 Security procedures", + "org.4 Authorization process", + "op.acc.6 Authentication mechanism (organization users)", + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.ext.1 Contracting and service level agreements", + "op.ext.2 Daily management", + "op.ext.4 Interconnection of systems", + "op.nub.1 Cloud service protection", + "op.mon.1 Intrusion detection", + "mp.com.1 Secure perimeter", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.com.4 Separation of information flows on the network" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e8c31e15-642d-600f-78ab-bad47a5787e6", + "policyDefinitionReferenceId": "RequireThirdPartyProvidersToComplyWithPersonnelSecurityPoliciesAndProcedures", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.4 Authorization process" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/eab4450d-9e5c-4f38-0656-2ff8c78c83f3", + "policyDefinitionReferenceId": "DocumentAndImplementPrivacyComplaintProcedures", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.4 Authorization process" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ef5a7059-6651-73b1-18b3-75b1b79c1565", + "policyDefinitionReferenceId": "DefineInformationSecurityRolesAndResponsibilities", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.4 Authorization process", + "op.pl.3 Acquisition of new components", + "mp.sw.1 IT Aplications development" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/eff6e4a5-3efe-94dd-2ed1-25d56a019a82", + "policyDefinitionReferenceId": "DistributePoliciesAndProcedures", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.4 Authorization process", + "mp.eq.3 Protection of portable devices", + "mp.eq.4 Other devices connected to the network", + "mp.info.6 Backups" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f8ded0c6-a668-9371-6bb6-661d58787198", + "policyDefinitionReferenceId": "MonitorThirdPartyProviderCompliance", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.4 Authorization process" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ffea18d9-13de-6505-37f3-4c1f88070ad7", + "policyDefinitionReferenceId": "ReviewCloudServiceProvidersComplianceWithPoliciesAndAgreements", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.3 Security procedures", + "org.4 Authorization process", + "op.acc.6 Authentication mechanism (organization users)", + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.ext.1 Contracting and service level agreements", + "op.ext.2 Daily management", + "op.ext.4 Interconnection of systems", + "op.nub.1 Cloud service protection", + "op.mon.1 Intrusion detection", + "mp.com.1 Secure perimeter", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.com.4 Separation of information flows on the network" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5decc032-95bd-2163-9549-a41aba83228e", + "policyDefinitionReferenceId": "ImplementFormalSanctionsProcess", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "mp.per.2 Duties and obligations" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6228396e-2ace-7ca5-3247-45767dbf52f4", + "policyDefinitionReferenceId": "NotifyPersonnelUponSanctions", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "mp.per.2 Duties and obligations" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d36700f2-2f0d-7c2a-059c-bdadd1d79f70", + "policyDefinitionReferenceId": "EstablishARiskManagementStrategy", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.4 Authorization process", + "op.pl.1 Risk analysis", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "mp.eq.2 User session lockout", + "mp.sw.2 Acceptance and commissioning", + "mp.info.1 Personal data", + "mp.info.6 Backups" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/725164e5-3b21-1ec2-7e42-14f077862841", + "policyDefinitionReferenceId": "RequireComplianceWithIntellectualPropertyRights", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/77cc89bb-774f-48d7-8a84-fb8c322c3000", + "policyDefinitionReferenceId": "TrackSoftwareLicenseUsage", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0e696f5a-451f-5c15-5532-044136538491", + "policyDefinitionReferenceId": "ProtectAuditInformation", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "op.exp.8 Recording of the activity" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/10c4210b-3ec9-9603-050d-77e4d26c7ebb", + "policyDefinitionReferenceId": "EnforceLogicalAccess", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.2 Security regulations", + "org.4 Authorization process", + "op.pl.2 Security Architecture", + "op.pl.3 Acquisition of new components", + "op.acc.2 Access requirements", + "op.acc.6 Authentication mechanism (organization users)", + "op.exp.2 Security configuration", + "op.ext.4 Interconnection of systems", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.com.4 Separation of information flows on the network", + "mp.sw.1 IT Aplications development", + "mp.info.3 Electronic signature", + "mp.info.4 Time stamps", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/12af7c7a-92af-9e96-0d0c-5e732d1a3751", + "policyDefinitionReferenceId": "EnsureInformationSystemFailsInKnownState", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "mp.if.1 Separate areas with access control", + "mp.if.3 Fitting-out of premises", + "mp.if.5 Fire protection", + "mp.if.6 Flood protection", + "mp.eq.3 Protection of portable devices", + "mp.eq.4 Other devices connected to the network", + "mp.si.2 Cryptography", + "mp.info.6 Backups" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2c843d78-8f64-92b5-6a9b-e8186c0e7eb6", + "policyDefinitionReferenceId": "EnableDualOrJointAuthorization", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "op.exp.8 Recording of the activity" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4f23967c-a74b-9a09-9dc2-f566f61a87b9", + "policyDefinitionReferenceId": "EstablishBackupPoliciesAndProcedures", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "op.exp.3 Security configuration management", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means", + "mp.si.2 Cryptography", + "mp.info.6 Backups" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/50e9324a-7410-0539-0662-2c1e775538b7", + "policyDefinitionReferenceId": "AuthorizeAndManageAccess", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "op.pl.2 Security Architecture", + "op.pl.3 Acquisition of new components", + "op.acc.1 Identification", + "op.acc.2 Access requirements", + "op.acc.3 Segregation of functions and tasks", + "op.acc.4 Access rights management process", + "op.acc.5 Authentication mechanism (external users)", + "op.acc.6 Authentication mechanism (organization users)", + "op.ext.4 Interconnection of systems", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.com.4 Separation of information flows on the network", + "mp.sw.1 IT Aplications development", + "mp.info.3 Electronic signature", + "mp.info.4 Time stamps" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/55a7f9a0-6397-7589-05ef-5ed59a8149e7", + "policyDefinitionReferenceId": "ControlPhysicalAccess", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "mp.if.1 Separate areas with access control", + "mp.if.2 Identification of persons", + "mp.if.3 Fitting-out of premises", + "mp.if.4 Electrical energy", + "mp.if.5 Fire protection", + "mp.if.6 Flood protection", + "mp.if.7 Recording of entries and exits of equipment", + "mp.eq.1 Clear desk", + "mp.si.1 Marking", + "mp.si.4 Transport", + "mp.info.1 Personal data", + "mp.info.2 Rating of information", + "mp.info.5 Clean-up of documents" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/aeed863a-0f56-429f-945d-8bb66bd06841", + "policyDefinitionReferenceId": "AuthorizeAccessToSecurityFunctionsAndInformation", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "op.pl.2 Security Architecture", + "op.pl.3 Acquisition of new components", + "op.acc.1 Identification", + "op.acc.2 Access requirements", + "op.acc.3 Segregation of functions and tasks", + "op.acc.4 Access rights management process", + "op.acc.5 Authentication mechanism (external users)", + "op.acc.6 Authentication mechanism (organization users)", + "op.ext.4 Interconnection of systems", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.com.4 Separation of information flows on the network", + "mp.sw.1 IT Aplications development", + "mp.info.3 Electronic signature", + "mp.info.4 Time stamps" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b269a749-705e-8bff-055a-147744675cdf", + "policyDefinitionReferenceId": "ConductBackupOfInformationSystemDocumentation", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "op.exp.3 Security configuration management", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means", + "mp.si.2 Cryptography", + "mp.info.6 Backups" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ba02d0a0-566a-25dc-73f1-101c726a19c5", + "policyDefinitionReferenceId": "ImplementTransactionBasedRecovery", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "mp.si.2 Cryptography", + "mp.info.6 Backups" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/de770ba6-50dd-a316-2932-e0d972eaa734", + "policyDefinitionReferenceId": "RequireApprovalForAccountCreation", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "op.pl.2 Security Architecture", + "op.pl.3 Acquisition of new components", + "op.acc.1 Identification", + "op.acc.2 Access requirements", + "op.acc.3 Segregation of functions and tasks", + "op.acc.4 Access rights management process", + "op.acc.5 Authentication mechanism (external users)", + "op.acc.6 Authentication mechanism (organization users)", + "op.ext.4 Interconnection of systems", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.com.4 Separation of information flows on the network", + "mp.sw.1 IT Aplications development", + "mp.info.3 Electronic signature", + "mp.info.4 Time stamps" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e23444b9-9662-40f3-289e-6d25c02b48fa", + "policyDefinitionReferenceId": "ReviewLabelActivityAndAnalytics", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "mp.eq.4 Other devices connected to the network", + "mp.si.1 Marking", + "mp.info.1 Personal data", + "mp.info.2 Rating of information", + "mp.info.5 Clean-up of documents" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e435f7e3-0dd9-58c9-451f-9b44b96c0232", + "policyDefinitionReferenceId": "ImplementControlsToSecureAllMedia", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.pl.2 Security Architecture", + "op.pl.3 Acquisition of new components", + "op.exp.1 Asset inventory", + "mp.eq.1 Clear desk", + "mp.eq.2 User session lockout", + "mp.eq.3 Protection of portable devices", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.si.1 Marking", + "mp.si.2 Cryptography", + "mp.si.3 Custody", + "mp.si.4 Transport", + "mp.si.5 Erasure and destruction", + "mp.info.2 Rating of information", + "mp.info.5 Clean-up of documents", + "mp.info.6 Backups" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e603da3a-8af7-4f8a-94cb-1bcc0e0333d2", + "policyDefinitionReferenceId": "ManageTheInputOutputProcessingAndStorageOfData", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "mp.if.1 Separate areas with access control", + "mp.if.2 Identification of persons", + "mp.if.3 Fitting-out of premises", + "mp.if.4 Electrical energy", + "mp.if.7 Recording of entries and exits of equipment", + "mp.si.1 Marking", + "mp.si.4 Transport", + "mp.info.1 Personal data", + "mp.info.2 Rating of information", + "mp.info.5 Clean-up of documents" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/eb1c944e-0e94-647b-9b7e-fdb8d2af0838", + "policyDefinitionReferenceId": "ReviewUserGroupsAndApplicationsWithAccessToSensitiveData", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "org.2 Security regulations", + "org.4 Authorization process", + "op.pl.2 Security Architecture", + "op.pl.3 Acquisition of new components", + "op.acc.2 Access requirements", + "op.acc.6 Authentication mechanism (organization users)", + "op.exp.2 Security configuration", + "op.ext.4 Interconnection of systems", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.com.4 Separation of information flows on the network", + "mp.sw.1 IT Aplications development", + "mp.info.3 Electronic signature", + "mp.info.4 Time stamps", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6f1de470-79f3-1572-866e-db0771352fc8", + "policyDefinitionReferenceId": "AuthenticateToCryptographicModule", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "op.acc.6 Authentication mechanism (organization users)", + "op.exp.10 Cryptographic key protection", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.si.2 Cryptography", + "mp.info.3 Electronic signature" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c4ccd607-702b-8ae6-8eeb-fc3339cd4b42", + "policyDefinitionReferenceId": "DefineCryptographicUse", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.1 Security policy", + "op.pl.3 Acquisition of new components", + "op.acc.6 Authentication mechanism (organization users)", + "op.exp.10 Cryptographic key protection", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.si.2 Cryptography", + "mp.si.4 Transport", + "mp.info.3 Electronic signature", + "mp.info.4 Time stamps", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/171e377b-5224-4a97-1eaa-62a3b5231dac", + "policyDefinitionReferenceId": "GenerateInternalSecurityAlerts", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26d178a4-9261-6f04-a100-47ed85314c6e", + "policyDefinitionReferenceId": "ImplementSecurityDirectives", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5269d7e4-3768-501d-7e46-66c56c15622c", + "policyDefinitionReferenceId": "ManageContactsForAuthoritiesAndSpecialInterestGroups", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "org.3 Security procedures", + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9c93ef57-7000-63fb-9b74-88f2e17ca5d2", + "policyDefinitionReferenceId": "DisseminateSecurityAlertsToPersonnel", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0e3035d-6366-2e37-796e-8bcab9c649e6", + "policyDefinitionReferenceId": "EstablishAThreatIntelligenceProgram", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "op.exp.7 Incident management", + "op.mon.3 Monitoring" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/42116f15-5665-a52a-87bb-b40e64c74b6c", + "policyDefinitionReferenceId": "DevelopAcceptableUsePoliciesAndProcedures", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "org.3 Security procedures", + "org.4 Authorization process", + "op.pl.2 Security Architecture", + "op.pl.5 Certified components", + "op.exp.1 Asset inventory", + "op.ext.1 Contracting and service level agreements", + "op.nub.1 Cloud service protection", + "mp.per.1 Job characterization", + "mp.per.2 Duties and obligations", + "mp.per.3 Awareness", + "mp.eq.1 Clear desk", + "mp.si.3 Custody", + "mp.info.2 Rating of information", + "mp.s.1 E-mail protection" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/509552f5-6528-3540-7959-fbeae4832533", + "policyDefinitionReferenceId": "EnforceRulesOfBehaviorAndAccessAgreements", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "org.3 Security procedures", + "org.4 Authorization process", + "op.pl.2 Security Architecture", + "op.pl.5 Certified components", + "op.exp.1 Asset inventory", + "op.ext.1 Contracting and service level agreements", + "op.nub.1 Cloud service protection", + "mp.per.1 Job characterization", + "mp.per.2 Duties and obligations", + "mp.per.3 Awareness", + "mp.eq.1 Clear desk", + "mp.si.3 Custody", + "mp.info.2 Rating of information", + "mp.s.1 E-mail protection" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/496b407d-9b9e-81e8-4ba4-44bc686b016a", + "policyDefinitionReferenceId": "ConductExitInterviewUponTermination", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "op.exp.1 Asset inventory", + "mp.per.2 Duties and obligations" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7c7032fe-9ce6-9092-5890-87a1a3755db1", + "policyDefinitionReferenceId": "RetainTerminatedUserData", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "op.exp.1 Asset inventory", + "op.exp.7 Incident management", + "op.exp.8 Recording of the activity", + "op.exp.9 Incident management record", + "mp.per.2 Duties and obligations" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/80a97208-264e-79da-0cc7-4fca179a0c9c", + "policyDefinitionReferenceId": "ProtectAgainstAndPreventDataTheftFromDepartingEmployees", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "op.exp.1 Asset inventory", + "mp.per.2 Duties and obligations" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/979ed3b6-83f9-26bc-4b86-5b05464700bf", + "policyDefinitionReferenceId": "ModifyAccessAuthorizationsUponPersonnelTransfer", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "op.acc.1 Identification", + "op.acc.3 Segregation of functions and tasks", + "op.acc.4 Access rights management process", + "op.acc.5 Authentication mechanism (external users)", + "op.exp.1 Asset inventory", + "mp.per.2 Duties and obligations" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b8a9bb2f-7290-3259-85ce-dca7d521302d", + "policyDefinitionReferenceId": "InitiateTransferOrReassignmentActions", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "op.acc.1 Identification", + "op.acc.3 Segregation of functions and tasks", + "op.acc.4 Access rights management process", + "op.acc.5 Authentication mechanism (external users)", + "op.exp.1 Asset inventory", + "mp.per.2 Duties and obligations" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c79d378a-2521-822a-0407-57454f8d2c74", + "policyDefinitionReferenceId": "NotifyUponTerminationOrTransfer", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "op.acc.1 Identification", + "op.acc.3 Segregation of functions and tasks", + "op.acc.4 Access rights management process", + "op.acc.5 Authentication mechanism (external users)", + "op.exp.1 Asset inventory", + "mp.per.2 Duties and obligations" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10", + "policyDefinitionReferenceId": "DisableAuthenticatorsUponTermination", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "op.acc.1 Identification", + "op.acc.2 Access requirements", + "op.acc.5 Authentication mechanism (external users)", + "op.exp.1 Asset inventory", + "op.exp.10 Cryptographic key protection", + "mp.per.2 Duties and obligations", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e89436d8-6a93-3b62-4444-1d2a42ad56b2", + "policyDefinitionReferenceId": "ReevaluateAccessUponPersonnelTransfer", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "op.acc.1 Identification", + "op.acc.3 Segregation of functions and tasks", + "op.acc.4 Access rights management process", + "op.acc.5 Authentication mechanism (external users)", + "op.exp.1 Asset inventory", + "mp.per.2 Duties and obligations" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0fd1ca29-677b-2f12-1879-639716459160", + "policyDefinitionReferenceId": "MaintainDataBreachRecords", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2401b496-7f23-79b2-9f80-89bb5abf3d4a", + "policyDefinitionReferenceId": "ProtectIncidentResponsePlan", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2b4e134f-1e4c-2bff-573e-082d85479b6e", + "policyDefinitionReferenceId": "DevelopAnIncidentResponsePlan", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "op.exp.7 Incident management", + "op.exp.8 Recording of the activity", + "op.exp.9 Incident management record", + "mp.eq.3 Protection of portable devices" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/37546841-8ea1-5be0-214d-8ac599588332", + "policyDefinitionReferenceId": "MaintainIncidentResponsePlan", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "op.exp.7 Incident management", + "op.exp.9 Incident management record", + "mp.eq.3 Protection of portable devices" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/37b0045b-3887-367b-8b4d-b9a6fa911bb9", + "policyDefinitionReferenceId": "AssessInformationSecurityEvents", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "op.exp.7 Incident management", + "op.exp.9 Incident management record", + "mp.eq.3 Protection of portable devices" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/433de59e-7a53-a766-02c2-f80f8421469a", + "policyDefinitionReferenceId": "ImplementIncidentHandling", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "op.exp.7 Incident management", + "op.exp.9 Incident management record", + "mp.eq.3 Protection of portable devices" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/10874318-0bf7-a41f-8463-03e395482080", + "policyDefinitionReferenceId": "CorrelateAuditRecords", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "op.exp.7 Incident management", + "op.exp.8 Recording of the activity", + "op.exp.9 Incident management record", + "mp.eq.3 Protection of portable devices" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2c6bee3a-2180-2430-440d-db3c7a849870", + "policyDefinitionReferenceId": "DocumentSecurityOperations", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "op.exp.7 Incident management", + "op.exp.9 Incident management record" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6625638f-3ba1-7404-5983-0ea33d719d34", + "policyDefinitionReferenceId": "ReviewAuditData", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "op.exp.7 Incident management", + "op.exp.8 Recording of the activity", + "op.exp.9 Incident management record", + "mp.eq.3 Protection of portable devices" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/70fe686f-1f91-7dab-11bf-bca4201e183b", + "policyDefinitionReferenceId": "ReviewRoleGroupChangesWeekly", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "op.exp.7 Incident management", + "op.exp.8 Recording of the activity", + "op.exp.9 Incident management record", + "mp.eq.3 Protection of portable devices" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8aec4343-9153-9641-172c-defb201f56b3", + "policyDefinitionReferenceId": "ReviewCloudIdentityReportOverview", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "op.exp.7 Incident management", + "op.exp.8 Recording of the activity", + "op.exp.9 Incident management record", + "mp.eq.3 Protection of portable devices" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9", + "policyDefinitionReferenceId": "IntegrateCloudAppSecurityWithASiem", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "op.exp.7 Incident management", + "op.exp.8 Recording of the activity", + "op.exp.9 Incident management record", + "mp.eq.3 Protection of portable devices" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a830fe9e-08c9-a4fb-420c-6f6bf1702395", + "policyDefinitionReferenceId": "ReviewAccountProvisioningLogs", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "op.acc.1 Identification", + "op.acc.3 Segregation of functions and tasks", + "op.acc.4 Access rights management process", + "op.acc.5 Authentication mechanism (external users)", + "op.exp.7 Incident management", + "op.exp.8 Recording of the activity", + "op.exp.9 Incident management record", + "mp.eq.3 Protection of portable devices", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b3c8cc83-20d3-3890-8bc8-5568777670f4", + "policyDefinitionReferenceId": "EstablishRequirementsForAuditReviewAndReporting", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "op.exp.7 Incident management", + "op.exp.8 Recording of the activity", + "op.exp.9 Incident management record", + "mp.eq.3 Protection of portable devices" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e4054c0e-1184-09e6-4c5e-701e0bc90f81", + "policyDefinitionReferenceId": "ReportAtypicalBehaviorOfUserAccounts", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "op.exp.7 Incident management", + "op.exp.9 Incident management record", + "mp.eq.3 Protection of portable devices" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba", + "policyDefinitionReferenceId": "ReviewFileAndFolderActivity", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "op.exp.7 Incident management", + "op.exp.8 Recording of the activity", + "op.exp.9 Incident management record", + "mp.eq.3 Protection of portable devices" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f27a298f-9443-014a-0d40-fef12adf0259", + "policyDefinitionReferenceId": "ReviewAdministratorAssignmentsWeekly", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "op.exp.7 Incident management", + "op.exp.8 Recording of the activity", + "op.exp.9 Incident management record", + "mp.eq.3 Protection of portable devices" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f48b60c6-4b37-332f-7288-b6ea50d300eb", + "policyDefinitionReferenceId": "ReviewControlledFolderAccessEvents", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "op.exp.7 Incident management", + "op.exp.8 Recording of the activity", + "op.exp.9 Incident management record", + "mp.eq.3 Protection of portable devices" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f741c4e6-41eb-15a4-25a2-61ac7ca232f0", + "policyDefinitionReferenceId": "IntegrateAuditReview,Analysis,AndReporting", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "op.exp.7 Incident management", + "op.exp.8 Recording of the activity", + "op.exp.9 Incident management record", + "mp.eq.3 Protection of portable devices" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/34aac8b2-488a-2b96-7280-5b9b481a317a", + "policyDefinitionReferenceId": "IncorporateFlawRemediationIntoConfigurationManagement", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "op.exp.7 Incident management", + "op.mon.3 Monitoring", + "mp.sw.2 Acceptance and commissioning" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/be38a620-000b-21cf-3cb3-ea151b704c3b", + "policyDefinitionReferenceId": "RemediateInformationSystemFlaws", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "org.4 Authorization process", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "op.exp.7 Incident management", + "mp.eq.2 User session lockout", + "mp.sw.1 IT Aplications development", + "mp.sw.2 Acceptance and commissioning" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/423f6d9c-0c73-9cc6-64f4-b52242490368", + "policyDefinitionReferenceId": "DevelopSecuritySafeguards", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "org.3 Security procedures", + "op.exp.7 Incident management", + "op.exp.9 Incident management record", + "mp.per.1 Job characterization", + "mp.per.2 Duties and obligations", + "mp.eq.3 Protection of portable devices", + "mp.s.1 E-mail protection" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/50e81644-923d-33fc-6ebb-9733bc8d1a06", + "policyDefinitionReferenceId": "PerformATrendAnalysisOnThreats", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "op.exp.6 Protection against harmful code", + "op.exp.7 Incident management", + "op.exp.8 Recording of the activity", + "op.exp.9 Incident management record", + "mp.eq.3 Protection of portable devices" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/54a9c072-4a93-2a03-6a43-a060d30383d7", + "policyDefinitionReferenceId": "EradicateContaminatedInformation", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "op.exp.7 Incident management", + "op.exp.9 Incident management record", + "mp.eq.3 Protection of portable devices" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8c255136-994b-9616-79f5-ae87810e0dcf", + "policyDefinitionReferenceId": "EnableNetworkProtection", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "op.exp.7 Incident management", + "op.exp.9 Incident management record", + "mp.eq.3 Protection of portable devices" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/98145a9b-428a-7e81-9d14-ebb154a24f93", + "policyDefinitionReferenceId": "ViewAndInvestigateRestrictedUsers", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "op.exp.7 Incident management", + "op.exp.9 Incident management record", + "mp.eq.3 Protection of portable devices" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ba78efc6-795c-64f4-7a02-91effbd34af9", + "policyDefinitionReferenceId": "ExecuteActionsInResponseToInformationSpills", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "op.exp.7 Incident management", + "op.exp.9 Incident management record", + "mp.eq.3 Protection of portable devices" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/07b42fb5-027e-5a3c-4915-9d9ef3020ec7", + "policyDefinitionReferenceId": "DiscoverAnyIndicatorsOfCompromise", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "op.exp.7 Incident management", + "op.exp.8 Recording of the activity", + "op.exp.9 Incident management record" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1", + "policyDefinitionReferenceId": "AdhereToRetentionPeriodsDefined", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "op.exp.7 Incident management", + "op.exp.8 Recording of the activity", + "op.exp.9 Incident management record", + "mp.si.2 Cryptography", + "mp.si.5 Erasure and destruction", + "mp.sw.1 IT Aplications development", + "mp.sw.2 Acceptance and commissioning", + "mp.info.6 Backups" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2f67e567-03db-9d1f-67dc-b6ffb91312f4", + "policyDefinitionReferenceId": "DetermineAuditableEvents", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "op.exp.7 Incident management", + "op.exp.8 Recording of the activity", + "op.exp.9 Incident management record" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab", + "policyDefinitionReferenceId": "CheckForPrivacyAndSecurityComplianceBeforeEstablishingInternalConnections", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "op.pl.5 Certified components", + "op.exp.7 Incident management", + "op.exp.8 Recording of the activity", + "op.exp.9 Incident management record", + "op.ext.1 Contracting and service level agreements", + "op.nub.1 Cloud service protection" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/efef28d0-3226-966a-a1e8-70e89c1b30bc", + "policyDefinitionReferenceId": "RetainSecurityPoliciesAndProcedures", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "op.exp.7 Incident management", + "op.exp.8 Recording of the activity", + "op.exp.9 Incident management record" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1c258345-5cd4-30c8-9ef3-5ee4dd5231d6", + "policyDefinitionReferenceId": "DevelopSecurityAssessmentPlan", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "org.3 Security procedures", + "mp.sw.2 Acceptance and commissioning" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2927e340-60e4-43ad-6b5f-7a1468232cc2", + "policyDefinitionReferenceId": "ConfigureDetectionWhitelist", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "op.mon.2 Metrics system" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5fc24b95-53f7-0ed1-2330-701b539b97fe", + "policyDefinitionReferenceId": "TurnOnSensorsForEndpointSecuritySolution", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "op.mon.2 Metrics system" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/70a7a065-a060-85f8-7863-eb7850ed2af9", + "policyDefinitionReferenceId": "ProduceSecurityAssessmentReport", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "org.3 Security procedures", + "mp.sw.2 Acceptance and commissioning" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8e49107c-3338-40d1-02aa-d524178a2afe", + "policyDefinitionReferenceId": "DeliverSecurityAssessmentResults", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "org.3 Security procedures", + "mp.sw.2 Acceptance and commissioning" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c423e64d-995c-9f67-0403-b540f65ba42a", + "policyDefinitionReferenceId": "AssessSecurityControls", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "org.3 Security procedures", + "mp.sw.2 Acceptance and commissioning" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3d492600-27ba-62cc-a1c3-66eb919f6a0d", + "policyDefinitionReferenceId": "DocumentRemoteAccessGuidelines", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "org.3 Security procedures", + "org.4 Authorization process", + "op.pl.2 Security Architecture", + "op.pl.3 Acquisition of new components", + "op.acc.6 Authentication mechanism (organization users)", + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.ext.4 Interconnection of systems", + "op.mon.1 Intrusion detection", + "mp.eq.3 Protection of portable devices", + "mp.eq.4 Other devices connected to the network", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.com.4 Separation of information flows on the network", + "mp.info.2 Rating of information" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/48c816c5-2190-61fc-8806-25d6f3df162f", + "policyDefinitionReferenceId": "MonitorAccessAcrossTheOrganization", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.pl.2 Security Architecture", + "op.pl.3 Acquisition of new components", + "op.acc.1 Identification", + "op.acc.2 Access requirements", + "op.acc.3 Segregation of functions and tasks", + "op.acc.4 Access rights management process", + "op.acc.5 Authentication mechanism (external users)", + "op.acc.6 Authentication mechanism (organization users)", + "op.exp.8 Recording of the activity", + "op.ext.4 Interconnection of systems", + "mp.eq.3 Protection of portable devices", + "mp.eq.4 Other devices connected to the network", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.com.4 Separation of information flows on the network", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/518eafdd-08e5-37a9-795b-15a8d798056d", + "policyDefinitionReferenceId": "ProvidePrivacyTraining", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "op.pl.2 Security Architecture", + "op.pl.3 Acquisition of new components", + "op.acc.6 Authentication mechanism (organization users)", + "op.ext.4 Interconnection of systems", + "op.mon.1 Intrusion detection", + "mp.per.1 Job characterization", + "mp.eq.1 Clear desk", + "mp.eq.4 Other devices connected to the network", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.com.4 Separation of information flows on the network", + "mp.si.3 Custody", + "mp.info.2 Rating of information", + "mp.s.1 E-mail protection", + "mp.s.3 Protection of web browsing" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7d7a8356-5c34-9a95-3118-1424cfaf192a", + "policyDefinitionReferenceId": "AdoptBiometricAuthenticationMechanisms", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "op.pl.2 Security Architecture", + "op.acc.2 Access requirements", + "op.ext.4 Interconnection of systems", + "mp.if.1 Separate areas with access control", + "mp.if.5 Fire protection", + "mp.if.6 Flood protection", + "mp.if.7 Recording of entries and exits of equipment", + "mp.eq.1 Clear desk", + "mp.eq.3 Protection of portable devices", + "mp.eq.4 Other devices connected to the network", + "mp.com.1 Secure perimeter", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.com.4 Separation of information flows on the network", + "mp.si.4 Transport" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/83dfb2b8-678b-20a0-4c44-5c75ada023e6", + "policyDefinitionReferenceId": "DocumentMobilityTraining", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "org.3 Security procedures", + "org.4 Authorization process", + "op.pl.2 Security Architecture", + "op.pl.3 Acquisition of new components", + "op.acc.6 Authentication mechanism (organization users)", + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.ext.4 Interconnection of systems", + "op.mon.1 Intrusion detection", + "mp.eq.3 Protection of portable devices", + "mp.eq.4 Other devices connected to the network", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.com.4 Separation of information flows on the network", + "mp.info.2 Rating of information" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ae5345d5-8dab-086a-7290-db43a3272198", + "policyDefinitionReferenceId": "IdentifyAndAuthenticateNetworkDevices", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "org.4 