From 7732807f0fee90640d36a3f5bf51aa396577520f Mon Sep 17 00:00:00 2001 From: Azure Policy Bot Date: Tue, 3 Sep 2024 13:27:36 +0000 Subject: [PATCH] Built-in Policy Release 908282b2 --- .../AzureMonitor_DCRA_Arc_Linux_DINE.json | 8 +- .../AzureMonitor_DCRA_Arc_Windows_DINE.json | 8 +- .../AzureMonitor_DCRA_Linux_DINE.json | 8 +- .../AzureMonitor_DCRA_VMSS_Linux_DINE.json | 8 +- .../AzureMonitor_DCRA_VMSS_Windows_DINE.json | 8 +- .../AzureMonitor_DCRA_VM_Linux_DINE.json | 8 +- .../AzureMonitor_DCRA_VM_Windows_DINE.json | 8 +- .../AzureMonitor_DCRA_Windows_DINE.json | 8 +- .../Regulatory Compliance/CISv1_1_0.json | 15 +--- .../Regulatory Compliance/CISv1_3_0.json | 23 ++---- .../Regulatory Compliance/CMMC_2_0_L2.json | 30 +------ .../Regulatory Compliance/CMMC_L3.json | 32 +++----- .../Regulatory Compliance/DOD_IL4_audit.json | 45 +++-------- .../Regulatory Compliance/DOD_IL5_audit.json | 45 +++-------- .../FedRAMP_H_audit.json | 27 +------ .../FedRAMP_M_audit.json | 25 +----- .../Regulatory Compliance/IRS1075_audit.json | 14 +--- .../ISO27001_2013_audit.json | 14 +--- .../NIST_SP_800-171_R2.json | 30 +------ .../NIST_SP_800-53_R4.json | 27 +------ .../NIST_SP_800-53_R5.json | 25 +----- .../Regulatory Compliance/PCI_DSS_V4.0.json | 19 +---- .../Regulatory Compliance/SOC_2.json | 41 +++------- .../Regulatory Compliance/asb_audit.json | 25 +----- .../Regulatory Compliance/asb_v2.json | 43 +++------- .../Security Center/AzureSecurityCenter.json | 41 +++------- .../Regulatory Compliance/CISv1_1_0.json | 15 +--- .../Regulatory Compliance/CISv1_3_0.json | 10 ++- .../Regulatory Compliance/CISv1_4_0.json | 23 ++---- .../Regulatory Compliance/CISv2_0_0.json | 23 ++---- .../Regulatory Compliance/CMMC_2_0_L2.json | 30 +------ .../Regulatory Compliance/CMMC_L3.json | 47 +++-------- .../CanadaFederalPBMM_audit.json | 25 +----- .../Regulatory Compliance/DOD_IL4_audit.json | 17 +--- .../FedRAMP_H_audit.json | 27 +------ .../FedRAMP_M_audit.json | 25 +----- .../HIPAA_HITRUST_audit.json | 23 +----- .../Regulatory Compliance/IRAP_Audit.json | 43 +++------- .../Regulatory Compliance/IRS1075_audit.json | 23 +----- .../ISO27001_2013_audit.json | 14 +--- .../NIST_SP_800-171_R2.json | 30 +------ .../NIST_SP_800-53_R4.json | 27 +------ .../NIST_SP_800-53_R5.json | 25 +----- .../NL_BIO_Cloud_Theme.json | 48 +++--------- .../NZ_ISM_Restricted_v3_5.json | 23 +----- .../Regulatory Compliance/NewZealand_ISM.json | 32 +------- .../Regulatory Compliance/PCI_DSS_V4.0.json | 19 +---- .../PCIv3_2_1_2018_audit.json | 17 +--- .../RBI_ITF_Banks_v2016.json | 53 +------------ .../Regulatory Compliance/RMIT_Malaysia.json | 23 +----- .../Regulatory Compliance/SOC_2.json | 64 ++++----------- .../SWIFT_CSP-CSCF_v2021.json | 23 +----- .../SWIFT_CSP-CSCF_v2022.json | 23 +----- .../SWIFTv2020_audit.json | 17 +--- .../Regulatory Compliance/Spain_ENS.json | 71 +---------------- .../Regulatory Compliance/asb_audit.json | 25 +----- .../Regulatory Compliance/asb_v2.json | 15 ++-- .../Regulatory Compliance/nz_ism.json | 41 +++------- .../ukofficial_audit.json | 23 +----- .../Security Center/AzureSecurityCenter.json | 78 ++++--------------- 60 files changed, 298 insertions(+), 1309 deletions(-) diff --git a/built-in-policies/policyDefinitions/Azure Government/Monitoring/AzureMonitor_DCRA_Arc_Linux_DINE.json b/built-in-policies/policyDefinitions/Azure Government/Monitoring/AzureMonitor_DCRA_Arc_Linux_DINE.json index 5fd201ad5..7b01e9920 100644 --- a/built-in-policies/policyDefinitions/Azure Government/Monitoring/AzureMonitor_DCRA_Arc_Linux_DINE.json +++ b/built-in-policies/policyDefinitions/Azure Government/Monitoring/AzureMonitor_DCRA_Arc_Linux_DINE.json @@ -5,10 +5,10 @@ "mode": "Indexed", "description": "Deploy Association to link Linux Arc machines to the specified Data Collection Rule or the specified Data Collection Endpoint. The list of locations are updated over time as support is increased.", "metadata": { - "version": "2.1.0", + "version": "2.1.1", "category": "Monitoring" }, - "version": "2.1.0", + "version": "2.1.1", "parameters": { "effect": { "type": "String", @@ -27,7 +27,8 @@ "metadata": { "displayName": "Data Collection Rule Resource Id or Data Collection Endpoint Resource Id", "description": "Resource Id of the Data Collection Rule or the Data Collection Endpoint to be applied on the Linux machines in scope.", - "portalReview": "true" + "portalReview": "true", + "assignPermissions": true } }, "resourceType": { @@ -157,6 +158,7 @@ } }, "versions": [ + "2.1.1", "2.1.0", "2.0.0" ] diff --git a/built-in-policies/policyDefinitions/Azure Government/Monitoring/AzureMonitor_DCRA_Arc_Windows_DINE.json b/built-in-policies/policyDefinitions/Azure Government/Monitoring/AzureMonitor_DCRA_Arc_Windows_DINE.json index c535068ae..a67f56ead 100644 --- a/built-in-policies/policyDefinitions/Azure Government/Monitoring/AzureMonitor_DCRA_Arc_Windows_DINE.json +++ b/built-in-policies/policyDefinitions/Azure Government/Monitoring/AzureMonitor_DCRA_Arc_Windows_DINE.json @@ -5,10 +5,10 @@ "mode": "Indexed", "description": "Deploy Association to link Windows Arc machines to the specified Data Collection Rule or the specified Data Collection Endpoint. The list of locations are updated over time as support is increased.", "metadata": { - "version": "2.1.0", + "version": "2.1.1", "category": "Monitoring" }, - "version": "2.1.0", + "version": "2.1.1", "parameters": { "effect": { "type": "String", @@ -27,7 +27,8 @@ "metadata": { "displayName": "Data Collection Rule Resource Id or Data Collection Endpoint Resource Id", "description": "Resource Id of the Data Collection Rule or the Data Collection Endpoint to be applied on the Linux machines in scope.", - "portalReview": "true" + "portalReview": "true", + "assignPermissions": true } }, "resourceType": { @@ -157,6 +158,7 @@ } }, "versions": [ + "2.1.1", "2.1.0", "2.0.0" ] diff --git a/built-in-policies/policyDefinitions/Azure Government/Monitoring/AzureMonitor_DCRA_Linux_DINE.json b/built-in-policies/policyDefinitions/Azure Government/Monitoring/AzureMonitor_DCRA_Linux_DINE.json index 30f0165c0..2518bfa60 