Authorization process", + "op.pl.2 Security Architecture", + "op.pl.3 Acquisition of new components", + "op.acc.6 Authentication mechanism (organization users)", + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.ext.4 Interconnection of systems", + "mp.eq.3 Protection of portable devices", + "mp.eq.4 Other devices connected to the network", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.com.4 Separation of information flows on the network" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b11697e8-9515-16f1-7a35-477d5c8a1344", + "policyDefinitionReferenceId": "ProtectDataInTransitUsingEncryption", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.pl.2 Security Architecture", + "op.pl.3 Acquisition of new components", + "op.acc.6 Authentication mechanism (organization users)", + "op.ext.4 Interconnection of systems", + "op.mon.1 Intrusion detection", + "mp.eq.1 Clear desk", + "mp.eq.3 Protection of portable devices", + "mp.eq.4 Other devices connected to the network", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.com.4 Separation of information flows on the network", + "mp.si.2 Cryptography", + "mp.info.2 Rating of information", + "mp.info.3 Electronic signature", + "mp.info.4 Time stamps", + "mp.s.1 E-mail protection" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e", + "policyDefinitionReferenceId": "ImplementControlsToSecureAlternateWorkSites", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "org.3 Security procedures", + "op.pl.2 Security Architecture", + "op.pl.3 Acquisition of new components", + "op.acc.6 Authentication mechanism (organization users)", + "op.exp.2 Security configuration", + "op.ext.4 Interconnection of systems", + "op.mon.1 Intrusion detection", + "mp.eq.1 Clear desk", + "mp.eq.3 Protection of portable devices", + "mp.eq.4 Other devices connected to the network", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.com.4 Separation of information flows on the network", + "mp.si.2 Cryptography", + "mp.info.2 Rating of information" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/dad8a2e9-6f27-4fc2-8933-7e99fe700c9c", + "policyDefinitionReferenceId": "AuthorizeRemoteAccess", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "org.3 Security procedures", + "op.pl.2 Security Architecture", + "op.pl.3 Acquisition of new components", + "op.acc.6 Authentication mechanism (organization users)", + "op.ext.4 Interconnection of systems", + "op.mon.1 Intrusion detection", + "mp.eq.3 Protection of portable devices", + "mp.eq.4 Other devices connected to the network", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.com.4 Separation of information flows on the network", + "mp.info.2 Rating of information", + "mp.info.3 Electronic signature", + "mp.info.4 Time stamps", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/fe2dff43-0a8c-95df-0432-cb1c794b17d0", + "policyDefinitionReferenceId": "NotifyUsersOfSystemLogonOrAccess", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "org.4 Authorization process", + "op.pl.2 Security Architecture", + "op.pl.3 Acquisition of new components", + "op.acc.5 Authentication mechanism (external users)", + "op.acc.6 Authentication mechanism (organization users)", + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.ext.4 Interconnection of systems", + "mp.eq.3 Protection of portable devices", + "mp.eq.4 Other devices connected to the network", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.com.4 Separation of information flows on the network" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1fdf0b24-4043-3c55-357e-036985d50b52", + "policyDefinitionReferenceId": "EnsureSecuritySafeguardsNotNeededWhenTheIndividualsReturn", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "mp.eq.1 Clear desk", + "mp.eq.3 Protection of portable devices", + "mp.si.2 Cryptography" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3c93dba1-84fd-57de-33c7-ef0400a08134", + "policyDefinitionReferenceId": "EstablishTermsAndConditionsForAccessingResources", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "org.3 Security procedures", + "org.4 Authorization process", + "op.pl.2 Security Architecture", + "op.acc.6 Authentication mechanism (organization users)", + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.ext.4 Interconnection of systems", + "op.mon.1 Intrusion detection", + "mp.eq.1 Clear desk", + "mp.eq.3 Protection of portable devices", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.com.4 Separation of information flows on the network", + "mp.si.2 Cryptography", + "mp.info.2 Rating of information" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/41172402-8d73-64c7-0921-909083c086b0", + "policyDefinitionReferenceId": "NotAllowForInformationSystemsToAccompanyWithIndividuals", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "mp.eq.1 Clear desk", + "mp.eq.3 Protection of portable devices", + "mp.si.2 Cryptography" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4ac81669-00e2-9790-8648-71bc11bc91eb", + "policyDefinitionReferenceId": "ManageTheTransportationOfAssets", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "org.4 Authorization process", + "mp.if.1 Separate areas with access control", + "mp.eq.1 Clear desk", + "mp.eq.3 Protection of portable devices", + "mp.si.2 Cryptography", + "mp.si.3 Custody", + "mp.si.4 Transport", + "mp.si.5 Erasure and destruction", + "mp.info.6 Backups" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5715bf33-a5bd-1084-4e19-bc3c83ec1c35", + "policyDefinitionReferenceId": "EstablishTermsAndConditionsForProcessingResources", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "org.3 Security procedures", + "org.4 Authorization process", + "op.pl.2 Security Architecture", + "op.acc.6 Authentication mechanism (organization users)", + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.ext.4 Interconnection of systems", + "op.mon.1 Intrusion detection", + "mp.eq.1 Clear desk", + "mp.eq.3 Protection of portable devices", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.com.4 Separation of information flows on the network", + "mp.si.2 Cryptography", + "mp.info.2 Rating of information" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4", + "policyDefinitionReferenceId": "DefineMobileDeviceRequirements", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "org.3 Security procedures", + "org.4 Authorization process", + "op.mon.1 Intrusion detection", + "mp.eq.1 Clear desk", + "mp.eq.3 Protection of portable devices", + "mp.eq.4 Other devices connected to the network", + "mp.si.2 Cryptography", + "mp.info.2 Rating of information" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/dc7ec756-221c-33c8-0afe-c48e10e42321", + "policyDefinitionReferenceId": "VerifySecurityControlsForExternalInformationSystems", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "org.3 Security procedures", + "org.4 Authorization process", + "op.pl.2 Security Architecture", + "op.acc.6 Authentication mechanism (organization users)", + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.ext.4 Interconnection of systems", + "op.mon.1 Intrusion detection", + "mp.eq.1 Clear desk", + "mp.eq.3 Protection of portable devices", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.com.4 Separation of information flows on the network", + "mp.si.2 Cryptography", + "mp.info.2 Rating of information" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/04b3e7f6-4841-888d-4799-cda19a0084f6", + "policyDefinitionReferenceId": "DocumentAndImplementWirelessAccessGuidelines", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "org.3 Security procedures", + "org.4 Authorization process", + "op.pl.2 Security Architecture", + "op.acc.6 Authentication mechanism (organization users)", + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.ext.4 Interconnection of systems", + "op.mon.1 Intrusion detection", + "mp.eq.3 Protection of portable devices", + "mp.eq.4 Other devices connected to the network", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.com.4 Separation of information flows on the network", + "mp.info.2 Rating of information" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d42a8f69-a193-6cbc-48b9-04a9e29961f1", + "policyDefinitionReferenceId": "ProtectWirelessAccess", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.2 Security regulations", + "org.3 Security procedures", + "org.4 Authorization process", + "op.pl.2 Security Architecture", + "op.acc.6 Authentication mechanism (organization users)", + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.ext.4 Interconnection of systems", + "op.mon.1 Intrusion detection", + "mp.eq.3 Protection of portable devices", + "mp.eq.4 Other devices connected to the network", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.com.4 Separation of information flows on the network", + "mp.info.2 Rating of information" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/09960521-759e-5d12-086f-4192a72a5e92", + "policyDefinitionReferenceId": "ProtectAdministratorAndUserDocumentation", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.3 Security procedures" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3f1216b0-30ee-1ac9-3899-63eb744e85f5", + "policyDefinitionReferenceId": "ObtainAdminDocumentation", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.3 Security procedures" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/84a01872-5318-049e-061e-d56734183e84", + "policyDefinitionReferenceId": "DistributeInformationSystemDocumentation", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.3 Security procedures" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8c44a0ea-9b09-4d9c-0e91-f9bee3d05bfb", + "policyDefinitionReferenceId": "DocumentCustomer-definedActions", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.3 Security procedures" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/be1c34ab-295a-07a6-785c-36f63c1d223e", + "policyDefinitionReferenceId": "ObtainUserSecurityFunctionDocumentation", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.3 Security procedures" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/01ae60e2-38bb-0a32-7b20-d3a091423409", + "policyDefinitionReferenceId": "ImplementSystemBoundaryProtection", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.3 Security procedures", + "op.pl.1 Risk analysis", + "op.pl.2 Security Architecture", + "op.pl.3 Acquisition of new components", + "op.acc.6 Authentication mechanism (organization users)", + "op.exp.8 Recording of the activity", + "op.ext.4 Interconnection of systems", + "op.mon.1 Intrusion detection", + "mp.com.1 Secure perimeter", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.com.4 Separation of information flows on the network", + "mp.info.2 Rating of information", + "mp.info.3 Electronic signature", + "mp.info.4 Time stamps", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/096a7055-30cb-2db4-3fda-41b20ac72667", + "policyDefinitionReferenceId": "RequireInterconnectionSecurityAgreements", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.3 Security procedures", + "org.4 Authorization process", + "op.acc.6 Authentication mechanism (organization users)", + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.ext.1 Contracting and service level agreements", + "op.ext.4 Interconnection of systems", + "op.mon.1 Intrusion detection", + "mp.com.1 Secure perimeter", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.com.4 Separation of information flows on the network", + "mp.info.2 Rating of information" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/13ef3484-3a51-785a-9c96-500f21f84edd", + "policyDefinitionReferenceId": "InformationFlowControlUsingSecurityPolicyFilters", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.3 Security procedures", + "op.pl.2 Security Architecture", + "op.pl.3 Acquisition of new components", + "op.ext.4 Interconnection of systems", + "op.mon.1 Intrusion detection", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.com.4 Separation of information flows on the network", + "mp.info.2 Rating of information", + "mp.info.3 Electronic signature", + "mp.info.4 Time stamps", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26daf649-22d1-97e9-2a8a-01b182194d59", + "policyDefinitionReferenceId": "ConfigureWorkstationsToCheckForDigitalCertificates", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.3 Security procedures", + "org.4 Authorization process", + "op.pl.2 Security Architecture", + "op.pl.3 Acquisition of new components", + "op.acc.6 Authentication mechanism (organization users)", + "op.exp.2 Security configuration", + "op.ext.4 Interconnection of systems", + "op.mon.1 Intrusion detection", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.com.4 Separation of information flows on the network", + "mp.info.2 Rating of information", + "mp.info.3 Electronic signature", + "mp.info.4 Time stamps", + "mp.s.1 E-mail protection", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/398fdbd8-56fd-274d-35c6-fa2d3b2755a1", + "policyDefinitionReferenceId": "EstablishFirewallAndRouterConfigurationStandards", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.3 Security procedures", + "op.pl.2 Security Architecture", + "op.pl.3 Acquisition of new components", + "op.acc.6 Authentication mechanism (organization users)", + "op.exp.2 Security configuration", + "op.ext.4 Interconnection of systems", + "op.mon.1 Intrusion detection", + "mp.com.1 Secure perimeter", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.com.4 Separation of information flows on the network", + "mp.info.2 Rating of information", + "mp.info.3 Electronic signature", + "mp.info.4 Time stamps", + "mp.s.1 E-mail protection", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/59bedbdc-0ba9-39b9-66bb-1d1c192384e6", + "policyDefinitionReferenceId": "ControlInformationFlow", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.3 Security procedures", + "op.pl.2 Security Architecture", + "op.pl.3 Acquisition of new components", + "op.acc.6 Authentication mechanism (organization users)", + "op.exp.2 Security configuration", + "op.ext.4 Interconnection of systems", + "op.mon.1 Intrusion detection", + "mp.com.1 Secure perimeter", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.com.4 Separation of information flows on the network", + "mp.info.2 Rating of information", + "mp.info.3 Electronic signature", + "mp.info.4 Time stamps", + "mp.s.1 E-mail protection", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/62fa14f0-4cbe-762d-5469-0899a99b98aa", + "policyDefinitionReferenceId": "ExplicitlyNotifyUseOfCollaborativeComputingDevices", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.3 Security procedures", + "op.mon.1 Intrusion detection", + "mp.info.2 Rating of information" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/678ca228-042d-6d8e-a598-c58d5670437d", + "policyDefinitionReferenceId": "ProhibitRemoteActivationOfCollaborativeComputingDevices", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.3 Security procedures", + "op.mon.1 Intrusion detection", + "mp.info.2 Rating of information" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/79365f13-8ba4-1f6c-2ac4-aa39929f56d0", + "policyDefinitionReferenceId": "EmployFlowControlMechanismsOfEncryptedInformation", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.3 Security procedures", + "op.pl.2 Security Architecture", + "op.pl.3 Acquisition of new components", + "op.ext.4 Interconnection of systems", + "op.mon.1 Intrusion detection", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.com.4 Separation of information flows on the network", + "mp.info.2 Rating of information", + "mp.info.3 Electronic signature", + "mp.info.4 Time stamps", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b262e1dd-08e9-41d4-963a-258909ad794b", + "policyDefinitionReferenceId": "ImplementManagedInterfaceForEachExternalService", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.3 Security procedures", + "org.4 Authorization process", + "op.pl.2 Security Architecture", + "op.acc.6 Authentication mechanism (organization users)", + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.ext.4 Interconnection of systems", + "op.mon.1 Intrusion detection", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.com.4 Separation of information flows on the network", + "mp.info.2 Rating of information" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b2d3e5a2-97ab-5497-565a-71172a729d93", + "policyDefinitionReferenceId": "ProtectPasswordsWithEncryption", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.pl.2 Security Architecture", + "op.pl.3 Acquisition of new components", + "op.acc.1 Identification", + "op.acc.2 Access requirements", + "op.acc.5 Authentication mechanism (external users)", + "op.acc.6 Authentication mechanism (organization users)", + "op.exp.10 Cryptographic key protection", + "op.ext.4 Interconnection of systems", + "op.mon.1 Intrusion detection", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.com.4 Separation of information flows on the network", + "mp.info.2 Rating of information", + "mp.info.3 Electronic signature", + "mp.info.4 Time stamps", + "mp.s.1 E-mail protection" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bbb2e6d6-085f-5a35-a55d-e45daad38933", + "policyDefinitionReferenceId": "ProvideSecureNameAndAddressResolutionServices", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.3 Security procedures", + "org.4 Authorization process", + "op.pl.2 Security Architecture", + "op.pl.3 Acquisition of new components", + "op.acc.6 Authentication mechanism (organization users)", + "op.exp.2 Security configuration", + "op.ext.4 Interconnection of systems", + "op.mon.1 Intrusion detection", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.com.4 Separation of information flows on the network", + "mp.info.2 Rating of information", + "mp.info.3 Electronic signature", + "mp.info.4 Time stamps", + "mp.s.1 E-mail protection", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c7fddb0e-3f44-8635-2b35-dc6b8e740b7c", + "policyDefinitionReferenceId": "IdentifyAndManageDownstreamInformationExchanges", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.3 Security procedures", + "op.pl.2 Security Architecture", + "op.pl.3 Acquisition of new components", + "op.acc.6 Authentication mechanism (organization users)", + "op.exp.2 Security configuration", + "op.ext.4 Interconnection of systems", + "op.mon.1 Intrusion detection", + "mp.com.1 Secure perimeter", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.com.4 Separation of information flows on the network", + "mp.info.2 Rating of information", + "mp.info.3 Electronic signature", + "mp.info.4 Time stamps", + "mp.s.1 E-mail protection", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ced727b3-005e-3c5b-5cd5-230b79d56ee8", + "policyDefinitionReferenceId": "ImplementAFaultTolerantName/addressService", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.3 Security procedures", + "org.4 Authorization process", + "op.pl.2 Security Architecture", + "op.pl.3 Acquisition of new components", + "op.acc.6 Authentication mechanism (organization users)", + "op.exp.2 Security configuration", + "op.ext.4 Interconnection of systems", + "op.mon.1 Intrusion detection", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.com.4 Separation of information flows on the network", + "mp.info.2 Rating of information", + "mp.info.3 Electronic signature", + "mp.info.4 Time stamps", + "mp.s.1 E-mail protection", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d48a6f19-a284-6fc6-0623-3367a74d3f50", + "policyDefinitionReferenceId": "UpdateInterconnectionSecurityAgreements", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.3 Security procedures", + "org.4 Authorization process", + "op.acc.6 Authentication mechanism (organization users)", + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.ext.1 Contracting and service level agreements", + "op.ext.4 Interconnection of systems", + "op.mon.1 Intrusion detection", + "mp.com.1 Secure perimeter", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.com.4 Separation of information flows on the network", + "mp.info.2 Rating of information" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/de077e7e-0cc8-65a6-6e08-9ab46c827b05", + "policyDefinitionReferenceId": "Produce,ControlAndDistributeAsymmetricCryptographicKeys", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.3 Security procedures", + "op.pl.2 Security Architecture", + "op.pl.3 Acquisition of new components", + "op.acc.6 Authentication mechanism (organization users)", + "op.exp.2 Security configuration", + "op.exp.10 Cryptographic key protection", + "op.ext.4 Interconnection of systems", + "op.mon.1 Intrusion detection", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.com.4 Separation of information flows on the network", + "mp.info.2 Rating of information", + "mp.info.3 Electronic signature", + "mp.info.4 Time stamps", + "mp.s.1 E-mail protection", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f476f3b0-4152-526e-a209-44e5f8c968d7", + "policyDefinitionReferenceId": "EstablishNetworkSegmentationForCardHolderDataEnvironment", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.3 Security procedures", + "op.pl.2 Security Architecture", + "op.pl.3 Acquisition of new components", + "op.acc.6 Authentication mechanism (organization users)", + "op.exp.2 Security configuration", + "op.ext.4 Interconnection of systems", + "op.mon.1 Intrusion detection", + "mp.com.1 Secure perimeter", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.com.4 Separation of information flows on the network", + "mp.info.2 Rating of information", + "mp.info.3 Electronic signature", + "mp.info.4 Time stamps", + "mp.s.1 E-mail protection", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ff1efad2-6b09-54cc-01bf-d386c4d558a8", + "policyDefinitionReferenceId": "SecureTheInterfaceToExternalSystems", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.3 Security procedures", + "op.pl.1 Risk analysis", + "op.pl.2 Security Architecture", + "op.pl.3 Acquisition of new components", + "op.acc.6 Authentication mechanism (organization users)", + "op.exp.2 Security configuration", + "op.ext.4 Interconnection of systems", + "op.mon.1 Intrusion detection", + "mp.com.1 Secure perimeter", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.com.4 Separation of information flows on the network", + "mp.info.2 Rating of information", + "mp.info.3 Electronic signature", + "mp.info.4 Time stamps", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/069101ac-4578-31da-0cd4-ff083edd3eb4", + "policyDefinitionReferenceId": "ObtainConsentPriorToCollectionOrProcessingOfPersonalData", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.3 Security procedures", + "op.ext.1 Contracting and service level agreements", + "op.mon.1 Intrusion detection", + "mp.per.1 Job characterization", + "mp.per.2 Duties and obligations", + "mp.s.1 E-mail protection" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/06f84330-4c27-21f7-72cd-7488afd50244", + "policyDefinitionReferenceId": "ImplementPrivacyNoticeDeliveryMethods", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.3 Security procedures", + "op.acc.6 Authentication mechanism (organization users)", + "op.ext.1 Contracting and service level agreements", + "op.mon.1 Intrusion detection", + "mp.per.1 Job characterization", + "mp.per.2 Duties and obligations", + "mp.si.2 Cryptography", + "mp.si.4 Transport", + "mp.info.3 Electronic signature", + "mp.s.1 E-mail protection" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/098a7b84-1031-66d8-4e78-bd15b5fd2efb", + "policyDefinitionReferenceId": "ProvidePrivacyNotice", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.3 Security procedures", + "op.acc.6 Authentication mechanism (organization users)", + "op.ext.1 Contracting and service level agreements", + "op.mon.1 Intrusion detection", + "mp.per.1 Job characterization", + "mp.per.2 Duties and obligations", + "mp.si.2 Cryptography", + "mp.si.4 Transport", + "mp.info.3 Electronic signature", + "mp.s.1 E-mail protection" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/271a3e58-1b38-933d-74c9-a580006b80aa", + "policyDefinitionReferenceId": "DocumentPersonnelAcceptanceOfPrivacyRequirements", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.3 Security procedures", + "op.pl.5 Certified components", + "op.exp.4 Security maintenance and updates", + "op.ext.1 Contracting and service level agreements", + "op.nub.1 Cloud service protection", + "op.mon.1 Intrusion detection", + "mp.per.1 Job characterization", + "mp.per.2 Duties and obligations", + "mp.per.4 Training", + "mp.s.1 E-mail protection" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/46ab2c5e-6654-1f58-8c83-e97a44f39308", + "policyDefinitionReferenceId": "IdentifyExternalServiceProviders", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.3 Security procedures", + "op.pl.3 Acquisition of new components", + "op.pl.5 Certified components", + "op.ext.1 Contracting and service level agreements", + "op.nub.1 Cloud service protection", + "op.mon.1 Intrusion detection" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3af53f59-979f-24a8-540f-d7cdbc366607", + "policyDefinitionReferenceId": "RequireUsersToSignAccessAgreement", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.3 Security procedures", + "mp.per.1 Job characterization", + "mp.per.2 Duties and obligations", + "mp.s.1 E-mail protection" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5fe84a4c-1b0c-a738-2aba-ed49c9069d3b", + "policyDefinitionReferenceId": "ProhibitUnfairPractices", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.3 Security procedures", + "op.pl.5 Certified components", + "op.ext.1 Contracting and service level agreements", + "op.nub.1 Cloud service protection", + "mp.per.2 Duties and obligations" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6610f662-37e9-2f71-65be-502bdc2f554d", + "policyDefinitionReferenceId": "UpdateRulesOfBehaviorAndAccessAgreements", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.3 Security procedures", + "op.pl.5 Certified components", + "op.ext.1 Contracting and service level agreements", + "op.nub.1 Cloud service protection", + "mp.per.2 Duties and obligations" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6c0a312f-04c5-5c97-36a5-e56763a02b6b", + "policyDefinitionReferenceId": "ReviewAndSignRevisedRulesOfBehavior", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.3 Security procedures", + "op.pl.5 Certified components", + "op.ext.1 Contracting and service level agreements", + "op.nub.1 Cloud service protection", + "mp.per.2 Duties and obligations" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7ad83b58-2042-085d-08f0-13e946f26f89", + "policyDefinitionReferenceId": "UpdateRulesOfBehaviorAndAccessAgreementsEvery3Years", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.3 Security procedures", + "op.pl.5 Certified components", + "op.ext.1 Contracting and service level agreements", + "op.nub.1 Cloud service protection", + "mp.per.2 Duties and obligations" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c981fa70-2e58-8141-1457-e7f62ebc2ade", + "policyDefinitionReferenceId": "DocumentOrganizationalAccessAgreements", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.3 Security procedures", + "mp.per.1 Job characterization", + "mp.per.2 Duties and obligations", + "mp.s.1 E-mail protection" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d02498e0-8a6f-6b02-8332-19adf6711d1e", + "policyDefinitionReferenceId": "DevelopOrganizationCodeOfConductPolicy", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.3 Security procedures", + "op.pl.5 Certified components", + "op.ext.1 Contracting and service level agreements", + "op.nub.1 Cloud service protection", + "mp.per.2 Duties and obligations" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e21f91d1-2803-0282-5f2d-26ebc4b170ef", + "policyDefinitionReferenceId": "UpdateOrganizationalAccessAgreements", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.3 Security procedures", + "mp.per.1 Job characterization", + "mp.per.2 Duties and obligations", + "mp.s.1 E-mail protection" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e7589f4e-1e8b-72c2-3692-1e14d7f3699f", + "policyDefinitionReferenceId": "EnsureAccessAgreementsAreSignedOrResignedTimely", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.3 Security procedures", + "mp.per.1 Job characterization", + "mp.per.2 Duties and obligations", + "mp.s.1 E-mail protection" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/611ebc63-8600-50b6-a0e3-fef272457132", + "policyDefinitionReferenceId": "EmployIndependentTeamForPenetrationTesting", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.3 Security procedures" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0123edae-3567-a05a-9b05-b53ebe9d3e7e", + "policyDefinitionReferenceId": "ViewAndConfigureSystemDiagnosticData", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.4 Authorization process", + "mp.sw.2 Acceptance and commissioning" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/055da733-55c6-9e10-8194-c40731057ec4", + "policyDefinitionReferenceId": "DevelopAndMaintainAVulnerabilityManagementStandard", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.4 Authorization process", + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "op.mon.3 Monitoring", + "mp.eq.2 User session lockout", + "mp.sw.2 Acceptance and commissioning" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/058e9719-1ff9-3653-4230-23f76b6492e0", + "policyDefinitionReferenceId": "EnforceSecurityConfigurationSettings", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.4 Authorization process", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "mp.eq.2 User session lockout", + "mp.sw.2 Acceptance and commissioning" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1282809c-9001-176b-4a81-260a085f4872", + "policyDefinitionReferenceId": "PerformAuditForConfigurationChangeControl", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.4 Authorization process", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "mp.eq.2 User session lockout", + "mp.sw.1 IT Aplications development", + "mp.sw.2 Acceptance and commissioning" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/203101f5-99a3-1491-1b56-acccd9b66a9e", + "policyDefinitionReferenceId": "ConductASecurityImpactAnalysis", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.4 Authorization process", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "mp.eq.2 User session lockout", + "mp.sw.1 IT Aplications development", + "mp.sw.2 Acceptance and commissioning" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8", + "policyDefinitionReferenceId": "AutomateProcessToDocumentImplementedChanges", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.4 Authorization process", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "mp.eq.2 User session lockout", + "mp.sw.2 Acceptance and commissioning" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47a6b606-51aa-4496-8bb7-64b11cf66adc", + "policyDefinitionReferenceId": "AdaptiveApplicationControlsForDefiningSafeApplicationsShouldBeEnabledOnYourMachines", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.4 Authorization process" + ], + "definitionVersion": "3.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/575ed5e8-4c29-99d0-0e4d-689fb1d29827", + "policyDefinitionReferenceId": "AutomateApprovalRequestForProposedChanges", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.4 Authorization process", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "mp.eq.2 User session lockout", + "mp.sw.2 Acceptance and commissioning" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5c33538e-02f8-0a7f-998b-a4c1e22076d3", + "policyDefinitionReferenceId": "GovernComplianceOfCloudServiceProviders", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.4 Authorization process", + "mp.sw.2 Acceptance and commissioning" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5c40f27b-6791-18c5-3f85-7b863bd99c11", + "policyDefinitionReferenceId": "AutomateProposedDocumentedChanges", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.4 Authorization process", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "mp.eq.2 User session lockout", + "mp.sw.2 Acceptance and commissioning" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7d10debd-4775-85a7-1a41-7e128e0e8c50", + "policyDefinitionReferenceId": "AutomateProcessToProhibitImplementationOfUnapprovedChanges", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.4 Authorization process", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "mp.eq.2 User session lockout", + "mp.sw.2 Acceptance and commissioning" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8747b573-8294-86a0-8914-49e9b06a5ace", + "policyDefinitionReferenceId": "EstablishConfigurationManagementRequirementsForDevelopers", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.4 Authorization process", + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "op.mon.3 Monitoring", + "mp.eq.2 User session lockout", + "mp.sw.1 IT Aplications development", + "mp.sw.2 Acceptance and commissioning" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8c5d3d8d-5cba-0def-257c-5ab9ea9644dc", + "policyDefinitionReferenceId": "PerformARiskAssessment", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.4 Authorization process", + "op.pl.1 Risk analysis", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "mp.eq.2 User session lockout", + "mp.sw.2 Acceptance and commissioning" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/92b49e92-570f-1765-804a-378e6c592e28", + "policyDefinitionReferenceId": "AutomateProcessToHighlightUnreviewedChangeProposals", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.4 Authorization process", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "mp.eq.2 User session lockout", + "mp.sw.2 Acceptance and commissioning" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bd4dc286-2f30-5b95-777c-681f3a7913d3", + "policyDefinitionReferenceId": "EstablishAndDocumentChangeControlProcesses", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.4 Authorization process", + "op.acc.1 Identification", + "op.acc.2 Access requirements", + "op.acc.3 Segregation of functions and tasks", + "op.acc.4 Access rights management process", + "op.acc.5 Authentication mechanism (external users)", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "mp.eq.2 User session lockout", + "mp.sw.1 IT Aplications development", + "mp.sw.2 Acceptance and commissioning", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c72fc0c8-2df8-7506-30be-6ba1971747e1", + "policyDefinitionReferenceId": "AutomateImplementationOfApprovedChangeNotifications", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.4 Authorization process", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "mp.eq.2 User session lockout", + "mp.sw.2 Acceptance and commissioning" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d18af1ac-0086-4762-6dc8-87cdded90e39", + "policyDefinitionReferenceId": "PerformAPrivacyImpactAssessment", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.4 Authorization process", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "mp.eq.2 User session lockout", + "mp.sw.1 IT Aplications development", + "mp.sw.2 Acceptance and commissioning" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/311802f9-098d-0659-245a-94c5d47c0182", + "policyDefinitionReferenceId": "EmployBoundaryProtectionToIsolateInformationSystems", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.4 Authorization process", + "op.pl.2 Security Architecture", + "op.pl.3 Acquisition of new components", + "op.acc.6 Authentication mechanism (organization users)", + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.ext.4 Interconnection of systems", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.com.4 Separation of information flows on the network", + "mp.info.3 Electronic signature", + "mp.info.4 Time stamps", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8", + "policyDefinitionReferenceId": "PreventSplitTunnelingForRemoteDevices", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.4 Authorization process", + "op.pl.2 Security Architecture", + "op.pl.3 Acquisition of new components", + "op.acc.6 Authentication mechanism (organization users)", + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.ext.4 Interconnection of systems", + "mp.com.1 Secure perimeter", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.com.4 Separation of information flows on the network", + "mp.info.3 Electronic signature", + "mp.info.4 Time stamps", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8a703eb5-4e53-701b-67e4-05ba2f7930c8", + "policyDefinitionReferenceId": "SeparateUserAndInformationSystemManagementFunctionality", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.4 Authorization process", + "op.pl.2 Security Architecture", + "op.pl.3 Acquisition of new components", + "op.acc.6 Authentication mechanism (organization users)", + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.ext.4 Interconnection of systems", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.com.4 Separation of information flows on the network", + "mp.info.3 Electronic signature", + "mp.info.4 Time stamps", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6", + "policyDefinitionReferenceId": "AllNetworkPortsShouldBeRestrictedOnNetworkSecurityGroupsAssociatedToYourVirtualMachine", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.4 Authorization process", + "op.pl.2 Security Architecture", + "op.acc.6 Authentication mechanism (organization users)", + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.ext.4 Interconnection of systems", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.com.4 Separation of information flows on the network" + ], + "definitionVersion": "3.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b8972f60-8d77-1cb8-686f-9c9f4cdd8a59", + "policyDefinitionReferenceId": "UseDedicatedMachinesForAdministrativeTasks", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.4 Authorization process", + "op.pl.2 Security Architecture", + "op.pl.3 Acquisition of new components", + "op.acc.6 Authentication mechanism (organization users)", + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.ext.4 Interconnection of systems", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.com.4 Separation of information flows on the network", + "mp.info.3 Electronic signature", + "mp.info.4 Time stamps", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d6653f89-7cb5-24a4-9d71-51581038231b", + "policyDefinitionReferenceId": "ReauthenticateOrTerminateAUserSession", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.4 Authorization process", + "op.pl.2 Security Architecture", + "op.acc.6 Authentication mechanism (organization users)", + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.ext.4 Interconnection of systems", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.com.4 Separation of information flows on the network" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6f3866e8-6e12-69cf-788c-809d426094a1", + "policyDefinitionReferenceId": "EstablishElectronicSignatureAndCertificateRequirements", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.4 Authorization process", + "op.acc.2 Access requirements", + "op.acc.5 Authentication mechanism (external users)", + "op.acc.6 Authentication mechanism (organization users)", + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.ext.4 Interconnection of systems", + "mp.com.1 Secure perimeter", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.com.4 Separation of information flows on the network" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bab9ef1d-a16d-421a-822d-3fa94e808156", + "policyDefinitionReferenceId": "RouteTrafficThroughManagedNetworkAccessPoints", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.4 Authorization process", + "op.acc.2 Access requirements", + "op.acc.5 Authentication mechanism (external users)", + "op.acc.6 Authentication mechanism (organization users)", + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.exp.8 Recording of the activity", + "op.ext.4 Interconnection of systems", + "mp.com.1 Secure perimeter", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.com.4 Separation of information flows on the network" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/085467a6-9679-5c65-584a-f55acefd0d43", + "policyDefinitionReferenceId": "RequireDevelopersToImplementOnlyApprovedChanges", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.4 Authorization process", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "mp.eq.2 User session lockout", + "mp.sw.1 IT Aplications development", + "mp.sw.2 Acceptance and commissioning" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/318b2bd9-9c39-9f8b-46a7-048401f33476", + "policyDefinitionReferenceId": "AddressCodingVulnerabilities", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.4 Authorization process", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "mp.eq.2 User session lockout", + "mp.sw.1 IT Aplications development", + "mp.sw.2 Acceptance and commissioning" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3a868d0c-538f-968b-0191-bddb44da5b75", + "policyDefinitionReferenceId": "RequireDevelopersToDocumentApprovedChangesAndPotentialImpact", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.4 Authorization process", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "mp.eq.2 User session lockout", + "mp.sw.1 IT Aplications development", + "mp.sw.2 Acceptance and commissioning" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f", + "policyDefinitionReferenceId": "PerformVulnerabilityScans", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.4 Authorization process", + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "op.exp.6 Protection against harmful code", + "op.mon.3 Monitoring", + "mp.eq.2 User session lockout", + "mp.sw.1 IT Aplications development", + "mp.sw.2 Acceptance and commissioning" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6de65dc4-8b4f-34b7-9290-eb137a2e2929", + "policyDefinitionReferenceId": "DevelopAndDocumentApplicationSecurityRequirements", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.4 Authorization process", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "mp.eq.2 User session lockout", + "mp.sw.1 IT Aplications development", + "mp.sw.2 Acceptance and commissioning" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b33d61c1-7463-7025-0ec0-a47585b59147", + "policyDefinitionReferenceId": "RequireDevelopersToManageChangeIntegrity", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.4 Authorization process", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "mp.eq.2 User session lockout", + "mp.sw.1 IT Aplications development", + "mp.sw.2 Acceptance and commissioning" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e750ca06-1824-464a-2cf3-d0fa754d1cb4", + "policyDefinitionReferenceId": "EstablishASecureSoftwareDevelopmentProgram", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.4 Authorization process", + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "mp.eq.2 User session lockout", + "mp.sw.1 IT Aplications development", + "mp.sw.2 Acceptance and commissioning" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/36b74844-4a99-4c80-1800-b18a516d1585", + "policyDefinitionReferenceId": "ControlUseOfPortableStorageDevices", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.4 Authorization process", + "op.pl.2 Security Architecture", + "op.exp.1 Asset inventory", + "mp.si.3 Custody", + "mp.si.4 Transport", + "mp.si.5 Erasure and destruction", + "mp.info.6 Backups" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3d399cf3-8fc6-0efc-6ab0-1412f1198517", + "policyDefinitionReferenceId": "BlockUntrustedAndUnsignedProcessesThatRunFromUsb", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.4 Authorization process", + "op.pl.2 Security Architecture", + "op.exp.1 Asset inventory", + "op.exp.6 Protection against harmful code", + "mp.si.3 Custody", + "mp.si.4 Transport", + "mp.si.5 Erasure and destruction", + "mp.info.6 Backups" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6122970b-8d4a-7811-0278-4c6c68f61e4f", + "policyDefinitionReferenceId": "RestrictMediaUse", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.4 Authorization process", + "op.pl.2 Security Architecture", + "op.exp.1 Asset inventory", + "mp.si.3 Custody", + "mp.si.4 Transport", + "mp.si.5 Erasure and destruction", + "mp.info.6 Backups" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/eaaae23f-92c9-4460-51cf-913feaea4d52", + "policyDefinitionReferenceId": "EmployAMediaSanitizationMechanism", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "org.4 Authorization process", + "op.exp.4 Security maintenance and updates", + "mp.eq.1 Clear desk", + "mp.eq.2 User session lockout", + "mp.si.3 Custody", + "mp.si.4 Transport", + "mp.si.5 Erasure and destruction", + "mp.info.6 Backups" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c6fe3856-4635-36b6-983c-070da12a953b", + "policyDefinitionReferenceId": "ImplementTheRiskManagementStrategy", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.pl.1 Risk analysis" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/477bd136-7dd9-55f8-48ac-bae096b86a07", + "policyDefinitionReferenceId": "DevelopPoa&m", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.pl.1 Risk analysis" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6b957f60-54cd-5752-44d5-ff5a64366c93", + "policyDefinitionReferenceId": "DevelopSspThatMeetsCriteria", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.pl.1 Risk analysis", + "op.pl.3 Acquisition of new components" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68", + "policyDefinitionReferenceId": "ConductRiskAssessmentAndDocumentItsResults", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.pl.1 Risk analysis", + "mp.sw.2 Acceptance and commissioning" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/cc057769-01d9-95ad-a36f-1e62a7f9540b", + "policyDefinitionReferenceId": "UpdatePoa&mItems", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.pl.1 Risk analysis" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/07458826-9325-4481-abaf-bc9ed043459d", + "policyDefinitionReferenceId": "MicrosoftManagedControl1744-RiskManagementStrategy", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0afb38a3-5e1c-4339-9ab4-df6a3dfc7da2", + "policyDefinitionReferenceId": "MicrosoftManagedControl1804-GovernanceAndPrivacyProgram", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08", + "policyDefinitionReferenceId": "AssessRiskInThirdPartyRelationships", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.pl.1 Risk analysis", + "op.pl.4 Sizing and capacity management", + "op.pl.5 Certified components", + "op.ext.1 Contracting and service level agreements", + "op.nub.1 Cloud service protection", + "mp.sw.1 IT Aplications development", + "mp.sw.2 Acceptance and commissioning" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/106618ad-fe3e-49b4-bfef-01009f6770d8", + "policyDefinitionReferenceId": "MicrosoftManagedControl1820-AccountingOfDisclosures", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/10984b4e-c93e-48d7-bf20-9c03b04e9eca", + "policyDefinitionReferenceId": "MicrosoftManagedControl1554-VulnerabilityScanning|DiscoverableInformation", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis", + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "op.mon.3 Monitoring" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1d7658b2-e827-49c3-a2ae-6d2bd0b45874", + "policyDefinitionReferenceId": "MicrosoftManagedControl1538-SecurityCategorization", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1f90fc71-a595-4066-8974-d4d0802e8ef0", + "policyDefinitionReferenceId": "MicrosoftDefenderCspmShouldBeEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.pl.1 Risk analysis", + "op.exp.6 Protection against harmful code" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/20ea0798-d19e-4925-afd0-53d583815818", + "policyDefinitionReferenceId": "MicrosoftManagedControl1815-PrivacyAwarenessAndTraining", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2ce1ea7e-4038-4e53-82f4-63e8859333c1", + "policyDefinitionReferenceId": "MicrosoftManagedControl1546-VulnerabilityScanning", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis", + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "op.mon.3 Monitoring" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/31b752c1-05a9-432a-8fce-c39b56550119", + "policyDefinitionReferenceId": "MicrosoftManagedControl1698-InformationSystemMonitoring|IndividualsPosingGreaterRisk", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/36fbe499-f2f2-41b6-880e-52d7ea1d94a5", + "policyDefinitionReferenceId": "MicrosoftManagedControl1557-VulnerabilityScanning|ReviewHistoricAuditLogs", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis", + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "op.mon.3 Monitoring" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/391ff8b3-afed-405e-9f7d-ef2f8168d5da", + "policyDefinitionReferenceId": "MicrosoftManagedControl1556-VulnerabilityScanning|AutomatedTrendAnalyses", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis", + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "op.mon.3 Monitoring" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/395736bb-aa8b-45f0-b9cc-06af26b2b1d4", + "policyDefinitionReferenceId": "MicrosoftManagedControl1810-PrivacyRequirementsForContractorsAndServiceProviders", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3a02bf7a-8fb7-4c97-bd55-4a8592764cc8", + "policyDefinitionReferenceId": "MicrosoftManagedControl1840-MinimizationOfPiiUsedInTesting,Training,AndResearch|RiskMinimizationTechniques", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3afe6c78-6124-4d95-b85c-eb8c0c9539cb", + "policyDefinitionReferenceId": "MicrosoftManagedControl1548-VulnerabilityScanning", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis", + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "op.mon.3 Monitoring" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3f4b171a-a56b-4328-8112-32cf7f947ee1", + "policyDefinitionReferenceId": "MicrosoftManagedControl1545-RiskAssessment", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/43684572-e4f1-4642-af35-6b933bc506da", + "policyDefinitionReferenceId": "MicrosoftManagedControl1552-VulnerabilityScanning|UpdateByFrequency/PriorToNewScan/WhenIdentified", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis", + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "op.mon.3 Monitoring" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/43ced7c9-cd53-456b-b0da-2522649a4271", + "policyDefinitionReferenceId": "MicrosoftManagedControl1544-RiskAssessment", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4b0d8d1d-7800-4b62-b4bf-6eecde12b2af", + "policyDefinitionReferenceId": "MicrosoftManagedControl1813-PrivacyAwarenessAndTraining", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4d1d4ce2-71ea-4578-bbb4-fe76215d45ac", + "policyDefinitionReferenceId": "MicrosoftManagedControl1811-PrivacyRequirementsForContractorsAndServiceProviders", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4f34f554-da4b-4786-8d66-7915c90893da", + "policyDefinitionReferenceId": "MicrosoftManagedControl1182-BaselineConfiguration|ConfigureSystems,Components,OrDevicesForHigh-riskAreas", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5352e3e0-e63a-452e-9e5f-9c1d181cff9c", + "policyDefinitionReferenceId": "MicrosoftManagedControl1183-BaselineConfiguration|ConfigureSystems,Components,OrDevicesForHigh-riskAreas", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/55419419-c597-4cd4-b51e-009fd2266783", + "policyDefinitionReferenceId": "MicrosoftManagedControl1026-AccountManagement|DisableAccountsForHigh-riskIndividuals", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52", + "policyDefinitionReferenceId": "MicrosoftManagedControl1547-VulnerabilityScanning", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis", + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "op.mon.3 Monitoring" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/58f477bf-287b-43ef-ab49-dffde92130a0", + "policyDefinitionReferenceId": "MicrosoftManagedControl1816-PrivacyReporting", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5afa8cab-1ed7-4e40-884c-64e0ac2059cc", + "policyDefinitionReferenceId": "MicrosoftManagedControl1555-VulnerabilityScanning|PrivilegedAccess", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis", + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "op.mon.3 Monitoring" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5b61f773-2042-46a8-b489-106d850d6d4e", + "policyDefinitionReferenceId": "MicrosoftManagedControl1814-PrivacyAwarenessAndTraining", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5bbda922-0172-4095-89e6-5b4a0bf03af7", + "policyDefinitionReferenceId": "MicrosoftManagedControl1551-VulnerabilityScanning|UpdateToolCapability", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis", + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "op.mon.3 Monitoring" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/65592b16-4367-42c5-a26e-d371be450e17", + "policyDefinitionReferenceId": "MicrosoftManagedControl1558-VulnerabilityScanning|CorrelateScanningInformation", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis", + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "op.mon.3 Monitoring" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/66a56404-7b65-4e33-b371-28d069172dd4", + "policyDefinitionReferenceId": "MicrosoftManagedControl1743-RiskManagementStrategy", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/677e1da4-00c3-287a-563d-f4a1cf9b99a0", + "policyDefinitionReferenceId": "ConductRiskAssessment", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.pl.1 Risk analysis", + "mp.sw.2 Acceptance and commissioning" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/689f7782-ef2c-4270-a6d0-7664869076bd", + "policyDefinitionReferenceId": "ConfigureMicrosoftDefenderCspmToBeEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.pl.1 Risk analysis", + "op.exp.6 Protection against harmful code" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6b04f815-52d7-4ff6-94bf-a4f22c07d5ae", + "policyDefinitionReferenceId": "MicrosoftManagedControl1809-PrivacyImpactAndRiskAssessment", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6bfe6405-805c-4c9b-a9d3-f209237bb95d", + "policyDefinitionReferenceId": "MicrosoftManagedControl1802-GovernanceAndPrivacyProgram", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6e40d9de-2ad4-4cb5-8945-23143326a502", + "policyDefinitionReferenceId": "MicrosoftManagedControl1536-RiskAssessmentPolicyAndProcedures", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/70f6af82-7be6-44aa-9b15-8b9231b2e434", + "policyDefinitionReferenceId": "MicrosoftManagedControl1541-RiskAssessment", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7cb8a3d2-a208-4b6f-95e8-e8f0bb85a7a6", + "policyDefinitionReferenceId": "MicrosoftManagedControl1807-GovernanceAndPrivacyProgram", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86ec7f9b-9478-40ff-8cfd-6a0d510081a8", + "policyDefinitionReferenceId": "MicrosoftManagedControl1589-ExternalInformationSystemServices|RiskAssessments/OrganizationalApprovals", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/902908fb-25a8-4225-a3a5-5603c80066c9", + "policyDefinitionReferenceId": "MicrosoftManagedControl1550-VulnerabilityScanning", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis", + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "op.mon.3 Monitoring" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9150259b-617b-596d-3bf5-5ca3fce20335", + "policyDefinitionReferenceId": "EstablishPoliciesForSupplyChainRiskManagement", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.pl.1 Risk analysis", + "op.pl.4 Sizing and capacity management", + "op.pl.5 Certified components", + "op.ext.1 Contracting and service level agreements", + "op.ext.3 Protection of supply chain", + "op.nub.1 Cloud service protection", + "mp.sw.1 IT Aplications development", + "mp.sw.2 Acceptance and commissioning" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/956b00aa-7977-4214-a0f5-e0428c1f9bff", + "policyDefinitionReferenceId": "MicrosoftManagedControl1806-GovernanceAndPrivacyProgram", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9834600a-668a-482c-9310-a89861b29e06", + "policyDefinitionReferenceId": "MicrosoftManagedControl1805-GovernanceAndPrivacyProgram", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9e5225fe-cdfb-4fce-9aec-0fe20dd53b62", + "policyDefinitionReferenceId": "MicrosoftManagedControl1553-VulnerabilityScanning|Breadth/DepthOfCoverage", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis", + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "op.mon.3 Monitoring" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a36eb487-cbd1-4fe7-a3df-2efc6aa2c2b6", + "policyDefinitionReferenceId": "MicrosoftManagedControl1745-RiskManagementStrategy", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/aabb155f-e7a5-4896-a767-e918bfae2ee0", + "policyDefinitionReferenceId": "MicrosoftManagedControl1539-SecurityCategorization", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b19454ca-0d70-42c0-acf5-ea1c1e5726d1", + "policyDefinitionReferenceId": "MicrosoftManagedControl1537-RiskAssessmentPolicyAndProcedures", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b7897ddc-9716-2460-96f7-7757ad038cc4", + "policyDefinitionReferenceId": "AssignRiskDesignations", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.pl.1 Risk analysis" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bf296b8c-f391-4ea4-9198-be3c9d39dd1f", + "policyDefinitionReferenceId": "MicrosoftManagedControl1590-ExternalInformationSystemServices|RiskAssessments/OrganizationalApprovals", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c6c43097-8552-4279-8b38-7dcabff781d3", + "policyDefinitionReferenceId": "MicrosoftManagedControl1819-AccountingOfDisclosures", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/cd6120c1-d069-416d-9753-fbe84bca4b01", + "policyDefinitionReferenceId": "MicrosoftManagedControl1808-PrivacyImpactAndRiskAssessment", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d2fc426a-4b67-464b-87c9-2134b8762ddf", + "policyDefinitionReferenceId": "MicrosoftManagedControl1817-Privacy-enhancedSystemDesignAndDevelopment", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d39620a4-95c6-4d4f-8aa4-83c0c6a2c640", + "policyDefinitionReferenceId": "MicrosoftManagedControl1818-AccountingOfDisclosures", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d6976a08-d969-4df2-bb38-29556c2eb48a", + "policyDefinitionReferenceId": "MicrosoftManagedControl1549-VulnerabilityScanning", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis", + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "op.mon.3 Monitoring" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d7c1ecc3-2980-a079-1569-91aec8ac4a77", + "policyDefinitionReferenceId": "ConductRiskAssessmentAndDistributeItsResults", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.pl.1 Risk analysis", + "mp.sw.2 Acceptance and commissioning" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/eab340d0-3d55-4826-a0e5-feebfeb0131d", + "policyDefinitionReferenceId": "MicrosoftManagedControl1542-RiskAssessment", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f3739612-c86c-4b2e-bbe6-0d0869aec19c", + "policyDefinitionReferenceId": "MicrosoftManagedControl1803-GovernanceAndPrivacyProgram", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f7161f06-5260-4f0f-aeae-4bbfb8612a10", + "policyDefinitionReferenceId": "MicrosoftManagedControl1812-PrivacyMonitoringAndAuditing", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f771f8cb-6642-45cc-9a15-8a41cd5c6977", + "policyDefinitionReferenceId": "MicrosoftManagedControl1540-SecurityCategorization", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/fd00b778-b5b5-49c0-a994-734ea7bd3624", + "policyDefinitionReferenceId": "MicrosoftManagedControl1543-RiskAssessment", + "parameters": {}, + "groupNames": [ + "op.pl.1 Risk analysis" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1e876c5c-0f2a-8eb6-69f7-5f91e7918ed6", + "policyDefinitionReferenceId": "ReviewDevelopmentProcess,StandardsAndTools", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.pl.2 Security Architecture", + "op.pl.3 Acquisition of new components", + "mp.sw.1 IT Aplications development" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3e37c891-840c-3eb4-78d2-e2e0bb5063e0", + "policyDefinitionReferenceId": "RequireDevelopersToDescribeAccurateSecurityFunctionality", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.pl.2 Security Architecture", + "mp.sw.1 IT Aplications development" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7a114735-a420-057d-a651-9a73cd0416ef", + "policyDefinitionReferenceId": "RequireDevelopersToProvideUnifiedSecurityProtectionApproach", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.pl.2 Security Architecture", + "mp.sw.1 IT Aplications development" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8b1f29eb-1b22-4217-5337-9207cb55231e", + "policyDefinitionReferenceId": "PerformInformationInputValidation", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.pl.2 Security Architecture", + "mp.sw.1 IT Aplications development" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f131c8c5-a54a-4888-1efc-158928924bc1", + "policyDefinitionReferenceId": "RequireDevelopersToBuildSecurityArchitecture", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.pl.2 Security Architecture", + "mp.sw.1 IT Aplications development" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/043c1e56-5a16-52f8-6af8-583098ff3e60", + "policyDefinitionReferenceId": "CreateADataInventory", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.pl.2 Security Architecture", + "op.exp.1 Asset inventory", + "mp.com.4 Separation of information flows on the network", + "mp.si.3 Custody", + "mp.info.2 Rating of information" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/92ede480-154e-0e22-4dca-8b46a74a3a51", + "policyDefinitionReferenceId": "MaintainRecordsOfProcessingOfPersonalData", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.pl.2 Security Architecture", + "op.exp.1 Asset inventory", + "mp.com.4 Separation of information flows on the network", + "mp.si.3 Custody", + "mp.info.2 Rating of information" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/27965e62-141f-8cca-426f-d09514ee5216", + "policyDefinitionReferenceId": "EstablishAndMaintainAnAssetInventory", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.pl.2 Security Architecture", + "op.exp.1 Asset inventory", + "mp.if.1 Separate areas with access control", + "mp.if.2 Identification of persons", + "mp.if.3 Fitting-out of premises", + "mp.if.5 Fire protection", + "mp.if.6 Flood protection", + "mp.if.7 Recording of entries and exits of equipment", + "mp.eq.1 Clear desk", + "mp.si.4 Transport" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/35a4102f-a778-4a2e-98c2-971056288df8", + "policyDefinitionReferenceId": "MicrosoftManagedControl1659-ArchitectureAndProvisioningForName/AddressResolutionService", + "parameters": {}, + "groupNames": [ + "op.pl.2 Security Architecture" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/57adc919-9dca-817c-8197-64d812070316", + "policyDefinitionReferenceId": "DevelopAnEnterpriseArchitecture", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.pl.2 Security Architecture" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/813a10a7-3943-4fe3-8678-00dc52db5490", + "policyDefinitionReferenceId": "MicrosoftManagedControl1505-InformationSecurityArchitecture", + "parameters": {}, + "groupNames": [ + "op.pl.2 Security Architecture" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8154e3b3-cc52-40be-9407-7756581d71f6", + "policyDefinitionReferenceId": "MicrosoftManagedControl1614-DeveloperSecurityArchitectureAndDesign", + "parameters": {}, + "groupNames": [ + "op.pl.2 Security Architecture" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9870806c-153f-4fa5-aafa-c5f5eeb72292", + "policyDefinitionReferenceId": "MicrosoftManagedControl1741-EnterpriseArchitecture", + "parameters": {}, + "groupNames": [ + "op.pl.2 Security Architecture" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9e7c35d0-12d4-4e0c-80a2-8a352537aefd", + "policyDefinitionReferenceId": "MicrosoftManagedControl1504-InformationSecurityArchitecture", + "parameters": {}, + "groupNames": [ + "op.pl.2 Security Architecture" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a2037b3d-8b04-4171-8610-e6d4f1d08db5", + "policyDefinitionReferenceId": "MicrosoftManagedControl1612-DeveloperSecurityArchitectureAndDesign", + "parameters": {}, + "groupNames": [ + "op.pl.2 Security Architecture" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c1fa9c2f-d439-4ab9-8b83-81fb1934f81d", + "policyDefinitionReferenceId": "MicrosoftManagedControl1503-InformationSecurityArchitecture", + "parameters": {}, + "groupNames": [ + "op.pl.2 Security Architecture" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ced291b8-1d3d-7e27-40cf-829e9dd523c8", + "policyDefinitionReferenceId": "ReviewAndUpdateTheInformationSecurityArchitecture", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.pl.2 Security Architecture", + "op.pl.3 Acquisition of new components" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/fe2ad78b-8748-4bff-a924-f74dfca93f30", + "policyDefinitionReferenceId": "MicrosoftManagedControl1613-DeveloperSecurityArchitectureAndDesign", + "parameters": {}, + "groupNames": [ + "op.pl.2 Security Architecture" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e7422f08-65b4-50e4-3779-d793156e0079", + "policyDefinitionReferenceId": "DevelopAConceptOfOperations(conops)", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.pl.3 Acquisition of new components" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1d39b5d9-0392-8954-8359-575ce1957d1a", + "policyDefinitionReferenceId": "SupportPersonalVerificationCredentialsIssuedByLegalAuthorities", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.pl.3 Acquisition of new components", + "op.acc.1 Identification", + "op.acc.2 Access requirements", + "op.acc.5 Authentication mechanism (external users)", + "op.acc.6 Authentication mechanism (organization users)", + "op.ext.4 Interconnection of systems", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.info.3 Electronic signature", + "mp.info.4 Time stamps", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e1379836-3492-6395-451d-2f5062e14136", + "policyDefinitionReferenceId": "IdentifyAndAuthenticateNon-organizationalUsers", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.pl.3 Acquisition of new components", + "op.acc.1 Identification", + "op.acc.2 Access requirements", + "op.acc.5 Authentication mechanism (external users)", + "op.acc.6 Authentication mechanism (organization users)", + "op.exp.10 Cryptographic key protection", + "op.ext.4 Interconnection of systems", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.info.3 Electronic signature", + "mp.info.4 Time stamps", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e336d5f4-4d8f-0059-759c-ae10f63d1747", + "policyDefinitionReferenceId": "EnforceUserUniqueness", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.pl.3 Acquisition of new components", + "op.acc.1 Identification", + "op.acc.2 Access requirements", + "op.acc.5 Authentication mechanism (external users)", + "op.acc.6 Authentication mechanism (organization users)", + "op.ext.4 Interconnection of systems", + "mp.com.2 Protection of confidentiality", + "mp.com.3 Protection of integrity and authenticity", + "mp.info.3 Electronic signature", + "mp.info.4 Time stamps", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/333b4ada-4a02-0648-3d4d-d812974f1bb2", + "policyDefinitionReferenceId": "GovernAndMonitorAuditProcessingActivities", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.pl.4 Sizing and capacity management", + "mp.s.4 Protection against denial of service" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/33602e78-35e3-4f06-17fb-13dd887448e4", + "policyDefinitionReferenceId": "ConductCapacityPlanning", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.pl.4 Sizing and capacity management", + "mp.s.4 Protection against denial of service" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2b2f3a72-9e68-3993-2b69-13dcdecf8958", + "policyDefinitionReferenceId": "DefineRequirementsForSupplyingGoodsAndServices", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.pl.4 Sizing and capacity management", + "op.pl.5 Certified components", + "op.ext.1 Contracting and service level agreements", + "op.nub.1 Cloud service protection", + "mp.sw.1 IT Aplications development", + "mp.sw.2 Acceptance and commissioning" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/562afd61-56be-4313-8fe4-b9564aa4ba7d", + "policyDefinitionReferenceId": "MicrosoftManagedControl1113-ResponseToAuditProcessingFailures|AuditStorageCapacity", + "parameters": {}, + "groupNames": [ + "op.pl.4 Sizing and capacity management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6182bfa7-0f2a-43f5-834a-a2ddf31c13c7", + "policyDefinitionReferenceId": "MicrosoftManagedControl1110-AuditStorageCapacity", + "parameters": {}, + "groupNames": [ + "op.pl.4 Sizing and capacity management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a328fd72-8ff5-4f96-8c9c-b30ed95db4ab", + "policyDefinitionReferenceId": "MicrosoftManagedControl1252-ContingencyPlan|CapacityPlanning", + "parameters": {}, + "groupNames": [ + "op.pl.4 Sizing and capacity management", + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/edcc36f1-511b-81e0-7125-abee29752fe7", + "policyDefinitionReferenceId": "ManageAvailabilityAndCapacity", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.pl.4 Sizing and capacity management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/29363ae1-68cd-01ca-799d-92c9197c8404", + "policyDefinitionReferenceId": "ManageAuthenticatorLifetimeAndReuse", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.1 Identification", + "op.acc.2 Access requirements", + "op.acc.5 Authentication mechanism (external users)", + "op.exp.10 Cryptographic key protection", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2f204e72-1896-3bf8-75c9-9128b8683a36", + "policyDefinitionReferenceId": "ReissueAuthenticatorsForChangedGroupsAndAccounts", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.1 Identification", + "op.acc.2 Access requirements", + "op.acc.5 Authentication mechanism (external users)", + "op.exp.10 Cryptographic key protection", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/35963d41-4263-0ef9-98d5-70eb058f9e3c", + "policyDefinitionReferenceId": "EstablishProceduresForInitialAuthenticatorDistribution", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.1 Identification", + "op.acc.2 Access requirements", + "op.acc.5 Authentication mechanism (external users)", + "op.exp.10 Cryptographic key