100644 --- a/built-in-policies/policyDefinitions/Azure Government/Monitoring/AzureMonitor_DCRA_Linux_DINE.json +++ b/built-in-policies/policyDefinitions/Azure Government/Monitoring/AzureMonitor_DCRA_Linux_DINE.json @@ -5,10 +5,10 @@ "mode": "Indexed", "description": "Deploy Association to link Linux virtual machines, virtual machine scale sets, and Arc machines to the specified Data Collection Rule or the specified Data Collection Endpoint. The list of locations and OS images are updated over time as support is increased.", "metadata": { - "version": "2.1.0", + "version": "2.1.1", "category": "Monitoring" }, - "version": "2.1.0", + "version": "2.1.1", "parameters": { "effect": { "type": "String", @@ -47,7 +47,8 @@ "metadata": { "displayName": "Data Collection Rule Resource Id or Data Collection Endpoint Resource Id", "description": "Resource Id of the Data Collection Rule or the Data Collection Endpoint to be applied on the Linux machines in scope.", - "portalReview": "true" + "portalReview": "true", + "assignPermissions": true } }, "resourceType": { @@ -656,6 +657,7 @@ } }, "versions": [ + "2.1.1", "2.1.0", "2.0.0" ] diff --git a/built-in-policies/policyDefinitions/Azure Government/Monitoring/AzureMonitor_DCRA_VMSS_Linux_DINE.json b/built-in-policies/policyDefinitions/Azure Government/Monitoring/AzureMonitor_DCRA_VMSS_Linux_DINE.json index 0586a31db..0b993f91f 100644 --- a/built-in-policies/policyDefinitions/Azure Government/Monitoring/AzureMonitor_DCRA_VMSS_Linux_DINE.json +++ b/built-in-policies/policyDefinitions/Azure Government/Monitoring/AzureMonitor_DCRA_VMSS_Linux_DINE.json @@ -5,10 +5,10 @@ "mode": "Indexed", "description": "Deploy Association to link Linux virtual machine scale sets to the specified Data Collection Rule or the specified Data Collection Endpoint. The list of locations and OS images are updated over time as support is increased.", "metadata": { - "version": "2.1.0", + "version": "2.1.1", "category": "Monitoring" }, - "version": "2.1.0", + "version": "2.1.1", "parameters": { "effect": { "type": "String", @@ -47,7 +47,8 @@ "metadata": { "displayName": "Data Collection Rule Resource Id or Data Collection Endpoint Resource Id", "description": "Resource Id of the Data Collection Rule or the Data Collection Endpoint to be applied on the Linux machines in scope.", - "portalReview": "true" + "portalReview": "true", + "assignPermissions": true } }, "resourceType": { @@ -562,6 +563,7 @@ } }, "versions": [ + "2.1.1", "2.1.0", "2.0.0" ] diff --git a/built-in-policies/policyDefinitions/Azure Government/Monitoring/AzureMonitor_DCRA_VMSS_Windows_DINE.json b/built-in-policies/policyDefinitions/Azure Government/Monitoring/AzureMonitor_DCRA_VMSS_Windows_DINE.json index 48c39097b..b5a4a55b3 100644 --- a/built-in-policies/policyDefinitions/Azure Government/Monitoring/AzureMonitor_DCRA_VMSS_Windows_DINE.json +++ b/built-in-policies/policyDefinitions/Azure Government/Monitoring/AzureMonitor_DCRA_VMSS_Windows_DINE.json @@ -5,10 +5,10 @@ "mode": "Indexed", "description": "Deploy Association to link Windows virtual machine scale sets to the specified Data Collection Rule or the specified Data Collection Endpoint. The list of locations and OS images are updated over time as support is increased.", "metadata": { - "version": "2.4.0", + "version": "2.4.1", "category": "Monitoring" }, - "version": "2.4.0", + "version": "2.4.1", "parameters": { "effect": { "type": "String", @@ -47,7 +47,8 @@ "metadata": { "displayName": "Data Collection Rule Resource Id or Data Collection Endpoint Resource Id", "description": "Resource Id of the Data Collection Rule or the Data Collection Endpoint to be applied on the Linux machines in scope.", - "portalReview": "true" + "portalReview": "true", + "assignPermissions": true } }, "resourceType": { @@ -357,6 +358,7 @@ } }, "versions": [ + "2.4.1", "2.4.0", "2.3.0", "2.2.0" diff --git a/built-in-policies/policyDefinitions/Azure Government/Monitoring/AzureMonitor_DCRA_VM_Linux_DINE.json b/built-in-policies/policyDefinitions/Azure Government/Monitoring/AzureMonitor_DCRA_VM_Linux_DINE.json index bc9180613..7644e28e9 100644 --- a/built-in-policies/policyDefinitions/Azure Government/Monitoring/AzureMonitor_DCRA_VM_Linux_DINE.json +++ b/built-in-policies/policyDefinitions/Azure Government/Monitoring/AzureMonitor_DCRA_VM_Linux_DINE.json @@ -5,10 +5,10 @@ "mode": "Indexed", "description": "Deploy Association to link Linux virtual machines to the specified Data Collection Rule or the specified Data Collection Endpoint. The list of locations and OS images are updated over time as support is increased.", "metadata": { - "version": "2.1.0", + "version": "2.1.1", "category": "Monitoring" }, - "version": "2.1.0", + "version": "2.1.1", "parameters": { "effect": { "type": "String", @@ -47,7 +47,8 @@ "metadata": { "displayName": "Data Collection Rule Resource Id or Data Collection Endpoint Resource Id", "description": "Resource Id of the Data Collection Rule or the Data Collection Endpoint to be applied on the Linux machines in scope.", - "portalReview": "true" + "portalReview": "true", + "assignPermissions": true } }, "resourceType": { @@ -562,6 +563,7 @@ } }, "versions": [ + "2.1.1", "2.1.0", "2.0.0" ] diff --git a/built-in-policies/policyDefinitions/Azure Government/Monitoring/AzureMonitor_DCRA_VM_Windows_DINE.json b/built-in-policies/policyDefinitions/Azure Government/Monitoring/AzureMonitor_DCRA_VM_Windows_DINE.json index 4cbadcfc9..3bb1f0cdd 100644 --- a/built-in-policies/policyDefinitions/Azure Government/Monitoring/AzureMonitor_DCRA_VM_Windows_DINE.json +++ b/built-in-policies/policyDefinitions/Azure Government/Monitoring/AzureMonitor_DCRA_VM_Windows_DINE.json @@ -5,10 +5,10 @@ "mode": "Indexed", "description": "Deploy Association to link Windows virtual machines to the specified Data Collection Rule or the specified Data Collection Endpoint. The list of locations and OS images are updated over time as support is increased.", "metadata": { - "version": "2.4.0", + "version": "2.4.1", "category": "Monitoring" }, - "version": "2.4.0", + "version": "2.4.1", "parameters": { "effect": { "type": "String", @@ -47,7 +47,8 @@ "metadata": { "displayName": "Data Collection Rule Resource Id or Data Collection Endpoint Resource Id", "description": "Resource Id of the Data Collection Rule or the Data Collection Endpoint to be applied on the Linux machines in scope.", - "portalReview": "true" + "portalReview": "true", + "assignPermissions": true } }, "resourceType": { @@ -357,6 +358,7 @@ } }, "versions": [ + "2.4.1", "2.4.0", "2.3.0", "2.2.0" diff --git a/built-in-policies/policyDefinitions/Azure Government/Monitoring/AzureMonitor_DCRA_Windows_DINE.json b/built-in-policies/policyDefinitions/Azure Government/Monitoring/AzureMonitor_DCRA_Windows_DINE.json index 8002c5844..e0b644cd5 100644 --- a/built-in-policies/policyDefinitions/Azure Government/Monitoring/AzureMonitor_DCRA_Windows_DINE.json +++ b/built-in-policies/policyDefinitions/Azure Government/Monitoring/AzureMonitor_DCRA_Windows_DINE.json @@ -5,10 +5,10 @@ "mode": "Indexed", "description": "Deploy Association to link Windows virtual machines, virtual machine scale sets, and Arc machines to the specified Data Collection Rule or the specified Data Collection Endpoint. The list of locations and OS images are updated over time as support is increased.", "metadata": { - "version": "2.2.0", + "version": "2.2.1", "category": "Monitoring" }, - "version": "2.2.0", + "version": "2.2.1", "parameters": { "effect": { "type": "String", @@ -47,7 +47,8 @@ "metadata": { "displayName": "Data Collection Rule Resource Id or Data Collection Endpoint Resource Id", "description": "Resource Id of the Data Collection Rule or the Data Collection Endpoint to be applied on the Linux machines in scope.", - "portalReview": "true" + "portalReview": "true", + "assignPermissions": true } }, "resourceType": { @@ -451,6 +452,7 @@ } }, "versions": [ + "2.2.1", "2.2.0", "2.1.0" ] diff --git a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/CISv1_1_0.json b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/CISv1_1_0.json index 630ed1c3a..21f277905 100644 --- a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/CISv1_1_0.json +++ b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/CISv1_1_0.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "The Center for Internet Security (CIS) is a nonprofit entity whose mission is to 'identify, develop, validate, promote, and sustain best practice solutions for cyberdefense.' CIS benchmarks are configuration baselines and best practices for securely configuring a system. These policies address a subset of CIS Microsoft Azure Foundations Benchmark v1.1.0 controls. For more information, visit https://aka.ms/cisazure110-initiative", "metadata": { - "version": "15.4.0", + "version": "15.5.0", "category": "Regulatory Compliance" }, - "version": "15.4.0", + "version": "15.5.0", "policyDefinitionGroups": [ { "name": "CIS_Azure_1.1.0_1.1", @@ -617,16 +617,6 @@ "CIS_Azure_1.1.0_2.4" ] }, - { - "policyDefinitionReferenceId": "CISv110x2x5CISv110x7x6", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "CIS_Azure_1.1.0_2.5", - "CIS_Azure_1.1.0_7.6" - ] - }, { "policyDefinitionReferenceId": "CISv110x2x9", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517", @@ -1183,6 +1173,7 @@ } ], "versions": [ + "15.5.0", "15.4.0", "15.3.0", "15.2.0" diff --git a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/CISv1_3_0.json b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/CISv1_3_0.json index 76b77e32b..d9252d45d 100644 --- a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/CISv1_3_0.json +++ b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/CISv1_3_0.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "The Center for Internet Security (CIS) is a nonprofit entity whose mission is to 'identify, develop, validate, promote, and sustain best practice solutions for cyberdefense.' CIS benchmarks are configuration baselines and best practices for securely configuring a system. These policies address a subset of CIS Microsoft Azure Foundations Benchmark v1.3.0 controls. For more information, visit https://aka.ms/cisazure130-initiative", "metadata": { - "version": "7.6.0", + "version": "7.7.0", "category": "Regulatory Compliance" }, - "version": "7.6.0", + "version": "7.7.0", "policyDefinitionGroups": [ { "name": "CIS_Azure_1.3.0_1.1", @@ -1449,14 +1449,15 @@ }, "effect-af6cd1bd-1635-48cb-bde7-5b15693900b9": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Monitor missing Endpoint Protection in Azure Security Center", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53": { @@ -2680,19 +2681,6 @@ "CIS_Azure_1.3.0_7.5" ] }, - { - "policyDefinitionReferenceId": "af6cd1bd-1635-48cb-bde7-5b15693900b9", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-af6cd1bd-1635-48cb-bde7-5b15693900b9')]" - } - }, - "groupNames": [ - "CIS_Azure_1.3.0_7.6" - ] - }, { "policyDefinitionReferenceId": "0b60c0b2-2dc2-4e1c-b5c9-abbed971de53", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53", @@ -2886,6 +2874,7 @@ } ], "versions": [ + "7.7.0", "7.6.0", "7.5.0", "7.4.0" diff --git a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/CMMC_2_0_L2.json b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/CMMC_2_0_L2.json index 0b4598c3f..96dd4f95b 100644 --- a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/CMMC_2_0_L2.json +++ b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/CMMC_2_0_L2.json @@ -4,11 +4,11 @@ "policyType": "BuiltIn", "description": "This initiative includes policies that address a subset of CMMC 2.0 Level 2 practices. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/cmmc2l2-initiative.", "metadata": { - "version": "1.9.0-preview", + "version": "1.10.0-preview", "category": "Regulatory Compliance", "preview": true }, - "version": "1.9.0-preview", + "version": "1.10.0-preview", "policyDefinitionGroups": [ { "name": "CMMC_2.0_L2_AC.L1-3.1.1", @@ -2909,19 +2909,6 @@ "CMMC_2.0_L2_SI.L1-3.14.5" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "af6cd1bd-1635-48cb-bde7-5b15693900b9", - "parameters": {}, - "groupNames": [ - "CMMC_2.0_L2_SI.L2-3.14.3", - "CMMC_2.0_L2_SI.L1-3.14.4", - "CMMC_2.0_L2_SI.L1-3.14.1", - "CMMC_2.0_L2_SI.L1-3.14.2", - "CMMC_2.0_L2_SI.L1-3.14.5" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6e2593d9-add6-4083-9c9b-4b7d2188c899", "definitionVersion": "1.