protection", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3ae68d9a-5696-8c32-62d3-c6f9c52e437c", + "policyDefinitionReferenceId": "RefreshAuthenticators", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.1 Identification", + "op.acc.2 Access requirements", + "op.acc.5 Authentication mechanism (external users)", + "op.exp.10 Cryptographic key protection", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/426c172c-9914-10d1-25dd-669641fc1af4", + "policyDefinitionReferenceId": "EnableDetectionOfNetworkDevices", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.1 Identification", + "op.acc.2 Access requirements", + "op.acc.5 Authentication mechanism (external users)", + "op.acc.6 Authentication mechanism (organization users)", + "op.ext.4 Interconnection of systems" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4781e5fd-76b8-7d34-6df3-a0a7fca47665", + "policyDefinitionReferenceId": "PreventIdentifierReuseForTheDefinedTimePeriod", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.1 Identification" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/49c23d9b-02b0-0e42-4f94-e8cef1b8381b", + "policyDefinitionReferenceId": "AuditUserAccountStatus", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.1 Identification", + "op.acc.3 Segregation of functions and tasks", + "op.acc.4 Access rights management process", + "op.acc.5 Authentication mechanism (external users)", + "op.exp.8 Recording of the activity", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4aacaec9-0628-272c-3e83-0d68446694e0", + "policyDefinitionReferenceId": "ManageAuthenticators", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.1 Identification", + "op.acc.2 Access requirements", + "op.acc.5 Authentication mechanism (external users)", + "op.exp.10 Cryptographic key protection", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4b8fd5da-609b-33bf-9724-1c946285a14c", + "policyDefinitionReferenceId": "NotifyAccountManagersOfCustomerControlledAccounts", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.1 Identification", + "op.acc.3 Segregation of functions and tasks", + "op.acc.4 Access rights management process", + "op.acc.5 Authentication mechanism (external users)", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4c6df5ff-4ef2-4f17-a516-0da9189c603b", + "policyDefinitionReferenceId": "AssignAccountManagers", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.1 Identification", + "op.acc.3 Segregation of functions and tasks", + "op.acc.4 Access rights management process", + "op.acc.5 Authentication mechanism (external users)", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/585af6e9-90c0-4575-67a7-2f9548972e32", + "policyDefinitionReferenceId": "ReviewAndReevaluatePrivileges", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.1 Identification", + "op.acc.3 Segregation of functions and tasks", + "op.acc.4 Access rights management process", + "op.acc.5 Authentication mechanism (external users)", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/623b5f0a-8cbd-03a6-4892-201d27302f0c", + "policyDefinitionReferenceId": "DefineInformationSystemAccountTypes", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.1 Identification", + "op.acc.3 Segregation of functions and tasks", + "op.acc.4 Access rights management process", + "op.acc.5 Authentication mechanism (external users)", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/72889284-15d2-90b2-4b39-a1e9541e1152", + "policyDefinitionReferenceId": "VerifyIdentityBeforeDistributingAuthenticators", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.1 Identification", + "op.acc.2 Access requirements", + "op.acc.5 Authentication mechanism (external users)", + "op.exp.10 Cryptographic key protection", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/79f081c7-1634-01a1-708e-376197999289", + "policyDefinitionReferenceId": "ReviewUserAccounts", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.1 Identification", + "op.acc.3 Segregation of functions and tasks", + "op.acc.4 Access rights management process", + "op.acc.5 Authentication mechanism (external users)", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/873895e8-0e3a-6492-42e9-22cd030e9fcd", + "policyDefinitionReferenceId": "RestrictAccessToPrivilegedAccounts", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.1 Identification", + "op.acc.2 Access requirements", + "op.acc.3 Segregation of functions and tasks", + "op.acc.4 Access rights management process", + "op.acc.5 Authentication mechanism (external users)", + "op.exp.8 Recording of the activity", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0", + "policyDefinitionReferenceId": "EstablishAuthenticatorTypesAndProcesses", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.1 Identification", + "op.acc.2 Access requirements", + "op.acc.5 Authentication mechanism (external users)", + "op.exp.10 Cryptographic key protection", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/92a7591f-73b3-1173-a09c-a08882d84c70", + "policyDefinitionReferenceId": "IdentifyActionsAllowedWithoutAuthentication", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.1 Identification", + "op.acc.2 Access requirements", + "op.acc.5 Authentication mechanism (external users)", + "op.acc.6 Authentication mechanism (organization users)", + "op.exp.10 Cryptographic key protection", + "op.ext.4 Interconnection of systems" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/97cfd944-6f0c-7db2-3796-8e890ef70819", + "policyDefinitionReferenceId": "EstablishConditionsForRoleMembership", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.1 Identification", + "op.acc.3 Segregation of functions and tasks", + "op.acc.4 Access rights management process", + "op.acc.5 Authentication mechanism (external users)", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a08b18c7-9e0a-89f1-3696-d80902196719", + "policyDefinitionReferenceId": "DocumentAccessPrivileges", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.1 Identification", + "op.acc.3 Segregation of functions and tasks", + "op.acc.4 Access rights management process", + "op.acc.5 Authentication mechanism (external users)", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af38215f-70c4-0cd6-40c2-c52d86690a45", + "policyDefinitionReferenceId": "SetAutomatedNotificationsForNewAndTrendingCloudApplicationsInYourOrganization", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.1 Identification", + "op.acc.2 Access requirements", + "op.acc.5 Authentication mechanism (external users)", + "op.acc.6 Authentication mechanism (organization users)", + "op.exp.8 Recording of the activity", + "op.ext.4 Interconnection of systems" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e4b00788-7e1c-33ec-0418-d048508e095b", + "policyDefinitionReferenceId": "ImplementTrainingForProtectingAuthenticators", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.1 Identification", + "op.acc.2 Access requirements", + "op.acc.5 Authentication mechanism (external users)", + "op.exp.10 Cryptographic key protection", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f29b17a4-0df2-8a50-058a-8570f9979d28", + "policyDefinitionReferenceId": "AssignSystemIdentifiers", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.1 Identification" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2af551d5-1775-326a-0589-590bfb7e9eb2", + "policyDefinitionReferenceId": "LimitPrivilegesToMakeChangesInProductionEnvironment", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.1 Identification", + "op.acc.2 Access requirements", + "op.acc.3 Segregation of functions and tasks", + "op.acc.4 Access rights management process", + "op.acc.5 Authentication mechanism (external users)", + "mp.sw.1 IT Aplications development", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2cc9c165-46bd-9762-5739-d2aae5ba90a1", + "policyDefinitionReferenceId": "AutomateAccountManagement", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.1 Identification", + "op.acc.2 Access requirements", + "op.acc.3 Segregation of functions and tasks", + "op.acc.4 Access rights management process", + "op.acc.5 Authentication mechanism (external users)", + "op.exp.8 Recording of the activity", + "op.ext.4 Interconnection of systems", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/34d38ea7-6754-1838-7031-d7fd07099821", + "policyDefinitionReferenceId": "ManageSystemAndAdminAccounts", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.1 Identification", + "op.acc.2 Access requirements", + "op.acc.3 Segregation of functions and tasks", + "op.acc.4 Access rights management process", + "op.acc.5 Authentication mechanism (external users)", + "op.exp.8 Recording of the activity", + "op.ext.4 Interconnection of systems", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8489ff90-8d29-61df-2d84-f9ab0f4c5e84", + "policyDefinitionReferenceId": "NotifyWhenAccountIsNotNeeded", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.1 Identification", + "op.acc.2 Access requirements", + "op.acc.3 Segregation of functions and tasks", + "op.acc.4 Access rights management process", + "op.acc.5 Authentication mechanism (external users)", + "op.exp.8 Recording of the activity", + "op.ext.4 Interconnection of systems", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/03b6427e-6072-4226-4bd9-a410ab65317e", + "policyDefinitionReferenceId": "DesignAnAccessControlModel", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.1 Identification", + "op.acc.2 Access requirements", + "op.acc.3 Segregation of functions and tasks", + "op.acc.4 Access rights management process", + "op.acc.5 Authentication mechanism (external users)", + "op.ext.4 Interconnection of systems", + "mp.sw.1 IT Aplications development", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1bc7fd64-291f-028e-4ed6-6e07886e163f", + "policyDefinitionReferenceId": "EmployLeastPrivilegeAccess", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.1 Identification", + "op.acc.2 Access requirements", + "op.acc.3 Segregation of functions and tasks", + "op.acc.4 Access rights management process", + "op.acc.5 Authentication mechanism (external users)", + "op.ext.4 Interconnection of systems", + "mp.sw.1 IT Aplications development", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/32f22cfa-770b-057c-965b-450898425519", + "policyDefinitionReferenceId": "RevokePrivilegedRolesAsAppropriate", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.1 Identification", + "op.acc.2 Access requirements", + "op.acc.3 Segregation of functions and tasks", + "op.acc.4 Access rights management process", + "op.acc.5 Authentication mechanism (external users)", + "op.exp.8 Recording of the activity", + "op.exp.10 Cryptographic key protection", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/339353f6-2387-4a45-abe4-7f529d121046", + "policyDefinitionReferenceId": "GuestAccountsWithOwnerPermissionsOnAzureResourcesShouldBeRemoved", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.1 Identification", + "op.acc.3 Segregation of functions and tasks", + "op.acc.4 Access rights management process", + "op.acc.5 Authentication mechanism (external users)" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/931e118d-50a1-4457-a5e4-78550e086c52", + "policyDefinitionReferenceId": "AccountsWithWritePermissionsOnAzureResourcesShouldBeMfaEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.1 Identification", + "op.acc.2 Access requirements", + "op.acc.3 Segregation of functions and tasks", + "op.acc.4 Access rights management process", + "op.acc.5 Authentication mechanism (external users)", + "op.acc.6 Authentication mechanism (organization users)", + "op.exp.10 Cryptographic key protection" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/94e1c2ac-cbbe-4cac-a2b5-389c812dee87", + "policyDefinitionReferenceId": "GuestAccountsWithWritePermissionsOnAzureResourcesShouldBeRemoved", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.1 Identification", + "op.acc.3 Segregation of functions and tasks", + "op.acc.4 Access rights management process", + "op.acc.5 Authentication mechanism (external users)" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a451c1ef-c6ca-483d-87ed-f49761e3ffb5", + "policyDefinitionReferenceId": "AuditUsageOfCustomRbacRoles", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.1 Identification", + "op.acc.3 Segregation of functions and tasks", + "op.acc.4 Access rights management process", + "op.acc.5 Authentication mechanism (external users)", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b54ed75b-3e1a-44ac-a333-05ba39b99ff0", + "policyDefinitionReferenceId": "ServiceFabricClustersShouldOnlyUseAzureActiveDirectoryForClientAuthentication", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDenyResourceRequestOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.1 Identification", + "op.acc.3 Segregation of functions and tasks", + "op.acc.4 Access rights management process", + "op.acc.5 Authentication mechanism (external users)", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e3e008c3-56b9-4133-8fd7-d3347377402a", + "policyDefinitionReferenceId": "AccountsWithOwnerPermissionsOnAzureResourcesShouldBeMfaEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.1 Identification", + "op.acc.2 Access requirements", + "op.acc.3 Segregation of functions and tasks", + "op.acc.4 Access rights management process", + "op.acc.5 Authentication mechanism (external users)", + "op.acc.6 Authentication mechanism (organization users)", + "op.exp.10 Cryptographic key protection" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e714b481-8fac-64a2-14a9-6f079b2501a4", + "policyDefinitionReferenceId": "UsePrivilegedIdentityManagement", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.1 Identification", + "op.acc.3 Segregation of functions and tasks", + "op.acc.4 Access rights management process", + "op.acc.5 Authentication mechanism (external users)", + "op.exp.8 Recording of the activity", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ed87d27a-9abf-7c71-714c-61d881889da4", + "policyDefinitionReferenceId": "MonitorPrivilegedRoleAssignment", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.1 Identification", + "op.acc.3 Segregation of functions and tasks", + "op.acc.4 Access rights management process", + "op.acc.5 Authentication mechanism (external users)", + "op.exp.8 Recording of the activity", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f26af0b1-65b6-689a-a03f-352ad2d00f98", + "policyDefinitionReferenceId": "AuditPrivilegedFunctions", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.1 Identification", + "op.acc.3 Segregation of functions and tasks", + "op.acc.4 Access rights management process", + "op.acc.5 Authentication mechanism (external users)", + "op.exp.8 Recording of the activity", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/331e8ea8-378a-410f-a2e5-ae22f38bb0da", + "policyDefinitionReferenceId": "DeployTheLinuxGuestConfigurationExtensionToEnableGuestConfigurationAssignmentsOnLinuxVms", + "parameters": {}, + "groupNames": [ + "op.acc.1 Identification", + "op.acc.2 Access requirements", + "op.acc.5 Authentication mechanism (external users)", + "op.exp.10 Cryptographic key protection", + "op.ext.4 Interconnection of systems", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "3.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3b30aa25-0f19-6c04-5ca4-bd3f880a763d", + "policyDefinitionReferenceId": "ImplementParametersForMemorizedSecretVerifiers", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.1 Identification", + "op.acc.2 Access requirements", + "op.acc.5 Authentication mechanism (external users)", + "op.exp.10 Cryptographic key protection", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e", + "policyDefinitionReferenceId": "AddSystem-assignedManagedIdentityToEnableGuestConfigurationAssignmentsOnVirtualMachinesWithNoIdentities", + "parameters": {}, + "groupNames": [ + "op.acc.1 Identification", + "op.acc.2 Access requirements", + "op.acc.5 Authentication mechanism (external users)", + "op.acc.6 Authentication mechanism (organization users)", + "op.exp.10 Cryptographic key protection", + "op.ext.4 Interconnection of systems", + "mp.si.2 Cryptography", + "mp.si.4 Transport", + "mp.info.3 Electronic signature", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "4.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/497dff13-db2a-4c0f-8603-28fa3b331ab6", + "policyDefinitionReferenceId": "AddSystem-assignedManagedIdentityToEnableGuestConfigurationAssignmentsOnVmsWithAUser-assignedIdentity", + "parameters": {}, + "groupNames": [ + "op.acc.1 Identification", + "op.acc.2 Access requirements", + "op.acc.5 Authentication mechanism (external users)", + "op.acc.6 Authentication mechanism (organization users)", + "op.exp.10 Cryptographic key protection", + "op.ext.4 Interconnection of systems", + "mp.si.2 Cryptography", + "mp.si.4 Transport", + "mp.info.3 Electronic signature", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "4.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4", + "policyDefinitionReferenceId": "AccountsWithReadPermissionsOnAzureResourcesShouldBeMfaEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.1 Identification", + "op.acc.2 Access requirements", + "op.acc.5 Authentication mechanism (external users)", + "op.acc.6 Authentication mechanism (organization users)", + "op.exp.10 Cryptographic key protection" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d8bbd80e-3bb1-5983-06c2-428526ec6a63", + "policyDefinitionReferenceId": "EstablishAPasswordPolicy", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.1 Identification", + "op.acc.2 Access requirements", + "op.acc.5 Authentication mechanism (external users)", + "op.exp.10 Cryptographic key protection", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e6955644-301c-44b5-a4c4-528577de6861", + "policyDefinitionReferenceId": "AuditLinuxMachinesThatDoNotHaveThePasswdFilePermissionsSetTo0644", + "parameters": { + "IncludeArcMachines": { + "value": "[parameters('IncludeArcMachines-AllowedValuesMustBeInLowerCase')]" + }, + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.1 Identification", + "op.acc.5 Authentication mechanism (external users)", + "op.exp.10 Cryptographic key protection" + ], + "definitionVersion": "3.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0cfea604-3201-4e14-88fc-fae4c427a6c5", + "policyDefinitionReferenceId": "BlockedAccountsWithOwnerPermissionsOnAzureResourcesShouldBeRemoved", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.1 Identification", + "op.acc.3 Segregation of functions and tasks", + "op.acc.4 Access rights management process", + "op.acc.5 Authentication mechanism (external users)" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7805a343-275c-41be-9d62-7215b96212d8", + "policyDefinitionReferenceId": "ReassignOrRemoveUserPrivilegesAsNeeded", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.1 Identification", + "op.acc.3 Segregation of functions and tasks", + "op.acc.4 Access rights management process", + "op.acc.5 Authentication mechanism (external users)" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8d7e1fde-fe26-4b5f-8108-f8e432cbc2be", + "policyDefinitionReferenceId": "BlockedAccountsWithReadAndWritePermissionsOnAzureResourcesShouldBeRemoved", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.1 Identification", + "op.acc.3 Segregation of functions and tasks", + "op.acc.4 Access rights management process", + "op.acc.5 Authentication mechanism (external users)" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f96d2186-79df-262d-3f76-f371e3b71798", + "policyDefinitionReferenceId": "ReviewUserPrivileges", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.1 Identification", + "op.acc.3 Segregation of functions and tasks", + "op.acc.4 Access rights management process", + "op.acc.5 Authentication mechanism (external users)" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d", + "policyDefinitionReferenceId": "AuditVmsThatDoNotUseManagedDisks", + "parameters": {}, + "groupNames": [ + "op.acc.2 Access requirements", + "op.ext.4 Interconnection of systems" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1d84d5fb-01f6-4d12-ba4f-4a26081d403d", + "policyDefinitionReferenceId": "VirtualMachinesShouldBeMigratedToNewAzureResourceManagerResources", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDenyResourceRequestOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.2 Access requirements", + "op.ext.4 Interconnection of systems" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606", + "policyDefinitionReferenceId": "StorageAccountsShouldBeMigratedToNewAzureResourceManagerResources", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDenyResourceRequestOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.2 Access requirements", + "op.ext.4 Interconnection of systems" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023", + "policyDefinitionReferenceId": "AuditLinuxMachinesThatAllowRemoteConnectionsFromAccountsWithoutPasswords", + "parameters": { + "IncludeArcMachines": { + "value": "[parameters('IncludeArcMachines-AllowedValuesMustBeInLowerCase')]" + }, + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.2 Access requirements", + "op.ext.4 Interconnection of systems" + ], + "definitionVersion": "3.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99", + "policyDefinitionReferenceId": "AuditLinuxMachinesThatHaveAccountsWithoutPasswords", + "parameters": { + "IncludeArcMachines": { + "value": "[parameters('IncludeArcMachines-AllowedValuesMustBeInLowerCase')]" + }, + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.2 Access requirements", + "op.ext.4 Interconnection of systems" + ], + "definitionVersion": "3.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/76d66b5c-85e4-93f5-96a5-ebb2fad61dc6", + "policyDefinitionReferenceId": "TerminateCustomerControlledAccountCredentials", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.2 Access requirements", + "op.acc.5 Authentication mechanism (external users)", + "op.exp.10 Cryptographic key protection", + "mp.s.2 Protection of web services and applications" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1ff03f2a-974b-3272-34f2-f6cd51420b30", + "policyDefinitionReferenceId": "ObscureFeedbackInformationDuringAuthenticationProcess", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.2 Access requirements", + "op.acc.5 Authentication mechanism (external users)", + "op.acc.6 Authentication mechanism (organization users)" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/20762f1e-85fb-31b0-a600-e833633f10fe", + "policyDefinitionReferenceId": "RevealErrorMessages", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.2 Access requirements", + "op.acc.5 Authentication mechanism (external users)", + "op.acc.6 Authentication mechanism (organization users)" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4502e506-5f35-0df4-684f-b326e3cc7093", + "policyDefinitionReferenceId": "TerminateUserSessionAutomatically", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.2 Access requirements", + "op.acc.5 Authentication mechanism (external users)", + "op.acc.6 Authentication mechanism (organization users)" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b4409bff-2287-8407-05fd-c73175a68302", + "policyDefinitionReferenceId": "EnforceALimitOfConsecutiveFailedLoginAttempts", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.2 Access requirements", + "op.acc.5 Authentication mechanism (external users)", + "op.acc.6 Authentication mechanism (organization users)" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c2cb4658-44dc-9d11-3dad-7c6802dd5ba3", + "policyDefinitionReferenceId": "GenerateErrorMessages", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.2 Access requirements", + "op.acc.5 Authentication mechanism (external users)", + "op.acc.6 Authentication mechanism (organization users)" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/237b38db-ca4d-4259-9e47-7882441ca2c0", + "policyDefinitionReferenceId": "AuditWindowsMachinesThatDoNotHaveTheMinimumPasswordAgeSetToSpecifiedNumberOfDays", + "parameters": { + "IncludeArcMachines": { + "value": "[parameters('IncludeArcMachines-AllowedValuesMustBeInLowerCase')]" + }, + "MinimumPasswordAge": { + "value": "[parameters('MinimumPasswordAge')]" + }, + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.2 Access requirements" + ], + "definitionVersion": "2.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/385f5831-96d4-41db-9a3c-cd3af78aaae6", + "policyDefinitionReferenceId": "DeployTheWindowsGuestConfigurationExtensionToEnableGuestConfigurationAssignmentsOnWindowsVms", + "parameters": {}, + "groupNames": [ + "op.acc.2 Access requirements", + "op.acc.6 Authentication mechanism (organization users)", + "mp.si.2 Cryptography", + "mp.si.4 Transport", + "mp.info.3 Electronic signature" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4ceb8dc2-559c-478b-a15b-733fbf1e3738", + "policyDefinitionReferenceId": "AuditWindowsMachinesThatDoNotHaveTheMaximumPasswordAgeSetToSpecifiedNumberOfDays", + "parameters": { + "IncludeArcMachines": { + "value": "[parameters('IncludeArcMachines-AllowedValuesMustBeInLowerCase')]" + }, + "MaximumPasswordAge": { + "value": "[parameters('MaximumPasswordAge')]" + }, + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.2 Access requirements" + ], + "definitionVersion": "2.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5b054a0d-39e2-4d53-bea3-9734cad2c69b", + "policyDefinitionReferenceId": "AuditWindowsMachinesThatAllowRe-useOfThePasswordsAfterTheSpecifiedNumberOfUniquePasswords", + "parameters": { + "IncludeArcMachines": { + "value": "[parameters('IncludeArcMachines-AllowedValuesMustBeInLowerCase')]" + }, + "EnforcePasswordHistory": { + "value": "[parameters('EnforcePasswordHistory')]" + }, + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.2 Access requirements" + ], + "definitionVersion": "2.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a2d0e922-65d0-40c4-8f87-ea6da2d307a2", + "policyDefinitionReferenceId": "AuditWindowsMachinesThatDoNotRestrictTheMinimumPasswordLengthToSpecifiedNumberOfCharacters", + "parameters": { + "IncludeArcMachines": { + "value": "[parameters('IncludeArcMachines-AllowedValuesMustBeInLowerCase')]" + }, + "MinimumPasswordLength": { + "value": "[parameters('MinimumPasswordLength')]" + }, + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.2 Access requirements" + ], + "definitionVersion": "2.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bf16e0bb-31e1-4646-8202-60a235cc7e74", + "policyDefinitionReferenceId": "AuditWindowsMachinesThatDoNotHaveThePasswordComplexitySettingEnabled", + "parameters": { + "IncludeArcMachines": { + "value": "[parameters('IncludeArcMachines-AllowedValuesMustBeInLowerCase')]" + }, + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.2 Access requirements" + ], + "definitionVersion": "2.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/341bc9f1-7489-07d9-4ec6-971573e1546a", + "policyDefinitionReferenceId": "DefineAccessAuthorizationsToSupportSeparationOfDuties", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.3 Segregation of functions and tasks" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/60ee1260-97f0-61bb-8155-5d8b75743655", + "policyDefinitionReferenceId": "SeparateDutiesOfIndividuals", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.3 Segregation of functions and tasks" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e6f7b584-877a-0d69-77d4-ab8b923a9650", + "policyDefinitionReferenceId": "DocumentSeparationOfDuties", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.3 Segregation of functions and tasks" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d", + "policyDefinitionReferenceId": "VirtualMachinesShouldEncryptTempDisks,Caches,AndDataFlowsBetweenComputeAndStorageResources", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.6 Authentication mechanism (organization users)", + "mp.com.3 Protection of integrity and authenticity" + ], + "definitionVersion": "2.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/17k78e20-9358-41c9-923c-fb736d382a12", + "policyDefinitionReferenceId": "TransparentDataEncryptionOnSqlDatabasesShouldBeEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.6 Authentication mechanism (organization users)", + "mp.com.3 Protection of integrity and authenticity" + ], + "definitionVersion": "2.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735", + "policyDefinitionReferenceId": "AutomationAccountVariablesShouldBeEncrypted", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDenyResourceRequestOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.6 Authentication mechanism (organization users)", + "mp.com.3 Protection of integrity and authenticity" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9", + "policyDefinitionReferenceId": "SecureTransferToStorageAccountsShouldBeEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDenyResourceRequestOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.6 Authentication mechanism (organization users)", + "op.mon.1 Intrusion detection", + "mp.com.3 Protection of integrity and authenticity", + "mp.info.3 Electronic signature" + ], + "definitionVersion": "2.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5020f3f4-a579-2f28-72a8-283c5a0b15f9", + "policyDefinitionReferenceId": "RestrictCommunications", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.6 Authentication mechanism (organization users)", + "mp.si.2 Cryptography", + "mp.si.4 Transport", + "mp.info.3 Electronic signature" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/617c02be-7f02-4efd-8836-3180d47b6c68", + "policyDefinitionReferenceId": "ServiceFabricClustersShouldHaveTheClusterprotectionlevelPropertySetToEncryptandsign", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDenyResourceRequestOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.6 Authentication mechanism (organization users)", + "mp.com.3 Protection of integrity and authenticity", + "mp.info.3 Electronic signature" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/da0f98fe-a24b-4ad5-af69-bd0400233661", + "policyDefinitionReferenceId": "AuditWindowsMachinesThatDoNotStorePasswordsUsingReversibleEncryption", + "parameters": { + "IncludeArcMachines": { + "value": "[parameters('IncludeArcMachines-AllowedValuesMustBeInLowerCase')]" + }, + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.6 Authentication mechanism (organization users)", + "mp.com.3 Protection of integrity and authenticity" + ], + "definitionVersion": "2.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ee67c031-57fc-53d0-0cca-96c4c04345e8", + "policyDefinitionReferenceId": "DocumentAndDistributeAPrivacyPolicy", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.acc.6 Authentication mechanism (organization users)", + "mp.si.2 Cryptography", + "mp.si.4 Transport", + "mp.info.3 Electronic signature" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/03752212-103c-4ab8-a306-7e813022ca9d", + "policyDefinitionReferenceId": "MicrosoftManagedControl1229-InformationSystemComponentInventory|NoDuplicateAccountingOfComponents", + "parameters": {}, + "groupNames": [ + "op.exp.1 Asset inventory" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/03b78f5e-4877-4303-b0f4-eb6583f25768", + "policyDefinitionReferenceId": "MicrosoftManagedControl1227-InformationSystemComponentInventory|AutomatedUnauthorizedComponentDetection", + "parameters": {}, + "groupNames": [ + "op.exp.1 Asset inventory" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/05a1bb01-ad5a-49c1-aad3-b0c893b2ec3a", + "policyDefinitionReferenceId": "MicrosoftManagedControl1223-InformationSystemComponentInventory", + "parameters": {}, + "groupNames": [ + "op.exp.1 Asset inventory" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/09a1f130-7697-42bc-8d84-8a9ea17e5187", + "policyDefinitionReferenceId": "[preview]:ConfigureLinuxArc-enabledMachinesToToInstallAmaForChangetrackingAndInventory", + "parameters": { + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy')]" + }, + "listOfApplicableLocations": { + "value": "[parameters('listOfApplicableLocations')]" + } + }, + "groupNames": [ + "op.exp.1 Asset inventory" + ], + "definitionVersion": "1.*.*-preview" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/09a1f130-7697-42bc-8d84-8a9ea17e5192", + "policyDefinitionReferenceId": "[preview]:ConfigureLinuxArc-enabledMachinesToBeAssociatedWithADataCollectionRuleForChangetrackingAndInventory", + "parameters": { + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy')]" + }, + "dcrResourceId": { + "value": "[parameters('dcrResourceId')]" + }, + "listOfApplicableLocations": { + "value": "[parameters('listOfApplicableLocations')]" + } + }, + "groupNames": [ + "op.exp.1 Asset inventory" + ], + "definitionVersion": "1.*.*-preview" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0a2119c1-f068-4bfe-9f03-db94317e8db9", + "policyDefinitionReferenceId": "MicrosoftManagedControl1855-InventoryOfPersonallyIdentifiableInformation", + "parameters": {}, + "groupNames": [ + "op.exp.1 Asset inventory" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1142b015-2bd7-41e0-8645-a531afe09a1e", + "policyDefinitionReferenceId": "[preview]:ConfigureLinuxVmssToBeAssociatedWithADataCollectionRuleForChangetrackingAndInventory", + "parameters": { + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy')]" + }, + "dcrResourceId": { + "value": "[parameters('dcrResourceId')]" + }, + "listOfApplicableLocations": { + "value": "[parameters('listOfApplicableLocations')]" + } + }, + "groupNames": [ + "op.exp.1 Asset inventory" + ], + "definitionVersion": "1.*.*-preview" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/28cfa30b-7f72-47ce-ba3b-eed26c8d2c82", + "policyDefinitionReferenceId": "MicrosoftManagedControl1224-InformationSystemComponentInventory|UpdatesDuringInstallations/Removals", + "parameters": {}, + "groupNames": [ + "op.exp.1 Asset inventory" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/39c54140-5902-4079-8bb5-ad31936fe764", + "policyDefinitionReferenceId": "MicrosoftManagedControl1228-InformationSystemComponentInventory|AccountabilityInformation", + "parameters": {}, + "groupNames": [ + "op.exp.1 Asset inventory" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4485d24b-a9d3-4206-b691-1fad83bc5007", + "policyDefinitionReferenceId": "[preview]:ConfigureWindowsVmssToInstallAmaForChangetrackingAndInventoryWithUser-assignedManagedIdentity", + "parameters": { + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy')]" + }, + "bringYourOwnUserAssignedManagedIdentity": { + "value": "[parameters('bringYourOwnUserAssignedManagedIdentity')]" + }, + "userAssignedManagedIdentityName": { + "value": "[parameters('userAssignedManagedIdentityName')]" + }, + "userAssignedManagedIdentityResourceGroup": { + "value": "[parameters('userAssignedManagedIdentityResourceGroup')]" + }, + "listOfApplicableLocations": { + "value": "[parameters('listOfApplicableLocations')]" + } + }, + "groupNames": [ + "op.exp.1 Asset inventory" + ], + "definitionVersion": "1.*.*-preview" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/56d0ed2b-60fc-44bf-af81-a78c851b5fe1", + "policyDefinitionReferenceId": "[preview]:ConfigureLinuxVmsToInstallAmaForChangetrackingAndInventoryWithUser-assignedManagedIdentity", + "parameters": { + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy')]" + }, + "bringYourOwnUserAssignedManagedIdentity": { + "value": "[parameters('bringYourOwnUserAssignedManagedIdentity')]" + }, + "userAssignedManagedIdentityName": { + "value": "[parameters('userAssignedManagedIdentityName')]" + }, + "userAssignedManagedIdentityResourceGroup": { + "value": "[parameters('userAssignedManagedIdentityResourceGroup')]" + }, + "listOfApplicableLocations": { + "value": "[parameters('listOfApplicableLocations')]" + } + }, + "groupNames": [ + "op.exp.1 Asset inventory" + ], + "definitionVersion": "1.*.*-preview" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/74520428-3aa8-449c-938d-93f51940759e", + "policyDefinitionReferenceId": "MicrosoftManagedControl1739-InformationSystemInventory", + "parameters": {}, + "groupNames": [ + "op.exp.1 Asset inventory" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8d096fe0-f510-4486-8b4d-d17dc230980b", + "policyDefinitionReferenceId": "MicrosoftManagedControl1225-InformationSystemComponentInventory|AutomatedMaintenance", + "parameters": {}, + "groupNames": [ + "op.exp.1 Asset inventory" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8fd85785-1547-4a4a-bf90-d5483c9571c5", + "policyDefinitionReferenceId": "[preview]:ConfigureWindowsVmssToBeAssociatedWithADataCollectionRuleForChangetrackingAndInventory", + "parameters": { + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy')]" + }, + "dcrResourceId": { + "value": "[parameters('dcrResourceId')]" + }, + "listOfApplicableLocations": { + "value": "[parameters('listOfApplicableLocations')]" + } + }, + "groupNames": [ + "op.exp.1 Asset inventory" + ], + "definitionVersion": "1.*.*-preview" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/952a545c-6dc5-4999-aeb6-51ed27dc7ea5", + "policyDefinitionReferenceId": "MicrosoftManagedControl1854-InventoryOfPersonallyIdentifiableInformation", + "parameters": {}, + "groupNames": [ + "op.exp.1 Asset inventory" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a7acfae7-9497-4a3f-a3b5-a16a50abbe2f", + "policyDefinitionReferenceId": "[preview]:ConfigureWindowsArc-enabledMachinesToInstallAmaForChangetrackingAndInventory", + "parameters": { + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy')]" + }, + "listOfApplicableLocations": { + "value": "[parameters('listOfApplicableLocations')]" + } + }, + "groupNames": [ + "op.exp.1 Asset inventory" + ], + "definitionVersion": "1.*.*-preview" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ad1eeff9-20d7-4c82-a04e-903acab0bfc1", + "policyDefinitionReferenceId": "[preview]:ConfigureWindowsVmsToInstallAmaForChangetrackingAndInventoryWithUser-assignedManagedIdentity", + "parameters": { + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy')]" + }, + "bringYourOwnUserAssignedManagedIdentity": { + "value": "[parameters('bringYourOwnUserAssignedManagedIdentity')]" + }, + "userAssignedManagedIdentityName": { + "value": "[parameters('userAssignedManagedIdentityName')]" + }, + "userAssignedManagedIdentityResourceGroup": { + "value": "[parameters('userAssignedManagedIdentityResourceGroup')]" + }, + "listOfApplicableLocations": { + "value": "[parameters('listOfApplicableLocations')]" + } + }, + "groupNames": [ + "op.exp.1 Asset inventory" + ], + "definitionVersion": "1.*.*-preview" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b6faa975-0add-4f35-8d1c-70bba45c4424", + "policyDefinitionReferenceId": "[preview]:ConfigureWindowsVirtualMachinesToBeAssociatedWithADataCollectionRuleForChangetrackingAndInventory", + "parameters": { + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy')]" + }, + "dcrResourceId": { + "value": "[parameters('dcrResourceId')]" + }, + "listOfApplicableLocations": { + "value": "[parameters('listOfApplicableLocations')]" + } + }, + "groupNames": [ + "op.exp.1 Asset inventory" + ], + "definitionVersion": "1.*.*-preview" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b73e81f3-6303-48ad-9822-b69fc00c15ef", + "policyDefinitionReferenceId": "[preview]:ConfigureLinuxVmssToInstallAmaForChangetrackingAndInventoryWithUser-assignedManagedIdentity", + "parameters": { + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy')]" + }, + "bringYourOwnUserAssignedManagedIdentity": { + "value": "[parameters('bringYourOwnUserAssignedManagedIdentity')]" + }, + "userAssignedManagedIdentityName": { + "value": "[parameters('userAssignedManagedIdentityName')]" + }, + "userAssignedManagedIdentityResourceGroup": { + "value": "[parameters('userAssignedManagedIdentityResourceGroup')]" + }, + "listOfApplicableLocations": { + "value": "[parameters('listOfApplicableLocations')]" + } + }, + "groupNames": [ + "op.exp.1 Asset inventory" + ], + "definitionVersion": "1.*.*-preview" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bef2d677-e829-492d-9a3d-f5a20fda818f", + "policyDefinitionReferenceId": "[preview]:ConfigureLinuxVirtualMachinesToBeAssociatedWithADataCollectionRuleForChangetrackingAndInventory", + "parameters": { + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy')]" + }, + "dcrResourceId": { + "value": "[parameters('dcrResourceId')]" + }, + "listOfApplicableLocations": { + "value": "[parameters('listOfApplicableLocations')]" + } + }, + "groupNames": [ + "op.exp.1 Asset inventory" + ], + "definitionVersion": "1.*.*-preview" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c158eb1c-ae7e-4081-8057-d527140c4e0c", + "policyDefinitionReferenceId": "MicrosoftManagedControl1226-InformationSystemComponentInventory|AutomatedUnauthorizedComponentDetection", + "parameters": {}, + "groupNames": [ + "op.exp.1 Asset inventory" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ef9fe2ce-a588-4edd-829c-6247069dcfdb", + "policyDefinitionReferenceId": "[preview]:ConfigureWindowsArc-enabledMachinesToBeAssociatedWithADataCollectionRuleForChangetrackingAndInventory", + "parameters": { + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy')]" + }, + "dcrResourceId": { + "value": "[parameters('dcrResourceId')]" + }, + "listOfApplicableLocations": { + "value": "[parameters('listOfApplicableLocations')]" + } + }, + "groupNames": [ + "op.exp.1 Asset inventory" + ], + "definitionVersion": "1.*.*-preview" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/fb39e62f-6bda-4558-8088-ec03d5670914", + "policyDefinitionReferenceId": "MicrosoftManagedControl1222-InformationSystemComponentInventory", + "parameters": {}, + "groupNames": [ + "op.exp.1 Asset inventory" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0004bbf0-5099-4179-869e-e9ffe5fb0945", + "policyDefinitionReferenceId": "MicrosoftManagedControl1599-DeveloperConfigurationManagement|Software/FirmwareIntegrityVerification", + "parameters": {}, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "op.mon.3 Monitoring" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/042ba2a1-8bb8-45f4-b080-c78cf62b90e9", + "policyDefinitionReferenceId": "MicrosoftManagedControl1594-DeveloperConfigurationManagement", + "parameters": {}, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "op.mon.3 Monitoring" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/11158848-f679-4e9b-aa7b-9fb07d945071", + "policyDefinitionReferenceId": "MicrosoftManagedControl1230-ConfigurationManagementPlan", + "parameters": {}, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "op.mon.3 Monitoring" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1e0414e7-6ef5-4182-8076-aa82fbb53341", + "policyDefinitionReferenceId": "MicrosoftManagedControl1595-DeveloperConfigurationManagement", + "parameters": {}, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "op.mon.3 Monitoring" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/21e25e01-0ae0-41be-919e-04ce92b8e8b8", + "policyDefinitionReferenceId": "MicrosoftManagedControl1596-DeveloperConfigurationManagement", + "parameters": {}, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "op.mon.3 Monitoring" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/244e0c05-cc45-4fe7-bf36-42dcf01f457d", + "policyDefinitionReferenceId": "MicrosoftManagedControl1231-ConfigurationManagementPlan", + "parameters": {}, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "op.mon.3 Monitoring" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/396ba986-eac1-4d6d-85c4-d3fda6b78272", + "policyDefinitionReferenceId": "MicrosoftManagedControl1232-ConfigurationManagementPlan", + "parameters": {}, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "op.mon.3 Monitoring" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/42a9a714-8fbb-43ac-b115-ea12d2bd652f", + "policyDefinitionReferenceId": "MicrosoftManagedControl1174-ConfigurationManagementPolicyAndProcedures", + "parameters": {}, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "op.mon.3 Monitoring" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/68b250ec-2e4f-4eee-898a-117a9fda7016", + "policyDefinitionReferenceId": "MicrosoftManagedControl1597-DeveloperConfigurationManagement", + "parameters": {}, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "op.mon.3 Monitoring" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6dab4254-c30d-4bb7-ae99-1d21586c063c", + "policyDefinitionReferenceId": "MicrosoftManagedControl1175-ConfigurationManagementPolicyAndProcedures", + "parameters": {}, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "op.mon.3 Monitoring" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9d79001f-95fe-45d0-8736-f217e78c1f57", + "policyDefinitionReferenceId": "MicrosoftManagedControl1233-ConfigurationManagementPlan", + "parameters": {}, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "op.mon.3 Monitoring" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ae7e1f5e-2d63-4b38-91ef-bce14151cce3", + "policyDefinitionReferenceId": "MicrosoftManagedControl1598-DeveloperConfigurationManagement", + "parameters": {}, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "op.mon.3 Monitoring" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b8dad106-6444-5f55-307e-1e1cc9723e39", + "policyDefinitionReferenceId": "EnsureCryptographicMechanismsAreUnderConfigurationManagement", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "op.exp.10 Cryptographic key protection", + "op.mon.3 Monitoring" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0049a6b3-a662-4f3e-8635-39cf44ace45a", + "policyDefinitionReferenceId": "VulnerabilityAssessmentShouldBeEnabledOnYourSynapseWorkspaces", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "op.mon.3 Monitoring" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/090c7b07-b4ed-4561-ad20-e9075f3ccaff", + "policyDefinitionReferenceId": "AzureRegistryContainerImagesShouldHaveVulnerabilitiesResolved(poweredByMicrosoftDefenderVulnerabilityManagement)", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "op.exp.6 Protection against harmful code", + "op.mon.3 Monitoring" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/13ce0167-8ca6-4048-8e6b-f996402e3c1b", + "policyDefinitionReferenceId": "ConfigureMachinesToReceiveAVulnerabilityAssessmentProvider", + "parameters": { + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy')]" + }, + "vaType": { + "value": "[parameters('vaType')]" + } + }, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "op.exp.6 Protection against harmful code", + "op.mon.3 Monitoring" + ], + "definitionVersion": "4.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/17f4b1cc-c55c-4d94-b1f9-2978f6ac2957", + "policyDefinitionReferenceId": "AzureRunningContainerImagesShouldHaveVulnerabilitiesResolved(poweredByMicrosoftDefenderVulnerabilityManagement)", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "op.exp.6 Protection against harmful code", + "op.mon.3 Monitoring" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1b7aa243-30e4-4c9e-bca8-d0d3022b634a", + "policyDefinitionReferenceId": "VulnerabilityAssessmentShouldBeEnabledOnSqlManagedInstance", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "op.mon.3 Monitoring" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9", + "policyDefinitionReferenceId": "AVulnerabilityAssessmentSolutionShouldBeEnabledOnYourVirtualMachines", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "op.mon.3 Monitoring" + ], + "definitionVersion": "3.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5b802722-71dd-a13d-2e7e-231e09589efb", + "policyDefinitionReferenceId": "ImplementPrivilegedAccessForExecutingVulnerabilityScanningActivities", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "op.mon.3 Monitoring" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6ba6d016-e7c3-4842-b8f2-4992ebc0d72d", + "policyDefinitionReferenceId": "SqlServersOnMachinesShouldHaveVulnerabilityFindingsResolved", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "op.mon.3 Monitoring" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/766e621d-ba95-4e43-a6f2-e945db3d7888", + "policyDefinitionReferenceId": "SetupSubscriptionsToTransitionToAnAlternativeVulnerabilityAssessmentSolution", + "parameters": { + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy')]" + }, + "selectedProvider": { + "value": "[parameters('selectedProvider')]" + } + }, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "op.exp.6 Protection against harmful code", + "op.mon.3 Monitoring" + ], + "definitionVersion": "1.*.*-preview" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca", + "policyDefinitionReferenceId": "MicrosoftManagedControl1606-DeveloperSecurityTestingAndEvaluation|ThreatAndVulnerabilityAnalyses", + "parameters": {}, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "op.mon.3 Monitoring" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e3905a3c-97e7-0b4f-15fb-465c0927536f", + "policyDefinitionReferenceId": "CorrelateVulnerabilityScanInformation", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "op.mon.3 Monitoring" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9", + "policyDefinitionReferenceId": "VulnerabilityAssessmentShouldBeEnabledOnYourSqlServers", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "op.mon.3 Monitoring" + ], + "definitionVersion": "3.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/feedbf84-6b99-488c-acc2-71c829aa5ffc", + "policyDefinitionReferenceId": "SqlDatabasesShouldHaveVulnerabilityFindingsResolved", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management", + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "op.mon.3 Monitoring", + "mp.eq.4 Other devices connected to the network", + "mp.com.3 Protection of integrity and authenticity", + "mp.sw.2 Acceptance and commissioning" + ], + "definitionVersion": "4.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/12a4a4dd-6c65-4900-9d7e-63fed5da791e", + "policyDefinitionReferenceId": "MicrosoftManagedControl1834-DataRetentionAndDisposal", + "parameters": {}, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/56a838e0-0a5d-49a8-ab74-bf6be81b32f5", + "policyDefinitionReferenceId": "MicrosoftManagedControl1835-DataRetentionAndDisposal", + "parameters": {}, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5bef3414-50bc-4fc0-b3db-372bb8fe0796", + "policyDefinitionReferenceId": "MicrosoftManagedControl1836-DataRetentionAndDisposal", + "parameters": {}, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d7d66d05-bf34-4555-b5f2-8b749def4098", + "policyDefinitionReferenceId": "MicrosoftManagedControl1837-DataRetentionAndDisposal|SystemConfiguration", + "parameters": {}, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/08c11b48-8745-034d-1c1b-a144feec73b9", + "policyDefinitionReferenceId": "RestrictUseOfOpenSourceSoftware", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0be51298-f643-4556-88af-d7db90794879", + "policyDefinitionReferenceId": "MicrosoftManagedControl1239-User-installedSoftware", + "parameters": {}, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0d87c70b-5012-48e9-994b-e70dd4b8def0", + "policyDefinitionReferenceId": "MicrosoftManagedControl1713-Software&InformationIntegrity|IntegrityChecks", + "parameters": {}, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0dced7ab-9ce5-4137-93aa-14c13e06ab17", + "policyDefinitionReferenceId": "MicrosoftManagedControl1718-Software&InformationIntegrity|BinaryOrMachineExecutableCode", + "parameters": {}, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/129eb39f-d79a-4503-84cd-92f036b5e429", + "policyDefinitionReferenceId": "MicrosoftManagedControl1240-User-installedSoftware", + "parameters": {}, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/22589a07-0007-486a-86ca-95355081ae2a", + "policyDefinitionReferenceId": "MicrosoftManagedControl1221-LeastFunctionality|AuthorizedSoftware/Whitelisting", + "parameters": {}, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2a39ac75-622b-4c88-9a3f-45b7373f7ef7", + "policyDefinitionReferenceId": "MicrosoftManagedControl1219-LeastFunctionality|AuthorizedSoftware/Whitelisting", + "parameters": {}, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44e543aa-41db-42aa-98eb-8a5eb1db53f0", + "policyDefinitionReferenceId": "MicrosoftManagedControl1712-Software&InformationIntegrity", + "parameters": {}, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4ee5975d-2507-5530-a20a-83a725889c6f", + "policyDefinitionReferenceId": "RestrictUnauthorizedSoftwareAndFirmwareInstallation", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/68d2e478-3b19-23eb-1357-31b296547457", + "policyDefinitionReferenceId": "EnforceSoftwareExecutionPrivileges", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef", + "policyDefinitionReferenceId": "MicrosoftManagedControl1717-Software&InformationIntegrity|BinaryOrMachineExecutableCode", + "parameters": {}, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9ba3ed84-c768-4e18-b87c-34ef1aff1b57", + "policyDefinitionReferenceId": "MicrosoftManagedControl1236-SoftwareUsageRestrictions", + "parameters": {}, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1", + "policyDefinitionReferenceId": "MicrosoftManagedControl1238-User-installedSoftware", + "parameters": {}, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b293f881-361c-47ed-b997-bc4e2296bc0b", + "policyDefinitionReferenceId": "MicrosoftManagedControl1234-SoftwareUsageRestrictions", + "parameters": {}, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c40f31a7-81e1-4130-99e5-a02ceea2a1d6", + "policyDefinitionReferenceId": "MicrosoftManagedControl1220-LeastFunctionality|AuthorizedSoftware/Whitelisting", + "parameters": {}, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c49c610b-ece4-44b3-988c-2172b70d6e46", + "policyDefinitionReferenceId": "MicrosoftManagedControl1235-SoftwareUsageRestrictions", + "parameters": {}, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/db28735f-518f-870e-15b4-49623cbe3aa0", + "policyDefinitionReferenceId": "VerifySoftware,FirmwareAndInformationIntegrity", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/dd469ae0-71a8-4adc-aafc-de6949ca3339", + "policyDefinitionReferenceId": "MicrosoftManagedControl1715-Software&InformationIntegrity|AutomatedResponseToIntegrityViolations", + "parameters": {}, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e12494fa-b81e-4080-af71-7dbacc2da0ec", + "policyDefinitionReferenceId": "MicrosoftManagedControl1714-Software&InformationIntegrity|AutomatedNotificationsOfIntegrityViolations", + "parameters": {}, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e54c325e-42a0-4dcf-b105-046e0f6f590f", + "policyDefinitionReferenceId": "MicrosoftManagedControl1716-Software&InformationIntegrity|IntegrationOfDetectionAndResponse", + "parameters": {}, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e80b6812-0bfa-4383-8223-cdd86a46a890", + "policyDefinitionReferenceId": "MicrosoftManagedControl1237-SoftwareUsageRestrictions|OpenSourceSoftware", + "parameters": {}, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/eca4d7b2-65e2-4e04-95d4-c68606b063c3", + "policyDefinitionReferenceId": "MicrosoftManagedControl1241-User-installedSoftware|AlertsForUnauthorizedInstallations", + "parameters": {}, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f110a506-2dcb-422e-bcea-d533fc8c35e2", + "policyDefinitionReferenceId": "AzureMachineLearningComputeInstancesShouldBeRecreatedToGetTheLatestSoftwareUpdates", + "parameters": { + "effects": { + "value": "[parameters('effects')]" + } + }, + "groupNames": [ + "op.exp.2 Security configuration", + "op.exp.3 Security configuration management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/013e242c-8828-4970-87b3-ab247555486d", + "policyDefinitionReferenceId": "AzureBackupShouldBeEnabledForVirtualMachines", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.3 Security configuration management", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means", + "mp.info.6 Backups" + ], + "definitionVersion": "3.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/05938e10-cdbd-4a54-9b2b-1cbcfc141ad0", + "policyDefinitionReferenceId": "MicrosoftManagedControl1132-ProtectionOfAuditInformation|AuditBackupOnSeparatePhysicalSystems/Components", + "parameters": {}, + "groupNames": [ + "op.exp.3 Security configuration management", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/09ce66bc-1220-4153-8104-e3f51c936913", + "policyDefinitionReferenceId": "ConfigureBackupOnVirtualMachinesWithoutAGivenTagToAnExistingRecoveryServicesVaultInTheSameLocation", + "parameters": { + "vaultLocation": { + "value": "[parameters('vaultLocation')]" + }, + "backupPolicyId": { + "value": "[parameters('backupPolicyId')]" + }, + "exclusionTagName": { + "value": "[parameters('exclusionTagName')]" + }, + "exclusionTagValue": { + "value": "[parameters('exclusionTagValue')]" + }, + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingOrExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.3 Security configuration management", + "op.cont.4 Alternative means", + "mp.info.6 Backups" + ], + "definitionVersion": "9.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0a412110-3874-9f22-187a-c7a81c8a6704", + "policyDefinitionReferenceId": "EstablishAlternateStorageSiteToStoreAndRetrieveBackupInformation", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.3 Security configuration management", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means", + "mp.if.1 Separate areas with access control", + "mp.if.3 Fitting-out of premises", + "mp.if.5 Fire protection", + "mp.if.6 Flood protection", + "mp.eq.3 Protection of portable devices", + "mp.eq.4 Other devices connected to the network" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0ec47710-77ff-4a3d-9181-6aa50af424d0", + "policyDefinitionReferenceId": "Geo-redundantBackupShouldBeEnabledForAzureDatabaseForMariadb", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.3 Security configuration management", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/345fa903-145c-4fe1-8bcd-93ec2adccde8", + "policyDefinitionReferenceId": "ConfigureBackupOnVirtualMachinesWithAGivenTagToAnExistingRecoveryServicesVaultInTheSameLocation", + "parameters": { + "vaultLocation": { + "value": "[parameters('vaultLocation')]" + }, + "inclusionTagName": { + "value": "[parameters('inclusionTagName')]" + }, + "inclusionTagValue": { + "value": "[parameters('inclusionTagValue')]" + }, + "backupPolicyId": { + "value": "[parameters('backupPolicyId')]" + }, + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingOrExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.3 Security configuration management", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "9.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/48af4db5-9b8b-401c-8e74-076be876a430", + "policyDefinitionReferenceId": "Geo-redundantBackupShouldBeEnabledForAzureDatabaseForPostgresql", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.3 Security configuration management", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/49dbe627-2c1e-438c-979e-dd7a39bbf81d", + "policyDefinitionReferenceId": "MicrosoftManagedControl1294-InformationSystemBackup|TransferToAlternateStorageSite", + "parameters": {}, + "groupNames": [ + "op.exp.3 Security configuration management", + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912", + "policyDefinitionReferenceId": "MicrosoftManagedControl1291-InformationSystemBackup|TestingForReliability/Integrity", + "parameters": {}, + "groupNames": [ + "op.exp.3 Security configuration management", + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7a724864-956a-496c-b778-637cb1d762cf", + "policyDefinitionReferenceId": "MicrosoftManagedControl1289-InformationSystemBackup", + "parameters": {}, + "groupNames": [ + "op.exp.3 Security configuration management", + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7bdb79ea-16b8-453e-4ca4-ad5b16012414", + "policyDefinitionReferenceId": "TransferBackupInformationToAnAlternateStorageSite", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.3 Security configuration management", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means", + "mp.si.2 Cryptography", + "mp.info.6 Backups" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/819dc6da-289d-476e-8500-7e341ef8677d", + "policyDefinitionReferenceId": "MicrosoftManagedControl1287-InformationSystemBackup", + "parameters": {}, + "groupNames": [ + "op.exp.3 Security configuration management", + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/82339799-d096-41ae-8538-b108becf0970", + "policyDefinitionReferenceId": "Geo-redundantBackupShouldBeEnabledForAzureDatabaseForMysql", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.3 Security configuration management", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/83644c87-93dd-49fe-bf9f-6aff8fd0834e", + "policyDefinitionReferenceId": "ConfigureBackupOnVirtualMachinesWithAGivenTagToANewRecoveryServicesVaultWithADefaultPolicy", + "parameters": { + "inclusionTagName": { + "value": "[parameters('inclusionTagName')]" + }, + "inclusionTagValue": { + "value": "[parameters('inclusionTagValue')]" + }, + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingOrExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.3 Security configuration management", + "op.cont.4 Alternative means", + "mp.info.6 Backups" + ], + "definitionVersion": "9.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/87f7cd82-2e45-4d0f-9e2f-586b0962d142", + "policyDefinitionReferenceId": "MicrosoftManagedControl1293-InformationSystemBackup|SeparateStorageForCriticalInformation", + "parameters": {}, + "groupNames": [ + "op.exp.3 Security configuration management", + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f", + "policyDefinitionReferenceId": "MicrosoftManagedControl1288-InformationSystemBackup", + "parameters": {}, + "groupNames": [ + "op.exp.3 Security configuration management", + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/92f85ce9-17b7-49ea-85ee-ea7271ea6b82", + "policyDefinitionReferenceId": "MicrosoftManagedControl1290-InformationSystemBackup", + "parameters": {}, + "groupNames": [ + "op.exp.3 Security configuration management", + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a9934fd7-29f2-4e6d-ab3d-607ea38e9079", + "policyDefinitionReferenceId": "SqlManagedInstancesShouldAvoidUsingGrsBackupRedundancy", + "parameters": { + "effect": { + "value": "[parameters('effect-DenyResourceRequestByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.3 Security configuration management", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "2.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b219b9cf-f672-4f96-9ab0-f5a3ac5e1c13", + "policyDefinitionReferenceId": "SqlDatabaseShouldAvoidUsingGrsBackupRedundancy", + "parameters": { + "effect": { + "value": "[parameters('effect-DenyResourceRequestByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.3 Security configuration management", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "2.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d03516cf-0293-489f-9b32-a18f2a79f836", + "policyDefinitionReferenceId": "MicrosoftManagedControl1292-InformationSystemBackup|TestRestorationUsingSampling", + "parameters": {}, + "groupNames": [ + "op.exp.3 Security configuration management", + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570", + "policyDefinitionReferenceId": "Long-termGeo-redundantBackupShouldBeEnabledForAzureSqlDatabases", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.3 Security configuration management", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "2.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/fc26e2fd-3149-74b4-5988-d64bb90f8ef7", + "policyDefinitionReferenceId": "SeparatelyStoreBackupInformation", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.3 Security configuration management", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means", + "mp.si.2 Cryptography", + "mp.info.6 Backups" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1fb1cb0e-1936-6f32-42fd-89970b535855", + "policyDefinitionReferenceId": "ManageNonlocalMaintenanceAndDiagnosticActivities", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "op.exp.6 Protection against harmful code", + "mp.eq.2 User session lockout", + "mp.si.3 Custody", + "mp.info.6 Backups" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/74041cfe-3f87-1d17-79ec-34ca5f895542", + "policyDefinitionReferenceId": "ProduceCompleteRecordsOfRemoteMaintenanceActivities", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.4 Security maintenance and updates" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b6ad009f-5c24-1dc0-a25e-74b60e4da45f", + "policyDefinitionReferenceId": "ControlMaintenanceAndRepairActivities", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.4 Security maintenance and updates", + "op.exp.6 Protection against harmful code", + "mp.si.3 Custody", + "mp.info.6 Backups" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b8587fce-138f-86e8-33a3-c60768bf1da6", + "policyDefinitionReferenceId": "AutomateRemoteMaintenanceActivities", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.4 Security maintenance and updates" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/eb598832-4bcc-658d-4381-3ecbe17b9866", + "policyDefinitionReferenceId": "ProvideTimelyMaintenanceSupport", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.4 Security maintenance and updates" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/05ec66a2-137c-14b8-8e75-3d7a2bef07f8", + "policyDefinitionReferenceId": "ImplementPhysicalSecurityForOffices,WorkingAreas,AndSecureAreas", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "mp.if.1 Separate areas with access control", + "mp.if.2 Identification of persons", + "mp.if.3 Fitting-out of premises", + "mp.if.4 Electrical energy", + "mp.if.5 Fire protection", + "mp.if.6 Flood protection", + "mp.if.7 Recording of entries and exits of equipment", + "mp.eq.1 Clear desk", + "mp.eq.2 User session lockout", + "mp.si.4 Transport" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/aa0ddd99-43eb-302d-3f8f-42b499182960", + "policyDefinitionReferenceId": "InstallAnAlarmSystem", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.4 Security maintenance and updates", + "op.exp.5 Change management", + "mp.if.1 Separate areas with access control", + "mp.if.2 Identification of persons", + "mp.if.3 Fitting-out of premises", + "mp.if.5 Fire protection", + "mp.if.6 Flood protection", + "mp.eq.2 User session lockout" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7008174a-fd10-4ef0-817e-fc820a951d73", + "policyDefinitionReferenceId": "AppServiceAppsThatUsePythonShouldUseASpecified'pythonVersion'", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + }, + "WindowsPythonLatestVersion": { + "value": "[parameters('WindowsPythonLatestVersion')]" + }, + "LinuxPythonLatestVersion": { + "value": "[parameters('LinuxPythonLatestVersion')]" + }, + "LinuxPythonVersion": { + "value": "[parameters('LinuxPythonVersion')]" + } + }, + "groupNames": [ + "op.exp.4 Security maintenance and updates" + ], + "definitionVersion": "4.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1cb7bf71-841c-4741-438a-67c65fdd7194", + "policyDefinitionReferenceId": "ProvideSecurityTrainingForNewUsers", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code", + "mp.per.1 Job characterization", + "mp.per.3 Awareness", + "mp.per.4 Training", + "mp.eq.3 Protection of portable devices", + "mp.si.3 Custody", + "mp.s.1 E-mail protection", + "mp.s.3 Protection of web browsing" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4a6f5cbd-6c6b-006f-2bb1-091af1441bce", + "policyDefinitionReferenceId": "ReviewMalwareDetectionsReportWeekly", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/516be556-1353-080d-2c2f-f46f000d5785", + "policyDefinitionReferenceId": "ProvidePeriodicSecurityAwarenessTraining", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code", + "mp.per.1 Job characterization", + "mp.per.3 Awareness", + "mp.per.4 Training", + "mp.eq.3 Protection of portable devices", + "mp.si.3 Custody", + "mp.s.1 E-mail protection", + "mp.s.3 Protection of web browsing" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/63f63e71-6c3f-9add-4c43-64de23e554a7", + "policyDefinitionReferenceId": "ManageGateways", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code", + "op.exp.8 Recording of the activity" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65", + "policyDefinitionReferenceId": "UpdateAntivirusDefinitions", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/fad161f5-5261-401a-22dd-e037bae011bd", + "policyDefinitionReferenceId": "ReviewThreatProtectionStatusWeekly", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/04754ef9-9ae3-4477-bf17-86ef50026304", + "policyDefinitionReferenceId": "ConfigureSqlVirtualMachinesToAutomaticallyInstallMicrosoftDefenderForSqlAndDcrWithAUser-definedLaWorkspace", + "parameters": { + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy')]" + }, + "userWorkspaceResourceId": { + "value": "[parameters('userWorkspaceResourceId')]" + }, + "workspaceRegion": { + "value": "[parameters('workspaceRegion')]" + }, + "userWorkspaceId": { + "value": "[parameters('userWorkspaceId')]" + }, + "enableCollectionOfSqlQueriesForSecurityResearch": { + "value": "[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0a9fbe0d-c5c4-4da8-87d8-f4fd77338835", + "policyDefinitionReferenceId": "AzureDefenderForOpen-sourceRelationalDatabasesShouldBeEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0e6763cc-5078-4e64-889d-ff4d9a839047", + "policyDefinitionReferenceId": "AzureDefenderForKeyVaultShouldBeEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/17bc14a7-92e1-4551-8b8c-80f36953e166", + "policyDefinitionReferenceId": "ConfigureBasicMicrosoftDefenderForStorageToBeEnabled(activityMonitoringOnly)", + "parameters": { + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1c988dd6-ade4-430f-a608-2a3e5b0a6d38", + "policyDefinitionReferenceId": "MicrosoftDefenderForContainersShouldBeEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1f725891-01c0-420a-9059-4fa46cb770b7", + "policyDefinitionReferenceId": "ConfigureMicrosoftDefenderForKeyVaultPlan", + "parameters": { + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2227e1f1-23dd-4c3a-85a9-7024a401d8b2", + "policyDefinitionReferenceId": "ConfigureArc-enabledSqlServersWithDataCollectionRuleAssociationToMicrosoftDefenderForSqlUser-definedDcr", + "parameters": { + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy')]" + }, + "workspaceRegion": { + "value": "[parameters('workspaceRegion')]" + }, + "userWorkspaceId": { + "value": "[parameters('userWorkspaceId')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/242300d6-1bfc-4d64-8d01-cee583709ebd", + "policyDefinitionReferenceId": "ConfigureTheMicrosoftDefenderForSqlLogAnalyticsWorkspace", + "parameters": { + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2913021d-f2fd-4f3d-b958-22354e2bdbcb", + "policyDefinitionReferenceId": "AzureDefenderForAppServiceShouldBeEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code", + "mp.s.3 Protection of web browsing" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/361c2074-3595-4e5d-8cab-4f21dffc835c", + "policyDefinitionReferenceId": "DeployDefenderForStorage(classic)OnStorageAccounts", + "parameters": { + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3810e389-1d92-4f77-9267-33bdcf0bd225", + "policyDefinitionReferenceId": "WindowsMachinesShouldScheduleWindowsDefenderToPerformAScheduledScanEveryDay", + "parameters": { + "IncludeArcMachines": { + "value": "[parameters('IncludeArcMachines-AllowedValuesMustBeInUpperCase')]" + }, + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/44433aa3-7ec2-4002-93ea-65c65ff0310a", + "policyDefinitionReferenceId": "ConfigureAzureDefenderForOpen-sourceRelationalDatabasesToBeEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4da35fc9-c9e7-4960-aec9-797fe7d9051d", + "policyDefinitionReferenceId": "AzureDefenderForServersShouldBeEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/50ea7265-7d8c-429e-9a7d-ca1f410191c3", + "policyDefinitionReferenceId": "ConfigureAzureDefenderForSqlServersOnMachinesToBeEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/63d03cbd-47fd-4ee1-8a1c-9ddf07303de0", + "policyDefinitionReferenceId": "ConfigureArc-enabledSqlServersToAutomaticallyInstallMicrosoftDefenderForSqlAndDcrWithAUser-definedLaWorkspace", + "parameters": { + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy')]" + }, + "userWorkspaceResourceId": { + "value": "[parameters('userWorkspaceResourceId')]" + }, + "workspaceRegion": { + "value": "[parameters('workspaceRegion')]" + }, + "userWorkspaceId": { + "value": "[parameters('userWorkspaceId')]" + }, + "enableCollectionOfSqlQueriesForSecurityResearch": { + "value": "[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/640d2586-54d2-465f-877f-9ffc1d2109f4", + "policyDefinitionReferenceId": "MicrosoftDefenderForStorageShouldBeEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/64def556-fbad-4622-930e-72d1d5589bf5", + "policyDefinitionReferenceId": "ConfigureAzureKubernetesServiceClustersToEnableDefenderProfile", + "parameters": { + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy')]" + }, + "logAnalyticsWorkspaceResourceId": { + "value": "[parameters('logAnalyticsWorkspaceResourceId')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code" + ], + "definitionVersion": "4.