*.*", @@ -3866,18 +3853,6 @@ "CMMC_2.0_L2_SI.L1-3.14.1" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "26a828e1-e88f-464e-bbb3-c134a282b9de", - "parameters": {}, - "groupNames": [ - "CMMC_2.0_L2_SI.L1-3.14.1", - "CMMC_2.0_L2_SI.L1-3.14.2", - "CMMC_2.0_L2_SI.L1-3.14.4", - "CMMC_2.0_L2_SI.L1-3.14.5" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bed48b13-6647-468e-aa2f-1af1d3f4dd40", "definitionVersion": "1.*.*", @@ -4865,6 +4840,7 @@ } ], "versions": [ + "1.10.0-PREVIEW", "1.9.0-PREVIEW", "1.8.0-PREVIEW", "1.7.0-PREVIEW", diff --git a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/CMMC_L3.json b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/CMMC_L3.json index f0c0b73eb..f78c5f5a4 100644 --- a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/CMMC_L3.json +++ b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/CMMC_L3.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "This initiative includes policies that address a subset of Cybersecurity Maturity Model Certification (CMMC) Level 3 requirements. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/cmmc-initiative.", "metadata": { - "version": "9.5.0", + "version": "9.6.0", "category": "Regulatory Compliance" }, - "version": "9.5.0", + "version": "9.6.0", "policyDefinitionGroups": [ { "name": "CMMC_L3_AC.1.001", @@ -636,14 +636,15 @@ }, "effect-26a828e1-e88f-464e-bbb3-c134a282b9de": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Endpoint protection solution should be installed on virtual machine scale sets", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "listOfImageIdToInclude_windows": { @@ -1254,14 +1255,15 @@ }, "effect-af6cd1bd-1635-48cb-bde7-5b15693900b9": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Monitor missing Endpoint Protection in Azure Security Center", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "listOfLocations-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6": { @@ -3004,23 +3006,6 @@ "CMMC_L3_SI.2.217" ] }, - { - "policyDefinitionReferenceId": "af6cd1bd-1635-48cb-bde7-5b15693900b9", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-af6cd1bd-1635-48cb-bde7-5b15693900b9')]" - } - }, - "groupNames": [ - "CMMC_L3_CA.2.158", - "CMMC_L3_CA.3.161", - "CMMC_L3_IR.2.093", - "CMMC_L3_SI.1.211", - "CMMC_L3_SI.1.213" - ] - }, { "policyDefinitionReferenceId": "b6e2945c-0b7b-40f5-9233-7a5323b5cdc6", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b6e2945c-0b7b-40f5-9233-7a5323b5cdc6", @@ -4300,6 +4285,7 @@ } ], "versions": [ + "9.6.0", "9.5.0", "9.4.0", "9.3.1", diff --git a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/DOD_IL4_audit.json b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/DOD_IL4_audit.json index 595b5db41..8aae515fe 100644 --- a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/DOD_IL4_audit.json +++ b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/DOD_IL4_audit.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "This initiative includes policies that address a subset of DoD Impact Level 4 (IL4) controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/dodil4-initiative.", "metadata": { - "version": "22.9.0", + "version": "22.10.0", "category": "Regulatory Compliance" }, - "version": "22.9.0", + "version": "22.10.0", "policyDefinitionGroups": [ { "name": "DoD_IL4_R4_AC-1", @@ -3186,14 +3186,15 @@ }, "vmssEndpointProtectionMonitoringEffect": { "type": "string", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Endpoint protection solution should be installed on virtual machine scale sets", - "description": "The effect determines what happens when the policy rule is evaluated to match; for more information about effects, visit https://aka.ms/policyeffects" + "description": "The effect determines what happens when the policy rule is evaluated to match; for more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "vmssOsVulnerabilitiesMonitoringEffect": { @@ -3579,14 +3580,15 @@ }, "endpointProtectionMonitoringEffect": { "type": "string", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Monitor missing Endpoint Protection in Azure Security Center", - "description": "The effect determines what happens when the policy rule is evaluated to match; for more information about effects, visit https://aka.ms/policyeffects" + "description": "The effect determines what happens when the policy rule is evaluated to match; for more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "jitNetworkAccessMonitoringEffect": { @@ -6026,21 +6028,6 @@ "DoD_IL4_R4_SI-2" ] }, - { - "policyDefinitionReferenceId": "endpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('vmssEndpointProtectionMonitoringEffect')]" - } - }, - "groupNames": [ - "DoD_IL4_R4_SC-3", - "DoD_IL4_R4_SI-3", - "DoD_IL4_R4_SI-3(1)" - ] - }, { "policyDefinitionReferenceId": "identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0cfea604-3201-4e14-88fc-fae4c427a6c5", @@ -6247,21 +6234,6 @@ "DoD_IL4_R4_SC-28(1)" ] }, - { - "policyDefinitionReferenceId": "monitorMissingEndpointProtectionInAzureSecurityCenter", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('endpointProtectionMonitoringEffect')]" - } - }, - "groupNames": [ - "DoD_IL4_R4_SC-3", - "DoD_IL4_R4_SI-3", - "DoD_IL4_R4_SI-3(1)" - ] - }, { "policyDefinitionReferenceId": "identityRemoveExternalAccountWithOwnerPermissionsMonitoring", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/339353f6-2387-4a45-abe4-7f529d121046", @@ -7128,6 +7100,7 @@ } ], "versions": [ + "22.10.0", "22.9.0", "22.8.0", "22.7.0", diff --git a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/DOD_IL5_audit.json b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/DOD_IL5_audit.json index 832005c99..738ca9c7e 100644 --- a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/DOD_IL5_audit.json +++ b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/DOD_IL5_audit.