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/65503269-6a54-4553-8a28-0065a8e6d929", + "policyDefinitionReferenceId": "ConfigureArc-enabledSqlServersToAutomaticallyInstallMicrosoftDefenderForSql", + "parameters": { + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6581d072-105e-4418-827f-bd446d56421b", + "policyDefinitionReferenceId": "AzureDefenderForSqlServersOnMachinesShouldBeEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/74c30959-af11-47b3-9ed2-a26e03f427a3", + "policyDefinitionReferenceId": "ConfigureMicrosoftDefenderForStorage(classic)ToBeEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7926a6d1-b268-4586-8197-e8ae90c877d7", + "policyDefinitionReferenceId": "MicrosoftDefenderForApisShouldBeEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7fe3b40f-802b-4cdd-8bd4-fd799c948cc2", + "policyDefinitionReferenceId": "AzureDefenderForAzureSqlDatabaseServersShouldBeEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/82bf5b87-728b-4a74-ba4d-6123845cf542", + "policyDefinitionReferenceId": "ConfigureMicrosoftDefenderForAzureCosmosDbToBeEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code", + "op.mon.3 Monitoring" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222", + "policyDefinitionReferenceId": "ConfigureAzureDefenderForServersToBeEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/938c4981-c2c9-4168-9cd6-972b8675f906", + "policyDefinitionReferenceId": "MicrosoftDefenderForSqlStatusShouldBeProtectedForArc-enabledSqlServers", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/951c1558-50a5-4ca3-abb6-a93e3e2367a6", + "policyDefinitionReferenceId": "ConfigureMicrosoftDefenderForSqlToBeEnabledOnSynapseWorkspaces", + "parameters": { + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a1840de2-8088-4ea8-b153-b4c723e9cb01", + "policyDefinitionReferenceId": "AzureKubernetesServiceClustersShouldHaveDefenderProfileEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code" + ], + "definitionVersion": "2.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9", + "policyDefinitionReferenceId": "AzureDefenderForSqlShouldBeEnabledForUnprotectedAzureSqlServers", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code" + ], + "definitionVersion": "2.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9", + "policyDefinitionReferenceId": "AzureDefenderForSqlShouldBeEnabledForUnprotectedSqlManagedInstances", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ac076320-ddcf-4066-b451-6154267e8ad2", + "policyDefinitionReferenceId": "EnableMicrosoftDefenderForCloudOnYourSubscription", + "parameters": {}, + "groupNames": [ + "op.exp.6 Protection against harmful code" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/adbe85b5-83e6-4350-ab58-bf3a4f736e5e", + "policyDefinitionReferenceId": "MicrosoftDefenderForAzureCosmosDbShouldBeEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code", + "op.mon.3 Monitoring" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af9f6c70-eb74-4189-8d15-e4f11a7ebfd4", + "policyDefinitionReferenceId": "DeployExportToEventHubAsATrustedServiceForMicrosoftDefenderForCloudData", + "parameters": { + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy')]" + }, + "resourceGroupName": { + "value": "[parameters('resourceGroupName')]" + }, + "resourceGroupLocation": { + "value": "[parameters('resourceGroupLocation')]" + }, + "createResourceGroup": { + "value": "[parameters('createResourceGroup')]" + }, + "exportedDataTypes": { + "value": "[parameters('exportedDataTypes')]" + }, + "recommendationNames": { + "value": "[parameters('recommendationNames')]" + }, + "recommendationSeverities": { + "value": "[parameters('recommendationSeverities')]" + }, + "isSecurityFindingsEnabled": { + "value": "[parameters('isSecurityFindingsEnabled')]" + }, + "secureScoreControlsNames": { + "value": "[parameters('secureScoreControlsNames')]" + }, + "alertSeverities": { + "value": "[parameters('alertSeverities')]" + }, + "regulatoryComplianceStandardsNames": { + "value": "[parameters('regulatoryComplianceStandardsNames')]" + }, + "eventHubDetails": { + "value": "[parameters('eventHubDetails')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b3248a42-b1c1-41a4-87bc-8bad3d845589", + "policyDefinitionReferenceId": "WindowsMachinesShouldEnableWindowsDefenderReal-timeProtection", + "parameters": { + "IncludeArcMachines": { + "value": "[parameters('IncludeArcMachines-AllowedValuesMustBeInUpperCase')]" + }, + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d", + "policyDefinitionReferenceId": "ConfigureAzureDefenderForAppServiceToBeEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code", + "mp.s.3 Protection of web browsing" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9", + "policyDefinitionReferenceId": "ConfigureAzureDefenderForResourceManagerToBeEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491", + "policyDefinitionReferenceId": "ConfigureAzureDefenderForAzureSqlDatabaseToBeEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bed48b13-6647-468e-aa2f-1af1d3f4dd40", + "policyDefinitionReferenceId": "WindowsDefenderExploitGuardShouldBeEnabledOnYourMachines", + "parameters": { + "IncludeArcMachines": { + "value": "[parameters('IncludeArcMachines-AllowedValuesMustBeInLowerCase')]" + }, + "NotAvailableMachineState": { + "value": "[parameters('NotAvailableMachineState')]" + }, + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code", + "op.mon.1 Intrusion detection" + ], + "definitionVersion": "2.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c3d20c29-b36d-48fe-808b-99a87530ad99", + "policyDefinitionReferenceId": "AzureDefenderForResourceManagerShouldBeEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c5a62eb0-c65a-4220-8a4d-f70dd4ca95dd", + "policyDefinitionReferenceId": "ConfigureAzureDefenderToBeEnabledOnSqlManagedInstances", + "parameters": { + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code" + ], + "definitionVersion": "2.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c859b78a-a128-4376-a838-e97ce6625d16", + "policyDefinitionReferenceId": "ConfigureSqlVirtualMachinesToAutomaticallyInstallMicrosoftDefenderForSqlAndDcrWithALogAnalyticsWorkspace", + "parameters": { + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy')]" + }, + "enableCollectionOfSqlQueriesForSecurityResearch": { + "value": "[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f", + "policyDefinitionReferenceId": "ConfigureMicrosoftDefenderForContainersToBeEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/cbdd12e1-193a-445c-9926-560118c6daaa", + "policyDefinitionReferenceId": "ConfigureArc-enabledSqlServersWithDataCollectionRuleAssociationToMicrosoftDefenderForSqlDcr", + "parameters": { + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/cfdc5972-75b3-4418-8ae1-7f5c36839390", + "policyDefinitionReferenceId": "ConfigureMicrosoftDefenderForStorageToBeEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy')]" + }, + "isOnUploadMalwareScanningEnabled": { + "value": "[parameters('isOnUploadMalwareScanningEnabled')]" + }, + "isSensitiveDataDiscoveryEnabled": { + "value": "[parameters('isSensitiveDataDiscoveryEnabled')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d31e5c31-63b2-4f12-887b-e49456834fa1", + "policyDefinitionReferenceId": "MicrosoftDefenderForSqlShouldBeEnabledForUnprotectedSynapseWorkspaces", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d96163de-dbe0-45ac-b803-0e9ca0f5764e", + "policyDefinitionReferenceId": "WindowsMachinesShouldConfigureWindowsDefenderToUpdateProtectionSignaturesWithinOneDay", + "parameters": { + "IncludeArcMachines": { + "value": "[parameters('IncludeArcMachines-AllowedValuesMustBeInUpperCase')]" + }, + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/da0fd392-9669-4ad4-b32c-ca46aaa6c21f", + "policyDefinitionReferenceId": "ConfigureArc-enabledSqlServersToAutomaticallyInstallMicrosoftDefenderForSqlAndDcrWithALogAnalyticsWorkspace", + "parameters": { + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy')]" + }, + "enableCollectionOfSqlQueriesForSecurityResearch": { + "value": "[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ddca0ddc-4e9d-4bbb-92a1-f7c4dd7ef7ce", + "policyDefinitionReferenceId": "ConfigureSqlVirtualMachinesToAutomaticallyInstallMicrosoftDefenderForSql", + "parameters": { + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy')]" + }, + "workspaceRegion": { + "value": "[parameters('workspaceRegion')]" + }, + "userWorkspaceId": { + "value": "[parameters('userWorkspaceId')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1e378679-f122-4a96-a739-a7729c46e1aa", + "policyDefinitionReferenceId": "CloudServices(extendedSupport)RoleInstancesShouldHaveAnEndpointProtectionSolutionInstalled", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code", + "op.nub.1 Cloud service protection" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1f7c564c-0a90-4d44-b7e1-9d456cffaee8", + "policyDefinitionReferenceId": "EndpointProtectionShouldBeInstalledOnYourMachines", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de", + "policyDefinitionReferenceId": "EndpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code" + ], + "definitionVersion": "3.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8e42c1f2-a2ab-49bc-994a-12bcd0dc4ac2", + "policyDefinitionReferenceId": "EndpointProtectionHealthIssuesShouldBeResolvedOnYourMachines", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", + "policyDefinitionReferenceId": "MonitorMissingEndpointProtectionInAzureSecurityCenter", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.6 Protection against harmful code" + ], + "definitionVersion": "3.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7", + "policyDefinitionReferenceId": "SubscriptionsShouldHaveAContactEmailAddressForSecurityIssues", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/56fb5173-3865-5a5d-5fad-ae33e53e1577", + "policyDefinitionReferenceId": "AddressInformationSecurityIssues", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/febd0533-8e55-448f-b837-bd0e06f16469", + "policyDefinitionReferenceId": "KubernetesClusterContainersShouldOnlyUseAllowedImages", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDenyResourceRequestOrDisablePolicy')]" + }, + "excludedNamespaces": { + "value": "[parameters('excludedNamespaces')]" + }, + "namespaces": { + "value": "[parameters('namespaces')]" + }, + "labelSelector": { + "value": "[parameters('labelSelector')]" + }, + "allowedContainerImagesRegex": { + "value": "[parameters('allowedContainerImagesRegex')]" + }, + "excludedContainers": { + "value": "[parameters('excludedContainers')]" + } + }, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "9.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0b15565f-aa9e-48ba-8619-45960f2c314d", + "policyDefinitionReferenceId": "EmailNotificationToSubscriptionOwnerForHighSeverityAlertsShouldBeEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "2.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899", + "policyDefinitionReferenceId": "EmailNotificationForHighSeverityAlertsShouldBeEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/00379355-8932-4b52-b63a-3bc6daf3451a", + "policyDefinitionReferenceId": "MicrosoftManagedControl1375-IncidentResponseAssistance|AutomationSupportForAvailabilityOfInformation/Support", + "parameters": {}, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/037c0089-6606-2dab-49ad-437005b5035f", + "policyDefinitionReferenceId": "IdentifyIncidentResponsePersonnel", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/03ed3be1-7276-4452-9a5d-e4168565ac67", + "policyDefinitionReferenceId": "MicrosoftManagedControl1361-IncidentHandling", + "parameters": {}, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/05a32666-d134-4842-a8cb-5c299f4bc099", + "policyDefinitionReferenceId": "MicrosoftManagedControl1728-IncidentHandling", + "parameters": {}, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/06c45c30-ae44-4f0f-82be-41331da911cc", + "policyDefinitionReferenceId": "MicrosoftManagedControl1366-IncidentHandling|InformationCorrelation", + "parameters": {}, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/18cc35ed-a429-486d-8d59-cb47e87304ed", + "policyDefinitionReferenceId": "MicrosoftManagedControl1369-IncidentMonitoring", + "parameters": {}, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/25b96717-c912-4c00-9143-4e487f411726", + "policyDefinitionReferenceId": "MicrosoftManagedControl1372-IncidentReporting", + "parameters": {}, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2c7c575a-d4c5-4f6f-bd49-dee97a8cba55", + "policyDefinitionReferenceId": "MicrosoftManagedControl1388-InformationSpillageResponse", + "parameters": {}, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2d5600ed-575a-4723-9ff4-52d694be0a59", + "policyDefinitionReferenceId": "MicrosoftManagedControl1856-PrivacyIncidentResponse", + "parameters": {}, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3545c827-26ee-282d-4629-23952a12008b", + "policyDefinitionReferenceId": "ConductIncidentResponseTesting", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3e495e65-8663-49ca-9b38-9f45e800bc58", + "policyDefinitionReferenceId": "MicrosoftManagedControl1385-InformationSpillageResponse", + "parameters": {}, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4116891d-72f7-46ee-911c-8056cc8dcbd5", + "policyDefinitionReferenceId": "MicrosoftManagedControl1365-IncidentHandling|ContinuityOfOperations", + "parameters": {}, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/435b2547-6374-4f87-b42d-6e8dbe6ae62a", + "policyDefinitionReferenceId": "MicrosoftManagedControl1367-IncidentHandling|InsiderThreats-SpecificCapabilities", + "parameters": {}, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/465f32da-0ace-4603-8d1b-7be5a3a702de", + "policyDefinitionReferenceId": "MicrosoftManagedControl1368-IncidentHandling|CorrelationWithExternalOrganizations", + "parameters": {}, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/47bc7ea0-7d13-4f7c-a154-b903f7194253", + "policyDefinitionReferenceId": "MicrosoftManagedControl1359-IncidentResponseTesting|CoordinationWithRelatedPlans", + "parameters": {}, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/493a95f3-f2e3-47d0-af02-65e6d6decc2f", + "policyDefinitionReferenceId": "MicrosoftManagedControl1376-IncidentResponseAssistance|CoordinationWithExternalProviders", + "parameters": {}, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4c615c2a-dc83-4dda-8220-abce7b50c9bc", + "policyDefinitionReferenceId": "MicrosoftManagedControl1364-IncidentHandling|DynamicReconfiguration", + "parameters": {}, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4cca950f-c3b7-492a-8e8f-ea39663c14f9", + "policyDefinitionReferenceId": "MicrosoftManagedControl1373-IncidentReporting|AutomatedReporting", + "parameters": {}, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5120193e-91fd-4f9d-bc6d-194f94734065", + "policyDefinitionReferenceId": "MicrosoftManagedControl1386-InformationSpillageResponse", + "parameters": {}, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/518cb545-bfa8-43f8-a108-3b7d5037469a", + "policyDefinitionReferenceId": "MicrosoftManagedControl1352-IncidentResponsePolicyAndProcedures", + "parameters": {}, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5d169442-d6ef-439b-8dca-46c2c3248214", + "policyDefinitionReferenceId": "MicrosoftManagedControl1362-IncidentHandling", + "parameters": {}, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/68434bd1-e14b-4031-9edb-a4adf5f84a67", + "policyDefinitionReferenceId": "MicrosoftManagedControl1377-IncidentResponseAssistance|CoordinationWithExternalProviders", + "parameters": {}, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/731856d8-1598-4b75-92de-7d46235747c0", + "policyDefinitionReferenceId": "MicrosoftManagedControl1393-InformationSpillageResponse|ExposureToUnauthorizedPersonnel", + "parameters": {}, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/79fbc228-461c-4a45-9004-a865ca0728a7", + "policyDefinitionReferenceId": "MicrosoftManagedControl1384-InformationSpillageResponse", + "parameters": {}, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/83a214f7-d01a-484b-91a9-ed54470c9a6a", + "policyDefinitionReferenceId": "ResourceLogsInEventHubShouldBeEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + }, + "requiredRetentionDays": { + "value": "[parameters('requiredRetentionDays')]" + } + }, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "5.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/841392b3-40da-4473-b328-4cde49db67b3", + "policyDefinitionReferenceId": "MicrosoftManagedControl1382-IncidentResponsePlan", + "parameters": {}, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86dc819f-15e1-43f9-a271-41ae58d4cecc", + "policyDefinitionReferenceId": "MicrosoftManagedControl1392-InformationSpillageResponse|Post-spillOperations", + "parameters": {}, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8829f8f5-e8be-441e-85c9-85b72a5d0ef3", + "policyDefinitionReferenceId": "MicrosoftManagedControl1356-IncidentResponseTraining|SimulatedEvents", + "parameters": {}, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/89099bee-89e0-4b26-a5f4-165451757743", + "policyDefinitionReferenceId": "SqlServersWithAuditingToStorageAccountDestinationShouldBeConfiguredWith90DaysRetentionOrHigher", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "3.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/90e01f69-3074-4de8-ade7-0fef3e7d83e0", + "policyDefinitionReferenceId": "MicrosoftManagedControl1355-IncidentResponseTraining", + "parameters": {}, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/91a78b24-f231-4a8a-8da9-02c35b2b6510", + "policyDefinitionReferenceId": "AppServiceAppsShouldHaveResourceLogsEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + }, + "requiredRetentionDays": { + "value": "[parameters('requiredRetentionDays')]" + } + }, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "2.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/924e1b2d-c502-478f-bfdb-a7e09a0d5c01", + "policyDefinitionReferenceId": "MicrosoftManagedControl1370-IncidentMonitoring|AutomatedTracking/DataCollection/Analysis", + "parameters": {}, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9442dd2c-a07f-46cd-b55a-553b66ba47ca", + "policyDefinitionReferenceId": "MicrosoftManagedControl1379-IncidentResponsePlan", + "parameters": {}, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9447f354-2c85-4700-93b3-ecdc6cb6a417", + "policyDefinitionReferenceId": "MicrosoftManagedControl1371-IncidentReporting", + "parameters": {}, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/97fceb70-6983-42d0-9331-18ad8253184d", + "policyDefinitionReferenceId": "MicrosoftManagedControl1378-IncidentResponsePlan", + "parameters": {}, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/98e33927-8d7f-6d5f-44f5-2469b40b7215", + "policyDefinitionReferenceId": "ImplementIncidentHandlingCapability", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9fd92c17-163a-4511-bb96-bbb476449796", + "policyDefinitionReferenceId": "MicrosoftManagedControl1354-IncidentResponseTraining", + "parameters": {}, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a2a5b911-5617-447e-a49e-59dbe0e0434b", + "policyDefinitionReferenceId": "ResourceLogsInAzureKeyVaultManagedHsmShouldBeEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + }, + "requiredRetentionDays": { + "value": "[parameters('requiredRetentionDays')]" + } + }, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/afe0c3be-ba3b-4544-ba52-0c99672a8ad6", + "policyDefinitionReferenceId": "ResourceLogsInAzureMachineLearningWorkspacesShouldBeEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + }, + "requiredRetentionDays": { + "value": "[parameters('requiredRetentionDays')]" + } + }, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b4319b7e-ea8d-42ff-8a67-ccd462972827", + "policyDefinitionReferenceId": "MicrosoftManagedControl1380-IncidentResponsePlan", + "parameters": {}, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b4330a05-a843-4bc8-bf9a-cacce50c67f4", + "policyDefinitionReferenceId": "ResourceLogsInSearchServicesShouldBeEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + }, + "requiredRetentionDays": { + "value": "[parameters('requiredRetentionDays')]" + } + }, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "5.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b470a37a-7a47-3792-34dd-7a793140702e", + "policyDefinitionReferenceId": "EstablishRelationshipBetweenIncidentResponseCapabilityAndExternalProviders", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bcfb6683-05e5-4ce6-9723-c3fbe9896bdd", + "policyDefinitionReferenceId": "MicrosoftManagedControl1351-IncidentResponsePolicyAndProcedures", + "parameters": {}, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/be5b05e7-0b82-4ebc-9eda-25e447b1a41e", + "policyDefinitionReferenceId": "MicrosoftManagedControl1360-IncidentHandling", + "parameters": {}, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c39e6fda-ae70-4891-a739-be7bba6d1062", + "policyDefinitionReferenceId": "MicrosoftManagedControl1389-InformationSpillageResponse", + "parameters": {}, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c3b65b63-09ec-4cb5-8028-7dd324d10eb0", + "policyDefinitionReferenceId": "MicrosoftManagedControl1390-InformationSpillageResponse|ResponsiblePersonnel", + "parameters": {}, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c785ad59-f78f-44ad-9a7f-d1202318c748", + "policyDefinitionReferenceId": "MicrosoftManagedControl1353-IncidentResponseTraining", + "parameters": {}, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/cc5c8616-52ef-4e5e-8000-491634ed9249", + "policyDefinitionReferenceId": "MicrosoftManagedControl1374-IncidentResponseAssistance", + "parameters": {}, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/cf820ca0-f99e-4f3e-84fb-66e913812d21", + "policyDefinitionReferenceId": "ResourceLogsInKeyVaultShouldBeEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + }, + "requiredRetentionDays": { + "value": "[parameters('requiredRetentionDays')]" + } + }, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "5.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d4558451-e16a-4d2d-a066-fe12a6282bb9", + "policyDefinitionReferenceId": "MicrosoftManagedControl1383-IncidentResponsePlan", + "parameters": {}, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/dd6ac1a1-660e-4810-baa8-74e868e2ed47", + "policyDefinitionReferenceId": "MicrosoftManagedControl1391-InformationSpillageResponse|Training", + "parameters": {}, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/dd6d00a8-701a-5935-a22b-c7b9c0c698b2", + "policyDefinitionReferenceId": "IsolateSecuridSystems,SecurityIncidentManagementSystems", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e3007185-3857-43a9-8237-06ca94f1084c", + "policyDefinitionReferenceId": "MicrosoftManagedControl1387-InformationSpillageResponse", + "parameters": {}, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e4213689-05e8-4241-9d4e-8dd1cdafd105", + "policyDefinitionReferenceId": "MicrosoftManagedControl1357-IncidentResponseTraining|AutomatedTrainingEnvironments", + "parameters": {}, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e5368258-9684-4567-8126-269f34e65eab", + "policyDefinitionReferenceId": "MicrosoftManagedControl1381-IncidentResponsePlan", + "parameters": {}, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ea3e8156-89a1-45b1-8bd6-938abc79fdfd", + "policyDefinitionReferenceId": "MicrosoftManagedControl1363-IncidentHandling|AutomatedIncidentHandlingProcesses", + "parameters": {}, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/effbaeef-5bf4-400d-895e-ef8cbc0e64c7", + "policyDefinitionReferenceId": "MicrosoftManagedControl1358-IncidentResponseTesting", + "parameters": {}, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/fb845c34-808d-4c17-a0ce-85a530e9164b", + "policyDefinitionReferenceId": "MicrosoftManagedControl1857-PrivacyIncidentResponse", + "parameters": {}, + "groupNames": [ + "op.exp.7 Incident management" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/11ac78e3-31bc-4f0c-8434-37ab963cea07", + "policyDefinitionReferenceId": "DependencyAgentShouldBeEnabledForListedVirtualMachineImages", + "parameters": { + "listOfImageIdToInclude_windows": { + "value": "[parameters('listOfImageIdToInclude_windows')]" + }, + "listOfImageIdToInclude_linux": { + "value": "[parameters('listOfImageIdToInclude_linux')]" + }, + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.8 Recording of the activity", + "mp.info.4 Time stamps" + ], + "definitionVersion": "2.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50", + "policyDefinitionReferenceId": "[preview]:LogAnalyticsExtensionShouldBeEnabledForListedVirtualMachineImages", + "parameters": { + "listOfImageIdToInclude_windows": { + "value": "[parameters('listOfImageIdToInclude_windows')]" + }, + "listOfImageIdToInclude_linux": { + "value": "[parameters('listOfImageIdToInclude_linux')]" + }, + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.8 Recording of the activity" + ], + "definitionVersion": "2.*.*-preview" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138", + "policyDefinitionReferenceId": "LogAnalyticsExtensionShouldBeEnabledInVirtualMachineScaleSetsForListedVirtualMachineImages", + "parameters": { + "listOfImageIdToInclude_windows": { + "value": "[parameters('listOfImageIdToInclude_windows')]" + }, + "listOfImageIdToInclude_linux": { + "value": "[parameters('listOfImageIdToInclude_linux')]" + }, + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.8 Recording of the activity" + ], + "definitionVersion": "2.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/79c75b38-334b-1a69-65e0-a9d929a42f75", + "policyDefinitionReferenceId": "DocumentTheLegalBasisForProcessingPersonalInformation", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.8 Recording of the activity" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7b28ba4f-0a87-46ac-62e1-46b7c09202a8", + "policyDefinitionReferenceId": "MonitorAccountActivity", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.8 Recording of the activity" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7f89b1eb-583c-429a-8828-af049802c1d9", + "policyDefinitionReferenceId": "AuditDiagnosticSettingForSelectedResourceTypes", + "parameters": { + "listOfResourceTypes": { + "value": "[parameters('listOfResourceTypesWithDiagnosticLogsEnabled')]" + }, + "logsEnabled": { + "value": "[parameters('logsEnabled-AllowedValuesMustBeBoolean')]" + }, + "metricsEnabled": { + "value": "[parameters('metricsEnabled-Boolean')]" + } + }, + "groupNames": [ + "op.exp.8 Recording of the activity", + "mp.info.4 Time stamps" + ], + "definitionVersion": "2.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7fc1f0da-0050-19bb-3d75-81ae15940df6", + "policyDefinitionReferenceId": "ProvideMonitoringInformationAsNeeded", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.8 Recording of the activity" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8cd815bf-97e1-5144-0735-11f6ddb50a59", + "policyDefinitionReferenceId": "EnforceAndAuditAccessRestrictions", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.8 Recording of the activity" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8eea8c14-4d93-63a3-0c82-000343ee5204", + "policyDefinitionReferenceId": "ConductAFullTextAnalysisOfLoggedPrivilegedCommands", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.8 Recording of the activity" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9622aaa9-5c49-40e2-5bf8-660b7cd23deb", + "policyDefinitionReferenceId": "AlertPersonnelOfInformationSpillage", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.8 Recording of the activity" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a3e98638-51d4-4e28-910a-60e98c1a756f", + "policyDefinitionReferenceId": "ConfigureAzureAuditCapabilities", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.8 Recording of the activity" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9", + "policyDefinitionReferenceId": "AuditingOnSqlServerShouldBeEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + }, + "setting": { + "value": "[parameters('setting')]" + } + }, + "groupNames": [ + "op.exp.8 Recording of the activity" + ], + "definitionVersion": "2.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a930f477-9dcb-2113-8aa7-45bb6fc90861", + "policyDefinitionReferenceId": "ReviewAndUpdateTheEventsDefinedInAu-02", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.8 Recording of the activity" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ad1d562b-a04b-15d3-6770-ed310b601cb5", + "policyDefinitionReferenceId": "PublishRulesAndRegulationsAccessingPrivacyActRecords", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.8 Recording of the activity" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b2c723e8-a1a0-8e38-5cf1-f5a20ffe4f51", + "policyDefinitionReferenceId": "PublishAccessProceduresInSorns", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.8 Recording of the activity" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b8ec9ebb-5b7f-8426-17c1-2bc3fcd54c6e", + "policyDefinitionReferenceId": "ImplementMethodsForConsumerRequests", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.8 Recording of the activity" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c246d146-82b0-301f-32e7-1065dcd248b7", + "policyDefinitionReferenceId": "ReviewChangesForAnyUnauthorizedChanges", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.8 Recording of the activity" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d9af7f88-686a-5a8b-704b-eafdab278977", + "policyDefinitionReferenceId": "ObtainLegalOpinionForMonitoringSystemActivities", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.8 Recording of the activity" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e2dd799a-a932-4e9d-ac17-d473bc3c6c10", + "policyDefinitionReferenceId": "DependencyAgentShouldBeEnabledInVirtualMachineScaleSetsForListedVirtualMachineImages", + "parameters": { + "listOfImageIdToInclude_windows": { + "value": "[parameters('listOfImageIdToInclude_windows')]" + }, + "listOfImageIdToInclude_linux": { + "value": "[parameters('listOfImageIdToInclude_linux')]" + }, + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.8 Recording of the activity" + ], + "definitionVersion": "2.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e4e1f896-8a93-1151-43c7-0ad23b081ee2", + "policyDefinitionReferenceId": "Authorize,Monitor,AndControlVoip", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.8 Recording of the activity" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1ee4c7eb-480a-0007-77ff-4ba370776266", + "policyDefinitionReferenceId": "UseSystemClocksForAuditRecords", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.8 Recording of the activity", + "mp.info.4 Time stamps" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/214ea241-010d-8926-44cc-b90a96d52adc", + "policyDefinitionReferenceId": "CompileAuditRecordsIntoSystemWideAudit", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.8 Recording of the activity", + "mp.info.4 Time stamps" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/245fc9df-fa96-4414-9a0b-3738c2f7341c", + "policyDefinitionReferenceId": "ResourceLogsInAzureKubernetesServiceShouldBeEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + }, + "requiredRetentionDays": { + "value": "[parameters('requiredRetentionDays')]" + } + }, + "groupNames": [ + "op.exp.8 Recording of the activity" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/383856f8-de7f-44a2-81fc-e5135b5c2aa4", + "policyDefinitionReferenceId": "ResourceLogsInIotHubShouldBeEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + }, + "requiredRetentionDays": { + "value": "[parameters('requiredRetentionDays')]" + } + }, + "groupNames": [ + "op.exp.8 Recording of the activity" + ], + "definitionVersion": "3.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/428256e6-1fac-4f48-a757-df34c2b3336d", + "policyDefinitionReferenceId": "ResourceLogsInBatchAccountsShouldBeEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + }, + "requiredRetentionDays": { + "value": "[parameters('requiredRetentionDays')]" + } + }, + "groupNames": [ + "op.exp.8 Recording of the activity" + ], + "definitionVersion": "5.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/529ea018-6afc-4ed4-95bd-7c9ee47b00bc", + "policyDefinitionReferenceId": "SynapseWorkspacesWithSqlAuditingToStorageAccountDestinationShouldBeConfiguredWith90DaysRetentionOrHigher", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.8 Recording of the activity" + ], + "definitionVersion": "2.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c95c74d9-38fe-4f0d-af86-0c7d626a315c", + "policyDefinitionReferenceId": "ResourceLogsInDataLakeAnalyticsShouldBeEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + }, + "requiredRetentionDays": { + "value": "[parameters('requiredRetentionDays')]" + } + }, + "groupNames": [ + "op.exp.8 Recording of the activity" + ], + "definitionVersion": "5.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d639b3af-a535-4bef-8dcf-15078cddf5e2", + "policyDefinitionReferenceId": "AppServiceAppSlotsShouldHaveResourceLogsEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + }, + "requiredRetentionDays": { + "value": "[parameters('requiredRetentionDays')]" + } + }, + "groupNames": [ + "op.exp.8 Recording of the activity" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d9f1f9a9-8795-49f9-9e7b-e11db14caeb2", + "policyDefinitionReferenceId": "AzureSignalrServiceShouldEnableDiagnosticLogs", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.8 Recording of the activity" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ee8a7be2-e9b5-47b9-9d37-d9b141ea78a4", + "policyDefinitionReferenceId": "AzureWebPubsubServiceShouldEnableDiagnosticLogs", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.8 Recording of the activity", + "mp.s.3 Protection of web browsing" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f8d36e2f-389b-4ee4-898d-21aeb69a0f45", + "policyDefinitionReferenceId": "ResourceLogsInServiceBusShouldBeEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + }, + "requiredRetentionDays": { + "value": "[parameters('requiredRetentionDays')]" + } + }, + "groupNames": [ + "op.exp.8 Recording of the activity" + ], + "definitionVersion": "5.