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "This initiative includes policies that address a subset of DoD Impact Level 5 (IL5) controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/dodil5-initiative.", "metadata": { - "version": "19.9.0", + "version": "19.10.0", "category": "Regulatory Compliance" }, - "version": "19.9.0", + "version": "19.10.0", "policyDefinitionGroups": [ { "name": "DoD_IL5_R4_AC-1", @@ -3210,14 +3210,15 @@ }, "vmssEndpointProtectionMonitoringEffect": { "type": "string", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Endpoint protection solution should be installed on virtual machine scale sets", - "description": "The effect determines what happens when the policy rule is evaluated to match; for more information about effects, visit https://aka.ms/policyeffects" + "description": "The effect determines what happens when the policy rule is evaluated to match; for more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "vmssOsVulnerabilitiesMonitoringEffect": { @@ -3603,14 +3604,15 @@ }, "endpointProtectionMonitoringEffect": { "type": "string", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Monitor missing Endpoint Protection in Azure Security Center", - "description": "The effect determines what happens when the policy rule is evaluated to match; for more information about effects, visit https://aka.ms/policyeffects" + "description": "The effect determines what happens when the policy rule is evaluated to match; for more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "jitNetworkAccessMonitoringEffect": { @@ -6050,21 +6052,6 @@ "DoD_IL5_R4_SI-2" ] }, - { - "policyDefinitionReferenceId": "endpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('vmssEndpointProtectionMonitoringEffect')]" - } - }, - "groupNames": [ - "DoD_IL5_R4_SC-3", - "DoD_IL5_R4_SI-3", - "DoD_IL5_R4_SI-3(1)" - ] - }, { "policyDefinitionReferenceId": "identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0cfea604-3201-4e14-88fc-fae4c427a6c5", @@ -6271,21 +6258,6 @@ "DoD_IL5_R4_SC-28(1)" ] }, - { - "policyDefinitionReferenceId": "monitorMissingEndpointProtectionInAzureSecurityCenter", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('endpointProtectionMonitoringEffect')]" - } - }, - "groupNames": [ - "DoD_IL5_R4_SC-3", - "DoD_IL5_R4_SI-3", - "DoD_IL5_R4_SI-3(1)" - ] - }, { "policyDefinitionReferenceId": "identityRemoveExternalAccountWithOwnerPermissionsMonitoring", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/339353f6-2387-4a45-abe4-7f529d121046", @@ -7152,6 +7124,7 @@ } ], "versions": [ + "19.10.0", "19.9.0", "19.8.0", "19.7.0", diff --git a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/FedRAMP_H_audit.json b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/FedRAMP_H_audit.json index b0aa72a24..7e63fcffb 100644 --- a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/FedRAMP_H_audit.json +++ b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/FedRAMP_H_audit.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "FedRAMP is a US government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud-based products and services. FedRAMP defines a set of controls for Low, Moderate, or High security impact level systems based on NIST baseline controls. These policies address a subset of FedRAMP (High) controls. For more information, visit https://docs.microsoft.com/azure/compliance/offerings/offering-fedramp", "metadata": { - "version": "17.10.0", + "version": "17.11.0", "category": "Regulatory Compliance" }, - "version": "17.10.0", + "version": "17.11.0", "policyDefinitionGroups": [ { "name": "FedRAMP_High_R4_AC-1", @@ -5118,17 +5118,6 @@ "FedRAMP_High_R4_SI-2" ] }, - { - "policyDefinitionReferenceId": "endpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "FedRAMP_High_R4_SC-3", - "FedRAMP_High_R4_SI-3", - "FedRAMP_High_R4_SI-3(1)" - ] - }, { "policyDefinitionReferenceId": "identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0cfea604-3201-4e14-88fc-fae4c427a6c5", @@ -5309,17 +5298,6 @@ "FedRAMP_High_R4_SC-28(1)" ] }, - { - "policyDefinitionReferenceId": "monitorMissingEndpointProtectionInAzureSecurityCenter", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "FedRAMP_High_R4_SC-3", - "FedRAMP_High_R4_SI-3", - "FedRAMP_High_R4_SI-3(1)" - ] - }, { "policyDefinitionReferenceId": "identityRemoveExternalAccountWithOwnerPermissionsMonitoring", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/339353f6-2387-4a45-abe4-7f529d121046", @@ -6145,6 +6123,7 @@ } ], "versions": [ + "17.11.0", "17.10.0", "17.9.0", "17.8.0", diff --git a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/FedRAMP_M_audit.json b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/FedRAMP_M_audit.json index ab37958cf..2f4327c5a 100644 --- a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/FedRAMP_M_audit.json +++ b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/FedRAMP_M_audit.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "FedRAMP is a U.S. government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud-based products and services. FedRAMP defines a set of controls for Low, Moderate, or High security impact level systems based on NIST baseline controls. These policies address a subset of FedRAMP (Moderate) controls. Additional policies will be added in upcoming releases. For more information, visit https://www.fedramp.gov/documents-templates/", "metadata": { - "version": "17.9.0", + "version": "17.10.0", "category": "Regulatory Compliance" }, - "version": "17.9.0", + "version": "17.10.0", "policyDefinitionGroups": [ { "name": "FedRAMP_Moderate_R4_AC-1", @@ -4436,16 +4436,6 @@ "FedRAMP_Moderate_R4_SI-2" ] }, - { - "policyDefinitionReferenceId": "EndpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "FedRAMP_Moderate_R4_SI-3", - "FedRAMP_Moderate_R4_SI-3(1)" - ] - }, { "policyDefinitionReferenceId": "DeprecatedAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0cfea604-3201-4e14-88fc-fae4c427a6c5", @@ -4609,16 +4599,6 @@ "FedRAMP_Moderate_R4_SC-28(1)" ] }, - { - "policyDefinitionReferenceId": "MonitorMissingEndpointProtectionInAzureSecurityCenter", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "FedRAMP_Moderate_R4_SI-3", - "FedRAMP_Moderate_R4_SI-3(1)" - ] - }, { "policyDefinitionReferenceId": "ExternalAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/339353f6-2387-4a45-abe4-7f529d121046", @@ -5379,6 +5359,7 @@ } ], "versions": [ + "17.10.0", "17.9.0", "17.8.0", "17.7.0", diff --git a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/IRS1075_audit.json b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/IRS1075_audit.json index bb3e6b654..8e460d14f 100644 --- a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/IRS1075_audit.json +++ b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/IRS1075_audit.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "This initiative includes policies that address a subset of IRS1075 September 2016 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/irs1075-init.", "metadata": { - "version": "8.2.0", + "version": "8.3.0", "category": "Regulatory Compliance" }, - "version": "8.2.0", + "version": "8.3.0", "policyDefinitionGroups": [ { "name": "IRS_1075_9.3.1.1", @@ -1102,15 +1102,6 @@ "IRS_1075_9.3.7.5" ] }, - { - "policyDefinitionReferenceId": "PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "IRS_1075_9.3.17.3" - ] - }, { "policyDefinitionReferenceId": "PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", @@ -1347,6 +1338,7 @@ } ], "versions": [ + "8.3.0", "8.2.0", "8.1.0" ] diff --git a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/ISO27001_2013_audit.json b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/ISO27001_2013_audit.json index b3b3885f3..960efd4c2 100644 --- a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/ISO27001_2013_audit.json +++ b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/ISO27001_2013_audit.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "The International Organization for Standardization (ISO) 27001 standard provides requirements for establishing, implementing, maintaining, and continuously improving an Information Security Management System (ISMS). These policies address a subset of ISO 27001:2013 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/iso27001-init", "metadata": { - "version": "7.3.0", + "version": "7.4.0", "category": "Regulatory Compliance" }, - "version": "7.3.0", + "version": "7.4.0", "policyDefinitionGroups": [ { "name": "ISO27001-2013_A.5.1.1", @@ -5953,15 +5953,6 @@ "ISO27001-2013_A.16.1.3" ] }, - { - "policyDefinitionReferenceId": "PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "ISO27001-2013_A.12.6.1" - ] - }, { "policyDefinitionReferenceId": "PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", @@ -6777,6 +6768,7 @@ } ], "versions": [ + "7.4.0", "7.3.0", "7.2.0" ] diff --git a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/NIST_SP_800-171_R2.json b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/NIST_SP_800-171_R2.json index de2b5f8a9..84e75d283 100644 --- a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/NIST_SP_800-171_R2.json +++ b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/NIST_SP_800-171_R2.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "The US National Institute of Standards and Technology (NIST) promotes and maintains measurement standards and guidelines to help protect the information and information systems of federal agencies. In response to Executive Order 13556 on managing controlled unclassified information (CUI), it published NIST SP 800-171. These policies address a subset of NIST SP 800-171 Rev. 2 controls. For more information, visit https://docs.microsoft.com/azure/compliance/offerings/offering-nist-800-171", "metadata": { - "version": "15.9.0", + "version": "15.10.0", "category": "Regulatory Compliance" }, - "version": "15.9.0", + "version": "15.10.0", "policyDefinitionGroups": [ { "name": "NIST_SP_800-171_R2_3.1.1", @@ -4725,31 +4725,6 @@ "NIST_SP_800-171_R2_3.14.5" ] }, - { - "policyDefinitionReferenceId": "vmssEndpointProtectionMonitoring", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "NIST_SP_800-171_R2_3.14.1", - "NIST_SP_800-171_R2_3.14.2", - "NIST_SP_800-171_R2_3.14.4", - "NIST_SP_800-171_R2_3.14.5" - ] - }, - { - "policyDefinitionReferenceId": "endpointProtectionMonitoring", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "NIST_SP_800-171_R2_3.14.1", - "NIST_SP_800-171_R2_3.14.2", - "NIST_SP_800-171_R2_3.14.3", - "NIST_SP_800-171_R2_3.14.4", - "NIST_SP_800-171_R2_3.14.5" - ] - }, { "policyDefinitionReferenceId": "Prerequisite_DeployExtensionLinux", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1221c620-d201-468c-81e7-2817e6107e84", @@ -4869,6 +4844,7 @@ } ], "versions": [ + "15.10.0", "15.9.0", "15.8.0", "15.7.0", diff --git a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/NIST_SP_800-53_R4.json b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/NIST_SP_800-53_R4.json index 2a0fe255c..8dc6d7354 100644 --- a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/NIST_SP_800-53_R4.json +++ b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/NIST_SP_800-53_R4.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "National Institute of Standards and Technology (NIST) SP 800-53 R4 provides a standardized approach for assessing, monitoring and authorizing cloud computing products and services to manage information security risk.These policies address a subset of NIST SP 800-53 R4 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/nist800-53r4-initiative", "metadata": { - "version": "18.9.0", + "version": "18.10.0", "category": "Regulatory Compliance" }, - "version": "18.9.0", + "version": "18.10.0", "policyDefinitionGroups": [ { "name": "NIST_SP_800-53_R4_AC-1", @@ -6497,17 +6497,6 @@ "NIST_SP_800-53_R4_SI-2" ] }, - { - "policyDefinitionReferenceId": "PreviewAuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "NIST_SP_800-53_R4_SC-3", - "NIST_SP_800-53_R4_SI-3", - "NIST_SP_800-53_R4_SI-3(1)" - ] - }, { "policyDefinitionReferenceId": "PreviewAuditDeprecatedAccountsWithOwnerPermissionsOnASubscription", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0cfea604-3201-4e14-88fc-fae4c427a6c5", @@ -6675,17 +6664,6 @@ "NIST_SP_800-53_R4_SC-28(1)" ] }, - { - "policyDefinitionReferenceId": "PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "NIST_SP_800-53_R4_SC-3", - "NIST_SP_800-53_R4_SI-3", - "NIST_SP_800-53_R4_SI-3(1)" - ] - }, { "policyDefinitionReferenceId": "PreviewAuditExternalAccountsWithOwnerPermissionsOnASubscription", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/339353f6-2387-4a45-abe4-7f529d121046", @@ -14036,6 +14014,7 @@ } ], "versions": [ + "18.10.0", "18.9.0", "18.8.0", "18.7.0", diff --git a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/NIST_SP_800-53_R5.json b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/NIST_SP_800-53_R5.json index 17bc3798f..811ea217a 100644 --- a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/NIST_SP_800-53_R5.json +++ b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/NIST_SP_800-53_R5.