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f9be5368-9bf5-4b84-9e0a-7850da98bb46", + "policyDefinitionReferenceId": "ResourceLogsInAzureStreamAnalyticsShouldBeEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + }, + "requiredRetentionDays": { + "value": "[parameters('requiredRetentionDays')]" + } + }, + "groupNames": [ + "op.exp.8 Recording of the activity" + ], + "definitionVersion": "5.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7", + "policyDefinitionReferenceId": "DefineAPhysicalKeyManagementProcess", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.10 Cryptographic key protection", + "mp.if.1 Separate areas with access control", + "mp.if.2 Identification of persons", + "mp.if.3 Fitting-out of premises", + "mp.if.5 Fire protection", + "mp.if.6 Flood protection", + "mp.if.7 Recording of entries and exits of equipment", + "mp.eq.1 Clear desk", + "mp.si.4 Transport" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7a0ecd94-3699-5273-76a5-edb8499f655a", + "policyDefinitionReferenceId": "DetermineAssertionRequirements", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.10 Cryptographic key protection" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8d140e8b-76c7-77de-1d46-ed1b2e112444", + "policyDefinitionReferenceId": "RestrictAccessToPrivateKeys", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.10 Cryptographic key protection" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/97d91b33-7050-237b-3e23-a77d57d84e13", + "policyDefinitionReferenceId": "IssuePublicKeyCertificates", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.10 Cryptographic key protection" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9c276cf3-596f-581a-7fbd-f5e46edaa0f4", + "policyDefinitionReferenceId": "ManageSymmetricCryptographicKeys", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.10 Cryptographic key protection" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d661e9eb-4e15-5ba1-6f02-cdc467db0d6c", + "policyDefinitionReferenceId": "DefineOrganizationalRequirementsForCryptographicKeyManagement", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.10 Cryptographic key protection" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0aa61e00-0a01-4a3c-9945-e93cffedf0e6", + "policyDefinitionReferenceId": "AzureContainerInstanceContainerGroupShouldUseCustomer-managedKeyForEncryption", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.10 Cryptographic key protection" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/10c3a1b1-29b0-a2d5-8f4c-a284b0f07830", + "policyDefinitionReferenceId": "ImplementCryptographicMechanisms", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.10 Cryptographic key protection" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/16c54e01-9e65-7524-7c33-beda48a75779", + "policyDefinitionReferenceId": "Produce,ControlAndDistributeSymmetricCryptographicKeys", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.10 Cryptographic key protection" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6d8d492c-dd7a-46f7-a723-fa66a425b87c", + "policyDefinitionReferenceId": "MicrosoftManagedControl1643-CryptographicKeyEstablishmentAndManagement", + "parameters": {}, + "groupNames": [ + "op.exp.10 Cryptographic key protection" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25", + "policyDefinitionReferenceId": "StorageAccountsShouldUseCustomer-managedKeyForEncryption", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.10 Cryptographic key protection" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7c322315-e26d-4174-a99e-f49d351b4688", + "policyDefinitionReferenceId": "TableStorageShouldUseCustomer-managedKeyForEncryption", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDenyResourceRequestOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.10 Cryptographic key protection" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/90b60a09-133d-45bc-86ef-b206a6134bbe", + "policyDefinitionReferenceId": "MicrosoftManagedControl1133-ProtectionOfAuditInformation|CryptographicProtection", + "parameters": {}, + "groupNames": [ + "op.exp.10 Cryptographic key protection" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a2cdf6b8-9505-4619-b579-309ba72037ac", + "policyDefinitionReferenceId": "MicrosoftManagedControl1664-ProtectionOfInformationAtRest|CryptographicProtection", + "parameters": {}, + "groupNames": [ + "op.exp.10 Cryptographic key protection" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a7211477-c970-446b-b4af-062f37461147", + "policyDefinitionReferenceId": "MicrosoftManagedControl1644-CryptographicKeyEstablishmentAndManagement|Availability", + "parameters": {}, + "groupNames": [ + "op.exp.10 Cryptographic key protection" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/afbd0baf-ff1a-4447-a86f-088a97347c0c", + "policyDefinitionReferenceId": "MicrosoftManagedControl1645-CryptographicKeyEstablishmentAndManagement|SymmetricKeys", + "parameters": {}, + "groupNames": [ + "op.exp.10 Cryptographic key protection" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b6747bf9-2b97-45b8-b162-3c8becb9937d", + "policyDefinitionReferenceId": "MicrosoftManagedControl1419-RemoteMaintenance|CryptographicProtection", + "parameters": {}, + "groupNames": [ + "op.exp.10 Cryptographic key protection" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d39d4f68-7346-4133-8841-15318a714a24", + "policyDefinitionReferenceId": "MicrosoftManagedControl1641-TransmissionConfidentialityAndIntegrity|CryptographicOrAlternatePhysicalProtection", + "parameters": {}, + "groupNames": [ + "op.exp.10 Cryptographic key protection" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f0e5abd0-2554-4736-b7c0-4ffef23475ef", + "policyDefinitionReferenceId": "QueueStorageShouldUseCustomer-managedKeyForEncryption", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDenyResourceRequestOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.10 Cryptographic key protection" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f86aa129-7c07-4aa4-bbf5-792d93ffd9ea", + "policyDefinitionReferenceId": "MicrosoftManagedControl1345-CryptographicModuleAuthentication", + "parameters": {}, + "groupNames": [ + "op.exp.10 Cryptographic key protection" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0", + "policyDefinitionReferenceId": "KeyVaultKeysShouldHaveAnExpirationDate", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDenyResourceRequestOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.10 Cryptographic key protection" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1d478a74-21ba-4b9f-9d8f-8e6fced0eec5", + "policyDefinitionReferenceId": "[preview]:AzureKeyVaultManagedHsmKeysShouldHaveAnExpirationDate", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDenyResourceRequestOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.10 Cryptographic key protection" + ], + "definitionVersion": "1.*.*-preview" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/587c79fe-dd04-4a5e-9d0b-f89598c7261b", + "policyDefinitionReferenceId": "KeysShouldBeBackedByAHardwareSecurityModule(hsm)", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDenyResourceRequestOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.10 Cryptographic key protection" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/75c4f823-d65c-4f29-a733-01d0077fdbcb", + "policyDefinitionReferenceId": "KeysShouldBeTheSpecifiedCryptographicTypeRsaOrEc", + "parameters": { + "allowedKeyTypes": { + "value": "[parameters('allowedKeyTypes')]" + }, + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDenyResourceRequestOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.exp.10 Cryptographic key protection" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b73b7b3b-677c-4a2a-b949-ad4dc4acd89f", + "policyDefinitionReferenceId": "MicrosoftManagedControl1608-SupplyChainProtection", + "parameters": {}, + "groupNames": [ + "op.ext.3 Protection of supply chain" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/15fdbc87-8a47-4ee9-a2aa-9a2ea1f37554", + "policyDefinitionReferenceId": "LogAnalyticsAgentShouldBeInstalledOnYourCloudServices(extendedSupport)RoleInstances", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.nub.1 Cloud service protection" + ], + "definitionVersion": "2.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4df26ba8-026d-45b0-9521-bffa44d741d2", + "policyDefinitionReferenceId": "CloudServices(extendedSupport)RoleInstancesShouldHaveSystemUpdatesInstalled", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.nub.1 Cloud service protection" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a0c11ca4-5828-4384-a2f2-fd7444dd5b4d", + "policyDefinitionReferenceId": "CloudServices(extendedSupport)RoleInstancesShouldBeConfiguredSecurely", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.nub.1 Cloud service protection" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/01f7726b-db54-45c2-bcb5-9bd7a43796ee", + "policyDefinitionReferenceId": "MicrosoftManagedControl1285-TelecommunicationsServices|ProviderContingencyPlan", + "parameters": {}, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0afce0b3-dd9f-42bb-af28-1e4284ba8311", + "policyDefinitionReferenceId": "MicrosoftManagedControl1253-ContingencyPlan|ResumeEssentialMissions/BusinessFunctions", + "parameters": {}, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/19b9439d-865d-4474-b17d-97d2702fdb66", + "policyDefinitionReferenceId": "MicrosoftManagedControl1269-AlternateStorageSite|SeparationFromPrimarySite", + "parameters": {}, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/232ab24b-810b-4640-9019-74a7d0d6a980", + "policyDefinitionReferenceId": "MicrosoftManagedControl1256-ContingencyPlan|IdentifyCriticalAssets", + "parameters": {}, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/23f6e984-3053-4dfc-ab48-543b764781f5", + "policyDefinitionReferenceId": "MicrosoftManagedControl1268-AlternateStorageSite", + "parameters": {}, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2aee175f-cd16-4825-939a-a85349d96210", + "policyDefinitionReferenceId": "MicrosoftManagedControl1274-AlternateProcessingSite", + "parameters": {}, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/34042a97-ec6d-4263-93d2-8c1c46823b2a", + "policyDefinitionReferenceId": "MicrosoftManagedControl1282-TelecommunicationsServices|SinglePointsOfFailure", + "parameters": {}, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/398eb61e-8111-40d5-a0c9-003df28f1753", + "policyDefinitionReferenceId": "MicrosoftManagedControl1246-ContingencyPlan", + "parameters": {}, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3b4a3eb2-c25d-40bf-ad41-5094b6f59cee", + "policyDefinitionReferenceId": "MicrosoftManagedControl1266-ContingencyPlanTesting|AlternateProcessingSite", + "parameters": {}, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/41472613-3b05-49f6-8fe8-525af113ce17", + "policyDefinitionReferenceId": "MicrosoftManagedControl1263-ContingencyPlanTesting", + "parameters": {}, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/42254fc4-2738-4128-9613-72aaa4f0d9c3", + "policyDefinitionReferenceId": "MicrosoftManagedControl1260-ContingencyTraining|SimulatedEvents", + "parameters": {}, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4e666db5-b2ef-4b06-aac6-09bfce49151b", + "policyDefinitionReferenceId": "MicrosoftManagedControl1247-ContingencyPlan", + "parameters": {}, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4e97ba1d-be5d-4953-8da4-0cccf28f4805", + "policyDefinitionReferenceId": "MicrosoftManagedControl1267-AlternateStorageSite", + "parameters": {}, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/50fc602d-d8e0-444b-a039-ad138ee5deb0", + "policyDefinitionReferenceId": "MicrosoftManagedControl1248-ContingencyPlan", + "parameters": {}, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/53c76a39-2097-408a-b237-b279f7b4614d", + "policyDefinitionReferenceId": "MicrosoftManagedControl1270-AlternateStorageSite|RecoveryTime/PointObjectives", + "parameters": {}, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5d3abfea-a130-1208-29c0-e57de80aa6b0", + "policyDefinitionReferenceId": "ReviewTheResultsOfContingencyPlanTesting", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means", + "mp.if.4 Electrical energy" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5e2b3730-8c14-4081-8893-19dbb5de7348", + "policyDefinitionReferenceId": "MicrosoftManagedControl1251-ContingencyPlan|CoordinateWithRelatedPlans", + "parameters": {}, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/65aeceb5-a59c-4cb1-8d82-9c474be5d431", + "policyDefinitionReferenceId": "MicrosoftManagedControl1261-ContingencyPlanTesting", + "parameters": {}, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6a13a8f8-c163-4b1b-8554-d63569dab937", + "policyDefinitionReferenceId": "MicrosoftManagedControl1244-ContingencyPlan", + "parameters": {}, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/704e136a-4fe0-427c-b829-cd69957f5d2b", + "policyDefinitionReferenceId": "MicrosoftManagedControl1254-ContingencyPlan|ResumeAllMissions/BusinessFunctions", + "parameters": {}, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7814506c-382c-4d33-a142-249dd4a0dbff", + "policyDefinitionReferenceId": "MicrosoftManagedControl1258-ContingencyTraining", + "parameters": {}, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0", + "policyDefinitionReferenceId": "MicrosoftManagedControl1279-TelecommunicationsServices", + "parameters": {}, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/831e510e-db41-4c72-888e-a0621ab62265", + "policyDefinitionReferenceId": "MicrosoftManagedControl1262-ContingencyPlanTesting", + "parameters": {}, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8bfdbaa6-6824-3fec-9b06-7961bf7389a6", + "policyDefinitionReferenceId": "InitiateContingencyPlanTestingCorrectiveActions", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means", + "mp.if.4 Electrical energy" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8dc459b3-0e77-45af-8d71-cfd8c9654fe2", + "policyDefinitionReferenceId": "MicrosoftManagedControl1281-TelecommunicationsServices|PriorityOfServiceProvisions", + "parameters": {}, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8de614d8-a8b7-4f70-a62a-6d37089a002c", + "policyDefinitionReferenceId": "MicrosoftManagedControl1250-ContingencyPlan", + "parameters": {}, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8e5ef485-9e16-4c53-a475-fbb8107eac59", + "policyDefinitionReferenceId": "MicrosoftManagedControl1278-AlternateProcessingSite|PreparationForUse", + "parameters": {}, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/93fd8af1-c161-4bae-9ba9-f62731f76439", + "policyDefinitionReferenceId": "MicrosoftManagedControl1297-InformationSystemRecoveryAndReconstitution|RestoreWithinTimePeriod", + "parameters": {}, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/942b3e97-6ae3-410e-a794-c9c999b97c0b", + "policyDefinitionReferenceId": "MicrosoftManagedControl1284-TelecommunicationsServices|ProviderContingencyPlan", + "parameters": {}, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9c954fcf-6dd8-81f1-41b5-832ae5c62caf", + "policyDefinitionReferenceId": "IncorporateSimulatedContingencyTraining", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9d9e18f7-bad9-4d30-8806-a0c9d5e26208", + "policyDefinitionReferenceId": "MicrosoftManagedControl1259-ContingencyTraining", + "parameters": {}, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a0e45314-57b8-4623-80cd-bbb561f59516", + "policyDefinitionReferenceId": "MicrosoftManagedControl1245-ContingencyPlan", + "parameters": {}, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a18adb5b-1db6-4a5b-901a-7d3797d12972", + "policyDefinitionReferenceId": "MicrosoftManagedControl1265-ContingencyPlanTesting|AlternateProcessingSite", + "parameters": {}, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a23d9d53-ad2e-45ef-afd5-e6d10900a737", + "policyDefinitionReferenceId": "MicrosoftManagedControl1275-AlternateProcessingSite|SeparationFromPrimarySite", + "parameters": {}, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a895fbdb-204d-4302-9689-0a59dc42b3d9", + "policyDefinitionReferenceId": "MicrosoftManagedControl1295-InformationSystemRecoveryAndReconstitution", + "parameters": {}, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a9172e76-7f56-46e9-93bf-75d69bdb5491", + "policyDefinitionReferenceId": "MicrosoftManagedControl1283-TelecommunicationsServices|SeparationOfPrimary/AlternateProviders", + "parameters": {}, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8", + "policyDefinitionReferenceId": "MicrosoftManagedControl1272-AlternateProcessingSite", + "parameters": {}, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b4f9b47a-2116-4e6f-88db-4edbf22753f1", + "policyDefinitionReferenceId": "MicrosoftManagedControl1286-TelecommunicationsServices|ProviderContingencyPlan", + "parameters": {}, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b958b241-4245-4bd6-bd2d-b8f0779fb543", + "policyDefinitionReferenceId": "MicrosoftManagedControl1257-ContingencyTraining", + "parameters": {}, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ba99d512-3baa-1c38-8b0b-ae16bbd34274", + "policyDefinitionReferenceId": "TestContingencyPlanAtAnAlternateProcessingLocation", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ca9a4469-d6df-4ab2-a42f-1213c396f0ec", + "policyDefinitionReferenceId": "MicrosoftManagedControl1243-ContingencyPlanningPolicyAndProcedures", + "parameters": {}, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/cf3b3293-667a-445e-a722-fa0b0afc0958", + "policyDefinitionReferenceId": "MicrosoftManagedControl1242-ContingencyPlanningPolicyAndProcedures", + "parameters": {}, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d3bf4251-0818-42db-950b-afd5b25a51c2", + "policyDefinitionReferenceId": "MicrosoftManagedControl1249-ContingencyPlan", + "parameters": {}, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/da3bfb53-9c46-4010-b3db-a7ba1296dada", + "policyDefinitionReferenceId": "MicrosoftManagedControl1271-AlternateStorageSite|Accessibility", + "parameters": {}, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/dc43e829-3d50-4a0a-aa0f-428d551862aa", + "policyDefinitionReferenceId": "MicrosoftManagedControl1277-AlternateProcessingSite|PriorityOfService", + "parameters": {}, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/dd280d4b-50a1-42fb-a479-ece5878acf19", + "policyDefinitionReferenceId": "MicrosoftManagedControl1264-ContingencyPlanTesting|CoordinateWithRelatedPlans", + "parameters": {}, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/de936662-13dc-204c-75ec-1af80f994088", + "policyDefinitionReferenceId": "ProvideContingencyTraining", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means", + "mp.per.1 Job characterization", + "mp.per.3 Awareness", + "mp.per.4 Training", + "mp.eq.3 Protection of portable devices", + "mp.si.3 Custody", + "mp.s.1 E-mail protection", + "mp.s.3 Protection of web browsing" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e214e563-1206-4a43-a56b-ac5880c9c571", + "policyDefinitionReferenceId": "MicrosoftManagedControl1276-AlternateProcessingSite|Accessibility", + "parameters": {}, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e57b98a0-a011-4956-a79d-5d17ed8b8e48", + "policyDefinitionReferenceId": "MicrosoftManagedControl1296-InformationSystemRecoveryAndReconstitution|TransactionRecovery", + "parameters": {}, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e77fcbf2-a1e8-44f1-860e-ed6583761e65", + "policyDefinitionReferenceId": "MicrosoftManagedControl1273-AlternateProcessingSite", + "parameters": {}, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f3793f5e-937f-44f7-bfba-40647ef3efa0", + "policyDefinitionReferenceId": "MicrosoftManagedControl1255-ContingencyPlan|ContinueEssentialMissions/BusinessFunctions", + "parameters": {}, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/fa108498-b3a8-4ffb-9e79-1107e76afad3", + "policyDefinitionReferenceId": "MicrosoftManagedControl1280-TelecommunicationsServices|PriorityOfServiceProvisions", + "parameters": {}, + "groupNames": [ + "op.cont.1 Impact analysis", + "op.cont.2 Continuity plan", + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2514263b-bc0d-4b06-ac3e-f262c0979018", + "policyDefinitionReferenceId": "[preview]:ImmutabilityMustBeEnabledForBackupVaults", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDisablePolicy')]" + }, + "checkLockedImmutabiltyOnly": { + "value": "[parameters('checkLockedImmutabiltyOnly')]" + } + }, + "groupNames": [ + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*-preview" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2e94d99a-8a36-4563-bc77-810d8893b671", + "policyDefinitionReferenceId": "[preview]:AzureRecoveryServicesVaultsShouldUseCustomer-managedKeysForEncryptingBackupData", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDenyResourceRequestOrDisablePolicy')]" + }, + "enableDoubleEncryption": { + "value": "[parameters('enableDoubleEncryption')]" + } + }, + "groupNames": [ + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*-preview" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4d479a11-f2b5-4f0a-bb1e-d2332aa95cda", + "policyDefinitionReferenceId": "[preview]:DisableCrossSubscriptionRestoreForBackupVaults", + "parameters": { + "effect": { + "value": "[parameters('effect-ModifySubscriptionOrResourceByDefaultOrDisablePolicyOrDenyResourceRequest')]" + }, + "crossSubscriptionRestoreState": { + "value": "[parameters('crossSubscriptionRestoreState')]" + }, + "crossSubscriptionRestoreStateParameter": { + "value": "[parameters('crossSubscriptionRestoreStateParameter')]" + } + }, + "groupNames": [ + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*-preview" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8015d6ed-3641-4534-8d0b-5c67b67ff7de", + "policyDefinitionReferenceId": "[preview]:ConfigureRecoveryServicesVaultsToUsePrivateEndpointsForBackup", + "parameters": { + "privateEndpointSubnetId": { + "value": "[parameters('privateEndpointSubnetId')]" + }, + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*-preview" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9798d31d-6028-4dee-8643-46102185c016", + "policyDefinitionReferenceId": "[preview]:SoftDeleteShouldBeEnabledForBackupVaults", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDisablePolicy')]" + }, + "checkAlwaysOnSoftDeleteOnly": { + "value": "[parameters('checkAlwaysOnSoftDeleteOnly')]" + } + }, + "groupNames": [ + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*-preview" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/98d0b9f8-fd90-49c9-88e2-d3baf3b0dd86", + "policyDefinitionReferenceId": "ConfigureBackupOnVirtualMachinesWithoutAGivenTagToANewRecoveryServicesVaultWithADefaultPolicy", + "parameters": { + "exclusionTagName": { + "value": "[parameters('exclusionTagName')]" + }, + "exclusionTagValue": { + "value": "[parameters('exclusionTagValue')]" + }, + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingOrExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "9.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af783da1-4ad1-42be-800d-d19c70038820", + "policyDefinitionReferenceId": "[preview]:ConfigureRecoveryServicesVaultsToUsePrivateDnsZonesForBackup", + "parameters": { + "privateDnsZone-Backup": { + "value": "[parameters('privateDnsZone-Backup')]" + }, + "privateDnsZone-Blob": { + "value": "[parameters('privateDnsZone-Blob')]" + }, + "privateDnsZone-Queue": { + "value": "[parameters('privateDnsZone-Queue')]" + }, + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*-preview" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d6f6f560-14b7-49a4-9fc8-d2c3a9807868", + "policyDefinitionReferenceId": "[preview]:ImmutabilityMustBeEnabledForRecoveryServicesVaults", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDisablePolicy')]" + }, + "checkLockedImmutabilityOnly": { + "value": "[parameters('checkLockedImmutabilityOnly')]" + } + }, + "groupNames": [ + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "1.*.*-preview" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/deeddb44-9f94-4903-9fa0-081d524406e3", + "policyDefinitionReferenceId": "[preview]:AzureRecoveryServicesVaultsShouldUsePrivateLinkForBackup", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.cont.3 Periodic tests", + "op.cont.4 Alternative means" + ], + "definitionVersion": "2.*.*-preview" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/615b01c4-d565-4f6f-8c6e-d130268e3a1a", + "policyDefinitionReferenceId": "[preview]:ConfigureBackupForBlobsOnStorageAccountsWithAGivenTagToAnExistingBackupVaultInTheSameRegion", + "parameters": { + "vaultLocation": { + "value": "[parameters('vaultLocation')]" + }, + "backupPolicyId": { + "value": "[parameters('backupPolicyId')]" + }, + "inclusionTagName": { + "value": "[parameters('inclusionTagName')]" + }, + "inclusionTagValues": { + "value": "[parameters('inclusionTagValues')]" + }, + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrEnableRelatedResourceAuditingOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.cont.4 Alternative means", + "mp.info.6 Backups" + ], + "definitionVersion": "2.*.*-preview" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/958dbd4e-0e20-4385-a082-d3f20c2a6ad8", + "policyDefinitionReferenceId": "[preview]:ConfigureBlobBackupForAllStorageAccountsThatDoNotContainAGivenTagToABackupVaultInTheSameRegion", + "parameters": { + "vaultLocation": { + "value": "[parameters('vaultLocation')]" + }, + "backupPolicyId": { + "value": "[parameters('backupPolicyId')]" + }, + "exclusionTagName": { + "value": "[parameters('exclusionTagName')]" + }, + "exclusionTagValues": { + "value": "[parameters('exclusionTagValues')]" + }, + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrEnableRelatedResourceAuditingOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.cont.4 Alternative means", + "mp.info.6 Backups" + ], + "definitionVersion": "2.*.*-preview" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/66632c7c-d0b3-4945-a8ae-e5c62cbea386", + "policyDefinitionReferenceId": "MicrosoftManagedControl1829-DataIntegrityAndDataIntegrityBoard|PublishAgreementsOnWebsite", + "parameters": {}, + "groupNames": [ + "op.mon.1 Intrusion detection", + "mp.s.3 Protection of web browsing" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c3e4fa5d-c0c4-46c4-9a13-bb9b9f0b003f", + "policyDefinitionReferenceId": "MicrosoftManagedControl1865-SystemOfRecordsNoticesAndPrivacyActStatements|PublicWebsitePublication", + "parameters": {}, + "groupNames": [ + "op.mon.1 Intrusion detection", + "mp.s.3 Protection of web browsing" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/cdcb825f-a0fb-31f9-29c1-ab566718499a", + "policyDefinitionReferenceId": "PublishComputerMatchingAgreementsOnPublicWebsite", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.mon.1 Intrusion detection", + "mp.s.3 Protection of web browsing" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/13fcf812-ec82-4eda-9b89-498de9efd620", + "policyDefinitionReferenceId": "MicrosoftManagedControl1695-InformationSystemMonitoring|WirelessIntrusionDetection", + "parameters": {}, + "groupNames": [ + "op.mon.1 Intrusion detection" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/27960feb-a23c-4577-8d36-ef8b5f35e0be", + "policyDefinitionReferenceId": "AllFlowLogResourcesShouldBeInEnabledState", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.mon.1 Intrusion detection" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/41256567-1795-4684-b00b-a1308ce43cac", + "policyDefinitionReferenceId": "MicrosoftManagedControl1464-MonitoringPhysicalAccess|IntrusionAlarms/SurveillanceEquipment", + "parameters": {}, + "groupNames": [ + "op.mon.1 Intrusion detection" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4c3c6c5f-0d47-4402-99b8-aa543dd8bcee", + "policyDefinitionReferenceId": "AuditFlowLogsConfigurationForEveryVirtualNetwork", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.mon.1 Intrusion detection" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/610b6183-5f00-4d68-86d2-4ab4cb3a67a5", + "policyDefinitionReferenceId": "FirewallPolicyPremiumShouldEnableAllIdpsSignatureRulesToMonitorAllInboundAndOutboundTrafficFlows", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDenyResourceRequestOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.mon.1 Intrusion detection", + "mp.com.1 Secure perimeter" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6484db87-a62d-4327-9f07-80a2cbdf333a", + "policyDefinitionReferenceId": "FirewallPolicyPremiumShouldEnableTheIntrusionDetectionAndPreventionSystem(idps)", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDenyResourceRequestOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.mon.1 Intrusion detection", + "mp.com.1 Secure perimeter" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a2567a23-d1c3-4783-99f3-d471302a4d6b", + "policyDefinitionReferenceId": "MicrosoftManagedControl1690-InformationSystemMonitoring|System-wideIntrusionDetectionSystem", + "parameters": {}, + "groupNames": [ + "op.mon.1 Intrusion detection" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c251913d-7d24-4958-af87-478ed3b9ba41", + "policyDefinitionReferenceId": "FlowLogsShouldBeConfiguredForEveryNetworkSecurityGroup", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.mon.1 Intrusion detection" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f516dc7a-4543-4d40-aad6-98f76a706b50", + "policyDefinitionReferenceId": "BypassListOfIntrusionDetectionAndPreventionSystem(idps)ShouldBeEmptyInFirewallPolicyPremium", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDenyResourceRequestOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.mon.1 Intrusion detection", + "mp.com.1 Secure perimeter" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a1181c5f-672a-477a-979a-7d58aa086233", + "policyDefinitionReferenceId": "SecurityCenterStandardPricingTierShouldBeSelected", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "op.mon.3 Monitoring" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f2222056-062d-1060-6dc2-0107a68c34b2", + "policyDefinitionReferenceId": "ManageASecureSurveillanceCameraSystem", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.if.1 Separate areas with access control", + "mp.if.2 Identification of persons" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4ce91e4e-6dab-3c46-011a-aa14ae1561bf", + "policyDefinitionReferenceId": "MaintainListOfAuthorizedRemoteMaintenancePersonnel", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.if.1 Separate areas with access control", + "mp.if.2 Identification of persons", + "mp.if.7 Recording of entries and exits of equipment", + "mp.si.4 Transport" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7a489c62-242c-5db9-74df-c073056d6fa3", + "policyDefinitionReferenceId": "DesignatePersonnelToSuperviseUnauthorizedMaintenanceActivities", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.if.1 Separate areas with access control", + "mp.if.2 Identification of persons", + "mp.if.7 Recording of entries and exits of equipment", + "mp.si.4 Transport" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b273f1e3-79e7-13ee-5b5d-dca6c66c3d5d", + "policyDefinitionReferenceId": "ManageMaintenancePersonnel", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.if.1 Separate areas with access control", + "mp.if.2 Identification of persons", + "mp.if.7 Recording of entries and exits of equipment", + "mp.si.4 Transport" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/13939f8c-4cd5-a6db-9af4-9dfec35e3722", + "policyDefinitionReferenceId": "IdentifyAndMitigatePotentialIssuesAtAlternateStorageSite", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.if.1 Separate areas with access control", + "mp.if.3 Fitting-out of premises", + "mp.if.5 Fire protection", + "mp.if.6 Flood protection", + "mp.eq.3 Protection of portable devices", + "mp.eq.4 Other devices connected to the network" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/178c8b7e-1b6e-4289-44dd-2f1526b678a1", + "policyDefinitionReferenceId": "EnsureAlternateStorageSiteSafeguardsAreEquivalentToPrimarySite", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.if.1 Separate areas with access control", + "mp.if.3 Fitting-out of premises", + "mp.if.5 Fire protection", + "mp.if.6 Flood protection", + "mp.eq.3 Protection of portable devices", + "mp.eq.4 Other devices connected to the network" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/81b6267b-97a7-9aa5-51ee-d2584a160424", + "policyDefinitionReferenceId": "CreateSeparateAlternateAndPrimaryStorageSites", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.if.1 Separate areas with access control", + "mp.if.3 Fitting-out of premises", + "mp.if.5 Fire protection", + "mp.if.6 Flood protection", + "mp.eq.3 Protection of portable devices", + "mp.eq.4 Other devices connected to the network", + "mp.si.2 Cryptography", + "mp.info.6 Backups" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af5ff768-a34b-720e-1224-e6b3214f3ba6", + "policyDefinitionReferenceId": "EstablishAnAlternateProcessingSite", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.if.1 Separate areas with access control", + "mp.if.3 Fitting-out of premises", + "mp.if.5 Fire protection", + "mp.if.6 Flood protection", + "mp.eq.3 Protection of portable devices", + "mp.eq.4 Other devices connected to the network", + "mp.si.2 Cryptography", + "mp.info.6 Backups" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d9edcea6-6cb8-0266-a48c-2061fbac4310", + "policyDefinitionReferenceId": "PlanForContinuanceOfEssentialBusinessFunctions", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.if.1 Separate areas with access control", + "mp.if.3 Fitting-out of premises", + "mp.if.5 Fire protection", + "mp.if.6 Flood protection", + "mp.eq.3 Protection of portable devices", + "mp.eq.4 Other devices connected to the network", + "mp.si.2 Cryptography", + "mp.info.6 Backups" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/25a1f840-65d0-900a-43e4-bee253de04de", + "policyDefinitionReferenceId": "DefineRequirementsForManagingAssets", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.if.1 Separate areas with access control", + "mp.si.3 Custody", + "mp.info.6 Backups" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5f2e834d-7e40-a4d5-a216-e49b16955ccf", + "policyDefinitionReferenceId": "EstablishRequirementsForInternetServiceProviders", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.if.3 Fitting-out of premises", + "mp.if.4 Electrical energy" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/aa892c0d-2c40-200c-0dd8-eac8c4748ede", + "policyDefinitionReferenceId": "EmployAutomaticEmergencyLighting", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.if.3 Fitting-out of premises", + "mp.if.4 Electrical energy" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/58a51cde-008b-1a5d-61b5-d95849770677", + "policyDefinitionReferenceId": "TestTheBusinessContinuityAndDisasterRecoveryPlan", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.if.4 Electrical energy" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c42f19c9-5d88-92da-0742-371a0ea03126", + "policyDefinitionReferenceId": "ClearPersonnelWithAccessToClassifiedInformation", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.per.1 Job characterization" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c6aeb800-0b19-944d-92dc-59b893722329", + "policyDefinitionReferenceId": "RescreenIndividualsAtADefinedFrequency", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.per.1 Job characterization" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e0c480bf-0d68-a42d-4cbb-b60f851f8716", + "policyDefinitionReferenceId": "ImplementPersonnelScreening", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.per.1 Job characterization" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2b05dca2-25ec-9335-495c-29155f785082", + "policyDefinitionReferenceId": "ProvideSecurityTrainingBeforeProvidingAccess", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.per.1 Job characterization", + "mp.per.3 Awareness", + "mp.per.4 Training", + "mp.eq.3 Protection of portable devices", + "mp.si.3 Custody", + "mp.s.1 E-mail protection", + "mp.s.3 Protection of web browsing" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2d4d0e90-32d9-4deb-2166-a00d51ed57c0", + "policyDefinitionReferenceId": "ProvideInformationSpillageTraining", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.per.1 Job characterization", + "mp.per.3 Awareness", + "mp.per.4 Training", + "mp.eq.3 Protection of portable devices", + "mp.si.3 Custody", + "mp.s.1 E-mail protection", + "mp.s.3 Protection of web browsing" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3153d9c0-2584-14d3-362d-578b01358aeb", + "policyDefinitionReferenceId": "RetainTrainingRecords", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.per.1 Job characterization", + "mp.per.3 Awareness", + "mp.per.4 Training", + "mp.eq.3 Protection of portable devices", + "mp.si.3 Custody", + "mp.s.1 E-mail protection", + "mp.s.3 Protection of web browsing" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4c385143-09fd-3a34-790c-a5fd9ec77ddc", + "policyDefinitionReferenceId": "ProvideRole-basedSecurityTraining", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.per.1 Job characterization", + "mp.per.3 Awareness", + "mp.per.4 Training", + "mp.eq.3 Protection of portable devices", + "mp.si.3 Custody", + "mp.s.1 E-mail protection", + "mp.s.3 Protection of web browsing" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/82bd024a-5c99-05d6-96ff-01f539676a1a", + "policyDefinitionReferenceId": "MonitorSecurityAndPrivacyTrainingCompletion", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.per.1 Job characterization", + "mp.per.3 Awareness", + "mp.per.4 Training", + "mp.eq.3 Protection of portable devices", + "mp.si.3 Custody", + "mp.s.1 E-mail protection", + "mp.s.3 Protection of web browsing" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/97f0d974-1486-01e2-2088-b888f46c0589", + "policyDefinitionReferenceId": "TrainPersonnelOnDisclosureOfNonpublicInformation", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.per.1 Job characterization", + "mp.per.3 Awareness", + "mp.per.4 Training", + "mp.eq.3 Protection of portable devices", + "mp.si.3 Custody", + "mp.s.1 E-mail protection", + "mp.s.3 Protection of web browsing" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9ac8621d-9acd-55bf-9f99-ee4212cc3d85", + "policyDefinitionReferenceId": "ProvidePeriodicRole-basedSecurityTraining", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.per.1 Job characterization", + "mp.per.3 Awareness", + "mp.per.4 Training", + "mp.eq.3 Protection of portable devices", + "mp.si.3 Custody", + "mp.s.1 E-mail protection", + "mp.s.3 Protection of web browsing" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b544f797-a73b-1be3-6d01-6b1a085376bc", + "policyDefinitionReferenceId": "EstablishInformationSecurityWorkforceDevelopmentAndImprovementProgram", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.per.1 Job characterization", + "mp.per.3 Awareness", + "mp.per.4 Training", + "mp.eq.3 Protection of portable devices", + "mp.si.3 Custody", + "mp.s.1 E-mail protection", + "mp.s.3 Protection of web browsing" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c8aa992d-76b7-7ca0-07b3-31a58d773fa9", + "policyDefinitionReferenceId": "EmployAutomatedTrainingEnvironment", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.per.1 Job characterization", + "mp.per.3 Awareness", + "mp.per.4 Training", + "mp.eq.3 Protection of portable devices", + "mp.si.3 Custody", + "mp.s.1 E-mail protection", + "mp.s.3 Protection of web browsing" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/11ba0508-58a8-44de-5f3a-9e05d80571da", + "policyDefinitionReferenceId": "DevelopBusinessClassificationSchemes", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.eq.4 Other devices connected to the network", + "mp.si.1 Marking", + "mp.info.2 Rating of information" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6c79c3e5-5f7b-a48a-5c7b-8c158bc01115", + "policyDefinitionReferenceId": "EnsureSecurityCategorizationIsApproved", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.eq.4 Other devices connected to the network", + "mp.si.1 Marking", + "mp.info.2 Rating of information" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/93fa357f-2e38-22a9-5138-8cc5124e1923", + "policyDefinitionReferenceId": "CategorizeInformation", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.eq.4 Other devices connected to the network", + "mp.si.1 Marking", + "mp.info.2 Rating of information" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/055aa869-bc98-4af8-bafc-23f1ab6ffe2c", + "policyDefinitionReferenceId": "AzureWebApplicationFirewallShouldBeEnabledForAzureFrontDoorEntry-points", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDenyResourceRequestOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.com.1 Secure perimeter", + "mp.s.3 Protection of web browsing" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096", + "policyDefinitionReferenceId": "WebApplicationFirewall(waf)ShouldUseTheSpecifiedModeForApplicationGateway", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDenyResourceRequestOrDisablePolicy')]" + }, + "modeRequirement": { + "value": "[parameters('modeRequirement')]" + } + }, + "groupNames": [ + "mp.com.1 Secure perimeter", + "mp.s.3 Protection of web browsing" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780", + "policyDefinitionReferenceId": "PublicNetworkAccessOnAzureSqlDatabaseShouldBeDisabled", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDenyResourceRequestOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.com.1 Secure perimeter" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/21a9766a-82a5-4747-abb5-650b6dbba6d0", + "policyDefinitionReferenceId": "AzureSignalrServiceShouldDisablePublicNetworkAccess", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDenyResourceRequestOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.com.1 Secure perimeter" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3375856c-3824-4e0e-ae6a-79e011dd4c47", + "policyDefinitionReferenceId": "MysqlServerShouldUseAVirtualNetworkServiceEndpoint", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.com.1 Secure perimeter" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/35d9882c-993d-44e6-87d2-db66ce21b636", + "policyDefinitionReferenceId": "WindowsMachinesShouldMeetRequirementsFor'windowsFirewallProperties'", + "parameters": { + "IncludeArcMachines": { + "value": "[parameters('IncludeArcMachines-AllowedValuesMustBeInLowerCase')]" + }, + "WindowsFirewallDomainUseProfileSettings": { + "value": "[parameters('WindowsFirewallDomainUseProfileSettings')]" + }, + "WindowsFirewallDomainBehaviorForOutboundConnections": { + "value": "[parameters('WindowsFirewallDomainBehaviorForOutboundConnections')]" + }, + "WindowsFirewallDomainApplyLocalConnectionSecurityRules": { + "value": "[parameters('WindowsFirewallDomainApplyLocalConnectionSecurityRules')]" + }, + "WindowsFirewallDomainApplyLocalFirewallRules": { + "value": "[parameters('WindowsFirewallDomainApplyLocalFirewallRules')]" + }, + "WindowsFirewallDomainDisplayNotifications": { + "value": "[parameters('WindowsFirewallDomainDisplayNotifications')]" + }, + "WindowsFirewallPrivateUseProfileSettings": { + "value": "[parameters('WindowsFirewallPrivateUseProfileSettings')]" + }, + "WindowsFirewallPrivateBehaviorForOutboundConnections": { + "value": "[parameters('WindowsFirewallPrivateBehaviorForOutboundConnections')]" + }, + "WindowsFirewallPrivateApplyLocalConnectionSecurityRules": { + "value": "[parameters('WindowsFirewallPrivateApplyLocalConnectionSecurityRules')]" + }, + "WindowsFirewallPrivateApplyLocalFirewallRules": { + "value": "[parameters('WindowsFirewallPrivateApplyLocalFirewallRules')]" + }, + "WindowsFirewallPrivateDisplayNotifications": { + "value": "[parameters('WindowsFirewallPrivateDisplayNotifications')]" + }, + "WindowsFirewallPublicUseProfileSettings": { + "value": "[parameters('WindowsFirewallPublicUseProfileSettings')]" + }, + "WindowsFirewallPublicBehaviorForOutboundConnections": { + "value": "[parameters('WindowsFirewallPublicBehaviorForOutboundConnections')]" + }, + "WindowsFirewallPublicApplyLocalConnectionSecurityRules": { + "value": "[parameters('WindowsFirewallPublicApplyLocalConnectionSecurityRules')]" + }, + "WindowsFirewallPublicApplyLocalFirewallRules": { + "value": "[parameters('WindowsFirewallPublicApplyLocalFirewallRules')]" + }, + "WindowsFirewallPublicDisplayNotifications": { + "value": "[parameters('WindowsFirewallPublicDisplayNotifications')]" + }, + "WindowsFirewallDomainAllowUnicastResponse": { + "value": "[parameters('WindowsFirewallDomainAllowUnicastResponse')]" + }, + "WindowsFirewallPrivateAllowUnicastResponse": { + "value": "[parameters('WindowsFirewallPrivateAllowUnicastResponse')]" + }, + "WindowsFirewallPublicAllowUnicastResponse": { + "value": "[parameters('WindowsFirewallPublicAllowUnicastResponse')]" + }, + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.com.1 Secure perimeter" + ], + "definitionVersion": "3.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3c14b034-bcb6-4905-94e7-5b8e98a47b65", + "policyDefinitionReferenceId": "PostgresqlServerShouldUseAVirtualNetworkServiceEndpoint", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.com.1 Secure perimeter" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/425bea59-a659-4cbb-8d31-34499bd030b8", + "policyDefinitionReferenceId": "WebApplicationFirewall(waf)ShouldUseTheSpecifiedModeForAzureFrontDoorService", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDenyResourceRequestOrDisablePolicy')]" + }, + "modeRequirement": { + "value": "[parameters('modeRequirement')]" + } + }, + "groupNames": [ + "mp.com.1 Secure perimeter", + "mp.s.3 Protection of web browsing" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/43bc7be6-5e69-4b0d-a2bb-e815557ca673", + "policyDefinitionReferenceId": "PublicNetworkAccessOnAzureDataExplorerShouldBeDisabled", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDenyResourceRequestOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.com.1 Secure perimeter" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4598f028-de1f-4694-8751-84dceb5f86b9", + "policyDefinitionReferenceId": "AzureWebApplicationFirewallOnAzureFrontDoorShouldHaveRequestBodyInspectionEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDenyResourceRequestOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.com.1 Secure perimeter", + "mp.s.3 Protection of web browsing" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490", + "policyDefinitionReferenceId": "AzureKeyVaultShouldHaveFirewallEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDenyResourceRequestOrDisablePolicy')]" + }, + "restrictIPAddresses": { + "value": "[parameters('restrictIPAddresses')]" + }, + "allowedIPAddresses": { + "value": "[parameters('allowedIPAddresses')]" + }, + "forbiddenIPAddresses": { + "value": "[parameters('forbiddenIPAddresses')]" + } + }, + "groupNames": [ + "mp.com.1 Secure perimeter" + ], + "definitionVersion": "3.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66", + "policyDefinitionReferenceId": "WebApplicationFirewall(waf)ShouldBeEnabledForApplicationGateway", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDenyResourceRequestOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.com.1 Secure perimeter", + "mp.s.3 Protection of web browsing" + ], + "definitionVersion": "2.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/56fd377d-098c-4f02-8406-81eb055902b8", + "policyDefinitionReferenceId": "IpFirewallRulesOnAzureSynapseWorkspacesShouldBeRemoved", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.com.1 Secure perimeter" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5e1de0e3-42cb-4ebc-a86d-61d0c619ca48", + "policyDefinitionReferenceId": "PublicNetworkAccessShouldBeDisabledForPostgresqlFlexibleServers", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDenyResourceRequestOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.com.1 Secure perimeter" + ], + "definitionVersion": "3.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5e7e928c-8693-4a23-9bf3-1c77b9a8fe97", + "policyDefinitionReferenceId": "AzureAttestationProvidersShouldDisablePublicNetworkAccess", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDenyResourceRequestOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.com.1 Secure perimeter" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/62a3ae95-8169-403e-a2d2-b82141448092", + "policyDefinitionReferenceId": "ModifyAzureSignalrServiceResourcesToDisablePublicNetworkAccess", + "parameters": { + "effect": { + "value": "[parameters('effect-ModifySubscriptionOrResourceByDefaultOrDisablePolicyOrDenyResourceRequest')]" + } + }, + "groupNames": [ + "mp.com.1 Secure perimeter" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/632d3993-e2c0-44ea-a7db-2eca131f356d", + "policyDefinitionReferenceId": "WebApplicationFirewall(waf)ShouldEnableAllFirewallRulesForApplicationGateway", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDenyResourceRequestOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.com.1 Secure perimeter", + "mp.s.3 Protection of web browsing" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/711c24bb-7f18-4578-b192-81a6161e1f17", + "policyDefinitionReferenceId": "AzureFirewallPremiumShouldConfigureAValidIntermediateCertificateToEnableTlsInspection", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDenyResourceRequestOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.com.1 Secure perimeter" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/77e8b146-0078-4fb2-b002-e112381199f0", + "policyDefinitionReferenceId": "VirtualNetworkFirewallRuleOnAzureSqlDatabaseShouldBeEnabledToAllowTrafficFromTheSpecifiedSubnet", + "parameters": { + "subnetId": { + "value": "[parameters('subnetId')]" + } + }, + "groupNames": [ + "mp.com.1 Secure perimeter" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb", + "policyDefinitionReferenceId": "AzureCosmosDbAccountsShouldHaveFirewallRules", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDenyResourceRequestOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.com.1 Secure perimeter" + ], + "definitionVersion": "2.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/882e19a6-996f-400e-a30f-c090887254f4", + "policyDefinitionReferenceId": "MigrateWafFromWafConfigToWafPolicyOnApplicationGateway", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDenyResourceRequestOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.com.1 Secure perimeter" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a06d0189-92e8-4dba-b0c4-08d7669fce7d", + "policyDefinitionReferenceId": "ConfigureStorageAccountsToDisablePublicNetworkAccess", + "parameters": { + "effect": { + "value": "[parameters('effect-ModifySubscriptionOrResourceByDefaultOrDisablePolicyOrDenyResourceRequest')]" + } + }, + "groupNames": [ + "mp.com.1 Secure perimeter" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a58ac66d-92cb-409c-94b8-8e48d7a96596", + "policyDefinitionReferenceId": "AzureFirewallPolicyShouldEnableTlsInspectionWithinApplicationRules", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDenyResourceRequestOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.com.1 Secure perimeter" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01dc", + "policyDefinitionReferenceId": "ConfigureKeyVaultsToEnableFirewall", + "parameters": { + "effect": { + "value": "[parameters('effect-ModifySubscriptionOrResourceByDefaultOrDisablePolicyOrDenyResourceRequest')]" + } + }, + "groupNames": [ + "mp.com.1 Secure perimeter" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b2982f36-99f2-4db5-8eff-283140c09693", + "policyDefinitionReferenceId": "StorageAccountsShouldDisablePublicNetworkAccess", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDenyResourceRequestOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.com.1 Secure perimeter" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b52376f7-9612-48a1-81cd-1ffe4b61032c", + "policyDefinitionReferenceId": "PublicNetworkAccessShouldBeDisabledForPostgresqlServers", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDenyResourceRequestOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.com.1 Secure perimeter" + ], + "definitionVersion": "2.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c9299215-ae47-4f50-9c54-8a392f68a052", + "policyDefinitionReferenceId": "PublicNetworkAccessShouldBeDisabledForMysqlFlexibleServers", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDenyResourceRequestOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.com.1 Secure perimeter" + ], + "definitionVersion": "2.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ca85ef9a-741d-461d-8b7a-18c2da82c666", + "policyDefinitionReferenceId": "AzureWebApplicationFirewallOnAzureApplicationGatewayShouldHaveRequestBodyInspectionEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDenyResourceRequestOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.com.1 Secure perimeter", + "mp.s.3 Protection of web browsing" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/cd870362-211d-4cad-9ad9-11e5ea4ebbc1", + "policyDefinitionReferenceId": "PublicNetworkAccessShouldBeDisabledForIotCentral", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDenyResourceRequestOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.com.1 Secure perimeter" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d9844e8a-1437-4aeb-a32c-0c992f056095", + "policyDefinitionReferenceId": "PublicNetworkAccessShouldBeDisabledForMysqlServers", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDenyResourceRequestOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.com.1 Secure perimeter" + ], + "definitionVersion": "2.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/dfbd9a64-6114-48de-a47d-90574dc2e489", + "policyDefinitionReferenceId": "MariadbServerShouldUseAVirtualNetworkServiceEndpoint", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.com.1 Secure perimeter" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e52e8487-4a97-48ac-b3e6-1c3cef45d298", + "policyDefinitionReferenceId": "EnableRateLimitRuleToProtectAgainstDdosAttacksOnAzureFrontDoorWaf", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDenyResourceRequestOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.com.1 Secure perimeter", + "mp.s.3 Protection of web browsing", + "mp.s.4 Protection against denial of service" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f2c2d0a6-e183-4fc8-bd8f-363c65d3bbbf", + "policyDefinitionReferenceId": "SubscriptionShouldConfigureTheAzureFirewallPremiumToProvideAdditionalLayerOfProtection", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.com.1 Secure perimeter" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/fc5e4038-4584-4632-8c85-c0448d374b2c", + "policyDefinitionReferenceId": "[preview]:AllInternetTrafficShouldBeRoutedViaYourDeployedAzureFirewall", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.com.1 Secure perimeter" + ], + "definitionVersion": "3.*.*-preview" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/fdccbe47-f3e3-4213-ad5d-ea459b2fa077", + "policyDefinitionReferenceId": "PublicNetworkAccessShouldBeDisabledForMariadbServers", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDenyResourceRequestOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.com.1 Secure perimeter" + ], + "definitionVersion": "2.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/22730e10-96f6-4aac-ad84-9383d35b5917", + "policyDefinitionReferenceId": "ManagementPortsShouldBeClosedOnYourVirtualMachines", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.com.1 Secure perimeter" + ], + "definitionVersion": "3.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bd352bd5-2853-4985-bf0d-73806b4a5744", + "policyDefinitionReferenceId": "IpForwardingOnYourVirtualMachineShouldBeDisabled", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.com.1 Secure perimeter" + ], + "definitionVersion": "3.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b5a4be05-3997-1731-3260-98be653610f6", + "policyDefinitionReferenceId": "PerformDispositionReview", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.si.2 Cryptography", + "mp.si.5 Erasure and destruction", + "mp.sw.1 IT Aplications development", + "mp.sw.2 Acceptance and commissioning", + "mp.info.6 Backups" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c6b877a6-5d6d-1862-4b7f-3ccc30b25b63", + "policyDefinitionReferenceId": "VerifyPersonalDataIsDeletedAtTheEndOfProcessing", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.si.2 Cryptography", + "mp.si.5 Erasure and destruction", + "mp.sw.1 IT Aplications development", + "mp.sw.2 Acceptance and commissioning", + "mp.info.6 Backups" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/834b7a4a-83ab-2188-1a26-9c5033d8173b", + "policyDefinitionReferenceId": "IncorporateSecurityAndDataPrivacyPracticesInResearchProcessing", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.sw.1 IT Aplications development", + "mp.sw.2 Acceptance and commissioning" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/cf79f602-1e60-5423-6c0c-e632c2ea1fc0", + "policyDefinitionReferenceId": "ImplementControlsToProtectPii", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.sw.1 IT Aplications development", + "mp.sw.2 Acceptance and commissioning" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/eda0cbb7-6043-05bf-645b-67411f1a59b3", + "policyDefinitionReferenceId": "EnsureThereAreNoUnencryptedStaticAuthenticators", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.sw.1 IT Aplications development", + "mp.sw.2 Acceptance and commissioning" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f8a63511-66f1-503f-196d-d6217ee0823a", + "policyDefinitionReferenceId": "RequireDevelopersToProduceEvidenceOfSecurityAssessmentPlanExecution", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.sw.1 IT Aplications development", + "mp.sw.2 Acceptance and commissioning" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7238174a-fd10-4ef0-817e-fc820a951d73", + "policyDefinitionReferenceId": "FunctionAppsThatUsePythonShouldUseASpecified'pythonVersion'", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + }, + "WindowsPythonLatestVersion": { + "value": "[parameters('WindowsPythonLatestVersion')]" + }, + "LinuxPythonLatestVersion": { + "value": "[parameters('LinuxPythonLatestVersion')]" + }, + "LinuxPythonVersion": { + "value": "[parameters('LinuxPythonVersion')]" + } + }, + "groupNames": [ + "mp.sw.2 Acceptance and commissioning" + ], + "definitionVersion": "4.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", + "policyDefinitionReferenceId": "SystemUpdatesShouldBeInstalledOnYourMachines", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.sw.2 Acceptance and commissioning" + ], + "definitionVersion": "4.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f78fc35e-1268-0bca-a798-afcba9d2330a", + "policyDefinitionReferenceId": "SelectAdditionalTestingForSecurityControlAssessments", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.sw.2 Acceptance and commissioning" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0716f0f5-4955-2ccb-8d5e-c6be14d57c0f", + "policyDefinitionReferenceId": "EnsureResourcesAreAuthorized", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.sw.2 Acceptance and commissioning" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e29a8f1b-149b-2fa3-969d-ebee1baa9472", + "policyDefinitionReferenceId": "AssignAnAuthorizingOfficial(ao)", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.sw.2 Acceptance and commissioning" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0a15ec92-a229-4763-bb14-0ea34a568f8d", + "policyDefinitionReferenceId": "AzurePolicyAdd-onForKubernetesService(aks)ShouldBeInstalledAndEnabledOnYourClusters", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.s.3 Protection of web browsing" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0b026355-49cb-467b-8ac4-f777874e175a", + "policyDefinitionReferenceId": "ConfigureAzureWebPubsubServiceToUsePrivateDnsZones", + "parameters": { + "privateDnsZoneId": { + "value": "[parameters('privateDnsZoneId')]" + }, + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.s.3 Protection of web browsing" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0da6faeb-d6c6-4f6e-9f49-06277493270b", + "policyDefinitionReferenceId": "EnableLoggingByCategoryGroupForWebPubsubService(microsoft.signalrservice/webpubsub)ToLogAnalytics", + "parameters": { + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrEnableRelatedResourceAuditingOrDisablePolicy')]" + }, + "diagnosticSettingName": { + "value": "[parameters('diagnosticSettingName')]" + }, + "categoryGroup": { + "value": "[parameters('categoryGroup')]" + }, + "resourceLocationList": { + "value": "[parameters('resourceLocationList')]" + }, + "logAnalytics": { + "value": "[parameters('logAnalytics')]" + } + }, + "groupNames": [ + "mp.s.3 Protection of web browsing" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/17f9d984-90c8-43dd-b7a6-76cb694815c1", + "policyDefinitionReferenceId": "ConfigureAzureWebPubsubServiceToDisableLocalAuthentication", + "parameters": { + "effect": { + "value": "[parameters('effect-ModifySubscriptionOrResourceByDefaultOrDisablePolicyOrDenyResourceRequest')]" + } + }, + "groupNames": [ + "mp.s.3 Protection of web browsing" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1b9c0b58-fc7b-42c8-8010-cdfa1d1b8544", + "policyDefinitionReferenceId": "ConfigureAzureWebPubsubServiceWithPrivateEndpoints", + "parameters": { + "privateEndpointSubnetId": { + "value": "[parameters('privateEndpointSubnetId')]" + }, + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.s.3 Protection of web browsing" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/24b7a1c6-44fe-40cc-a2e6-242d2ef70e98", + "policyDefinitionReferenceId": "AppServiceAppSlotsShouldBeInjectedIntoAVirtualNetwork", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDenyResourceRequestOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.s.3 Protection of web browsing" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3d034ef2-001c-46f6-a47b-e6e4a74ff89b", + "policyDefinitionReferenceId": "EnableLoggingByCategoryGroupForWebPubsubService(microsoft.signalrservice/webpubsub)ToEventHub", + "parameters": { + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrEnableRelatedResourceAuditingOrDisablePolicy')]" + }, + "diagnosticSettingName": { + "value": "[parameters('diagnosticSettingName')]" + }, + "categoryGroup": { + "value": "[parameters('categoryGroup')]" + }, + "resourceLocation": { + "value": "[parameters('resourceLocation')]" + }, + "eventHubAuthorizationRuleId": { + "value": "[parameters('eventHubAuthorizationRuleId')]" + }, + "eventHubName": { + "value": "[parameters('eventHubName')]" + } + }, + "groupNames": [ + "mp.s.3 Protection of web browsing" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4dcfb8b5-05cd-4090-a931-2ec29057e1fc", + "policyDefinitionReferenceId": "AppServiceAppSlotsShouldUseLatest'httpVersion'", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.s.3 Protection of web browsing" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5b1213e4-06e4-4ccc-81de-4201f2f7131a", + "policyDefinitionReferenceId": "ConfigureAzureWebPubsubServiceToDisablePublicNetworkAccess", + "parameters": { + "effect": { + "value": "[parameters('effect-ModifySubscriptionOrResourceByDefaultOrDisablePolicyOrDenyResourceRequest')]" + } + }, + "groupNames": [ + "mp.s.3 Protection of web browsing" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/72d04c29-f87d-4575-9731-419ff16a2757", + "policyDefinitionReferenceId": "AppServiceAppsShouldBeInjectedIntoAVirtualNetwork", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDenyResourceRequestOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.s.3 Protection of web browsing" + ], + "definitionVersion": "3.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/82909236-25f3-46a6-841c-fe1020f95ae1", + "policyDefinitionReferenceId": "AzureWebPubsubServiceShouldUseASkuThatSupportsPrivateLink", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDenyResourceRequestOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.s.3 Protection of web browsing" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8a04f872-51e9-4313-97fb-fc1c3543011c", + "policyDefinitionReferenceId": "AzureApplicationGatewayShouldHaveResourceLogsEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.s.3 Protection of web browsing" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8a04f872-51e9-4313-97fb-fc1c35430fd8", + "policyDefinitionReferenceId": "AzureFrontDoorShouldHaveResourceLogsEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.s.3 Protection of web browsing" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8c122334-9d20-4eb8-89ea-ac9a705b74ae", + "policyDefinitionReferenceId": "AppServiceAppsShouldUseLatest'httpVersion'", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.s.3 Protection of web browsing" + ], + "definitionVersion": "4.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/95bccee9-a7f8-4bec-9ee9-62c3473701fc", + "policyDefinitionReferenceId": "AppServiceAppsShouldHaveAuthenticationEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.s.3 Protection of web browsing" + ], + "definitionVersion": "2.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9adab2a5-05ba-4fbd-831a-5bf958d04218", + "policyDefinitionReferenceId": "ConfigureAPrivateDnsZoneIdForWebGroupid", + "parameters": { + "privateDnsZoneId": { + "value": "[parameters('privateDnsZoneId')]" + }, + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.s.3 Protection of web browsing" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b66ab71c-582d-4330-adfd-ac162e78691e", + "policyDefinitionReferenceId": "AzureWebPubsubServiceShouldHaveLocalAuthenticationMethodsDisabled", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDenyResourceRequestOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.s.3 Protection of web browsing" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bf45113f-264e-4a87-88f9-29ac8a0aca6a", + "policyDefinitionReferenceId": "AzureWebPubsubServiceShouldDisablePublicNetworkAccess", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDenyResourceRequestOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.s.3 Protection of web browsing" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bf6af3d2-fbd5-458f-8a40-2556cf539b45", + "policyDefinitionReferenceId": "EnableLoggingByCategoryGroupForWebPubsubService(microsoft.signalrservice/webpubsub)ToStorage", + "parameters": { + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrEnableRelatedResourceAuditingOrDisablePolicy')]" + }, + "diagnosticSettingName": { + "value": "[parameters('diagnosticSettingName')]" + }, + "categoryGroup": { + "value": "[parameters('categoryGroup')]" + }, + "resourceLocation": { + "value": "[parameters('resourceLocation')]" + }, + "storageAccount": { + "value": "[parameters('storageAccount')]" + } + }, + "groupNames": [ + "mp.s.3 Protection of web browsing" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/cd906338-3453-47ba-9334-2d654bf845af", + "policyDefinitionReferenceId": "AzureFrontDoorStandardOrPremium(plusWaf)ShouldHaveResourceLogsEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.s.3 Protection of web browsing" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d19ae5f1-b303-4b82-9ca8-7682749faf0c", + "policyDefinitionReferenceId": "ConfigureAPrivateDnsZoneIdForWeb_secondaryGroupid", + "parameters": { + "privateDnsZoneId": { + "value": "[parameters('privateDnsZoneId')]" + }, + "effect": { + "value": "[parameters('effect-ExecutesTemplateDeploymentFromAConditionByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.s.3 Protection of web browsing" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e2c1c086-2d84-4019-bff3-c44ccd95113c", + "policyDefinitionReferenceId": "FunctionAppsShouldUseLatest'httpVersion'", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.s.3 Protection of web browsing" + ], + "definitionVersion": "4.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/eb907f70-7514-460d-92b3-a5ae93b4f917", + "policyDefinitionReferenceId": "AzureWebPubsubServiceShouldUsePrivateLink", + "parameters": { + "effect": { + "value": "[parameters('effect-AuditNonCompliantResourcesByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.s.3 Protection of web browsing" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/fa98f1b1-1f56-4179-9faf-93ad82f3458f", + "policyDefinitionReferenceId": "FunctionAppSlotsShouldUseLatest'httpVersion'", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.s.3 Protection of web browsing" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648", + "policyDefinitionReferenceId": "PublicIpAddressesShouldHaveResourceLogsEnabledForAzureDdosProtection", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrExecutesTemplateDeploymentFromAConditionOrDisablePolicy')]" + }, + "profileName": { + "value": "[parameters('profileName')]" + }, + "logAnalytics": { + "value": "[parameters('logAnalytics')]" + }, + "logsEnabled": { + "value": "[parameters('logsEnabled-AllowedValuesMustBeString')]" + }, + "metricsEnabled": { + "value": "[parameters('metricsEnabled-String')]" + } + }, + "groupNames": [ + "mp.s.4 Protection against denial of service" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d", + "policyDefinitionReferenceId": "VirtualNetworksShouldBeProtectedByAzureDdosProtection", + "parameters": { + "effect": { + "value": "[parameters('effect-ModifySubscriptionOrResourceByDefaultOrAuditNonCompliantResourcesOrDisablePolicy')]" + }, + "ddosPlan": { + "value": "[parameters('ddosPlan')]" + } + }, + "groupNames": [ + "mp.s.4 Protection against denial of service" + ], + "definitionVersion": "1.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd", + "policyDefinitionReferenceId": "AzureDdosProtectionShouldBeEnabled", + "parameters": { + "effect": { + "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.s.4 Protection against denial of service" + ], + "definitionVersion": "3.*.*" + }, + { + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b7306e73-0494-83a2-31f5-280e934a8f70", + "policyDefinitionReferenceId": "DevelopAndDocumentADdosResponsePlan", + "parameters": { + "effect": { + "value": "[parameters('effect-SelfAttestResourceComplianceByDefaultOrDisablePolicy')]" + } + }, + "groupNames": [ + "mp.s.4 Protection against denial of service" + ], + "definitionVersion": "1.*.*" + } + ], + "versions": [ + "1.0.0" + ] + }, + "id": "/providers/Microsoft.Authorization/policySetDefinitions/175daf90-21e1-4fec-b745-7b4c909aa94c", + "name": "175daf90-21e1-4fec-b745-7b4c909aa94c" +} \ No newline at end of file