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "National Institute of Standards and Technology (NIST) SP 800-53 Rev. 5 provides a standardized approach for assessing, monitoring and authorizing cloud computing products and services to manage information security risk. These policies address a subset of NIST SP 800-53 R5 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/nist800-53r5-initiative", "metadata": { - "version": "14.9.0", + "version": "14.10.0", "category": "Regulatory Compliance" }, - "version": "14.9.0", + "version": "14.10.0", "policyDefinitionGroups": [ { "name": "NIST_SP_800-53_R5_AC-1", @@ -6992,16 +6992,6 @@ "NIST_SP_800-53_R5_SI-2" ] }, - { - "policyDefinitionReferenceId": "26a828e1-e88f-464e-bbb3-c134a282b9de", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "NIST_SP_800-53_R5_SC-3", - "NIST_SP_800-53_R5_SI-3" - ] - }, { "policyDefinitionReferenceId": "0cfea604-3201-4e14-88fc-fae4c427a6c5", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0cfea604-3201-4e14-88fc-fae4c427a6c5", @@ -7169,16 +7159,6 @@ "NIST_SP_800-53_R5_SC-28(1)" ] }, - { - "policyDefinitionReferenceId": "af6cd1bd-1635-48cb-bde7-5b15693900b9", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "NIST_SP_800-53_R5_SC-3", - "NIST_SP_800-53_R5_SI-3" - ] - }, { "policyDefinitionReferenceId": "339353f6-2387-4a45-abe4-7f529d121046", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/339353f6-2387-4a45-abe4-7f529d121046", @@ -14358,6 +14338,7 @@ } ], "versions": [ + "14.10.0", "14.9.0", "14.8.0", "14.7.0", diff --git a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/PCI_DSS_V4.0.json b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/PCI_DSS_V4.0.json index 9d96e3d2c..6805991b7 100644 --- a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/PCI_DSS_V4.0.json +++ b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/PCI_DSS_V4.0.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "The Payment Card Industry (PCI) Data Security Standards (DSS) is a global information security standard designed to prevent fraud through increased control of credit card data. Compliance with PCI DSS is required for any organization that stores, processes, or transmits payment and cardholder data. These policies address a subset of PCI-DSS v4 controls. For more information, visit https://docs.microsoft.com/azure/governance/policy/samples/pci-dss-3-2-1", "metadata": { - "version": "1.2.0", + "version": "1.3.0", "category": "Regulatory Compliance" }, - "version": "1.2.0", + "version": "1.3.0", "policyDefinitionGroups": [ { "name": "PCI_DSS_v4.0_1.1.1", @@ -2315,20 +2315,6 @@ "PCI_DSS_v4.0_5.4.1" ] }, - { - "policyDefinitionReferenceId": "previewMonitorMissingEndpointProtectionInAzureSecurityCenter", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "PCI_DSS_v4.0_5.2.1", - "PCI_DSS_v4.0_5.2.2", - "PCI_DSS_v4.0_5.2.3", - "PCI_DSS_v4.0_6.3.3", - "PCI_DSS_v4.0_6.4.1", - "PCI_DSS_v4.0_11.3.1" - ] - }, { "policyDefinitionReferenceId": "previewMonitorMissingSystemUpdatesInAzureSecurityCenter", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", @@ -4275,6 +4261,7 @@ } ], "versions": [ + "1.3.0", "1.2.0", "1.1.0" ] diff --git a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/SOC_2.json b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/SOC_2.json index 5f0bb5c25..affdd69b0 100644 --- a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/SOC_2.json +++ b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/SOC_2.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "A System and Organization Controls (SOC) 2 is a report based on the Trust Service Principles and Criteria established by the American Institute of Certified Public Accountants (AICPA). The Report evaluates an organization's information system relevant to the following principles: security, availability, processing integrity, confidentiality and privacy. These policies address a subset of SOC 2 Type 2 controls. For more information, visit https://docs.microsoft.com/azure/compliance/offerings/offering-soc-2", "metadata": { - "version": "1.4.0", + "version": "1.5.0", "category": "Regulatory Compliance" }, - "version": "1.4.0", + "version": "1.5.0", "policyDefinitionGroups": [ { "name": "SOC_2_A1.1", @@ -2301,9 +2301,10 @@ "type": "String", "metadata": { "displayName": "Effect for policy: Monitor missing Endpoint Protection in Azure Security Center", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true }, - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" @@ -2313,9 +2314,10 @@ "type": "String", "metadata": { "displayName": "Effect for policy: Endpoint protection solution should be installed on virtual machine scale sets", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true }, - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" @@ -5332,32 +5334,6 @@ "SOC_2_CC7.1" ] }, - { - "policyDefinitionReferenceId": "af6cd1bd-1635-48cb-bde7-5b15693900b9", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-af6cd1bd-1635-48cb-bde7-5b15693900b9')]" - } - }, - "groupNames": [ - "SOC_2_CC6.8" - ] - }, - { - "policyDefinitionReferenceId": "26a828e1-e88f-464e-bbb3-c134a282b9de", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-26a828e1-e88f-464e-bbb3-c134a282b9de')]" - } - }, - "groupNames": [ - "SOC_2_CC6.8" - ] - }, { "policyDefinitionReferenceId": "3d399cf3-8fc6-0efc-6ab0-1412f1198517", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3d399cf3-8fc6-0efc-6ab0-1412f1198517", @@ -6203,6 +6179,7 @@ } ], "versions": [ + "1.5.0", "1.4.0", "1.3.0", "1.2.0" diff --git a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/asb_audit.json b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/asb_audit.json index 371053c08..049c42421 100644 --- a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/asb_audit.json +++ b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/asb_audit.json @@ -4,11 +4,11 @@ "policyType": "BuiltIn", "description": "This initiative has been deprecated. The Azure Security Benchmark initiative now represents the Azure Security Benchmark v2 controls, and serves as the Azure Security Center default policy initiative. Please assign that initiative, or manage its policies and compliance results within Azure Security Center.", "metadata": { - "version": "14.3.0-deprecated", + "version": "14.4.0-deprecated", "deprecated": true, "category": "Regulatory Compliance" }, - "version": "14.3.0", + "version": "14.4.0", "policyDefinitionGroups": [ { "name": "Azure_Security_Benchmark_v1.0_1.1", @@ -797,16 +797,6 @@ "Azure_Security_Benchmark_v1.0_4.4" ] }, - { - "policyDefinitionReferenceId": "26a828e1-e88f-464e-bbb3-c134a282b9de", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "Azure_Security_Benchmark_v1.0_2.8", - "Azure_Security_Benchmark_v1.0_8.1" - ] - }, { "policyDefinitionReferenceId": "2b9ad585-36bc-4615-b300-fd4435808332", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332", @@ -1273,16 +1263,6 @@ "Azure_Security_Benchmark_v1.0_1.1" ] }, - { - "policyDefinitionReferenceId": "af6cd1bd-1635-48cb-bde7-5b15693900b9", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "Azure_Security_Benchmark_v1.0_2.8", - "Azure_Security_Benchmark_v1.0_8.1" - ] - }, { "policyDefinitionReferenceId": "b0f33259-77d7-4c9e-aac6-3aabcfae693c", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", @@ -1727,6 +1707,7 @@ } ], "versions": [ + "14.4.0", "14.3.0", "14.2.0" ] diff --git a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/asb_v2.json b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/asb_v2.json index f8eb4e08f..2341f786a 100644 --- a/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/asb_v2.json +++ b/built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/asb_v2.json @@ -4,11 +4,11 @@ "policyType": "BuiltIn", "description": "This initiative has been deprecated. The Azure Security Benchmark v2 policy set is now represented in the consolidated Azure Security Benchmark initiative, which also serves as the Azure Security Center default policy initiative. Please assign that initiative, or manage its policies and compliance results within Azure Security Center", "metadata": { - "version": "10.6.0-deprecated", + "version": "10.7.0-deprecated", "deprecated": true, "category": "Regulatory Compliance" }, - "version": "10.6.0", + "version": "10.7.0", "policyDefinitionGroups": [ { "name": "Azure_Security_Benchmark_v2.0_NS-1", @@ -2179,26 +2179,28 @@ }, "effect-af6cd1bd-1635-48cb-bde7-5b15693900b9": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Monitor missing Endpoint Protection in Azure Security Center", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "effect-26a828e1-e88f-464e-bbb3-c134a282b9de": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Endpoint protection solution should be installed on virtual machine scale sets", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "effect-d38fc420-0735-4ef3-ac11-c806f651a570": { @@ -3763,34 +3765,6 @@ "Azure_Security_Benchmark_v2.0_PV-7" ] }, - { - "policyDefinitionReferenceId": "af6cd1bd-1635-48cb-bde7-5b15693900b9", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-af6cd1bd-1635-48cb-bde7-5b15693900b9')]" - } - }, - "groupNames": [ - "Azure_Security_Benchmark_v2.0_ES-2", - "Azure_Security_Benchmark_v2.0_ES-3" - ] - }, - { - "policyDefinitionReferenceId": "26a828e1-e88f-464e-bbb3-c134a282b9de", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-26a828e1-e88f-464e-bbb3-c134a282b9de')]" - } - }, - "groupNames": [ - "Azure_Security_Benchmark_v2.0_ES-2", - "Azure_Security_Benchmark_v2.0_ES-3" - ] - }, { "policyDefinitionReferenceId": "d38fc420-0735-4ef3-ac11-c806f651a570", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d38fc420-0735-4ef3-ac11-c806f651a570", @@ -3889,6 +3863,7 @@ } ], "versions": [ + "10.7.0", "10.6.0", "10.5.0", "10.4.0", diff --git a/built-in-policies/policySetDefinitions/Azure Government/Security Center/AzureSecurityCenter.json b/built-in-policies/policySetDefinitions/Azure Government/Security Center/AzureSecurityCenter.json index 332d56f89..3b73d55d5 100644 --- a/built-in-policies/policySetDefinitions/Azure Government/Security Center/AzureSecurityCenter.json +++ b/built-in-policies/policySetDefinitions/Azure Government/Security Center/AzureSecurityCenter.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "The Microsoft cloud security benchmark initiative represents the policies and controls implementing security recommendations defined in Microsoft cloud security benchmark, see https://aka.ms/azsecbm. This also serves as the Microsoft Defender for Cloud default policy initiative. You can directly assign this initiative, or manage its policies and compliance results within Microsoft Defender for Cloud.", "metadata": { - "version": "47.25.0", + "version": "47.26.0", "category": "Security Center" }, - "version": "47.25.0", + "version": "47.26.0", "policyDefinitionGroups": [ { "name": "Azure_Security_Benchmark_v3.0_NS-1", @@ -491,14 +491,15 @@ }, "vmssEndpointProtectionMonitoringEffect": { "type": "string", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Endpoint protection solution should be installed on virtual machine scale sets", - "description": "Enable or disable virtual machine scale sets endpoint protection monitoring" + "description": "Enable or disable virtual machine scale sets endpoint protection monitoring", + "deprecated": true } }, "vmssOsVulnerabilitiesMonitoringEffect": { @@ -551,14 +552,15 @@ }, "endpointProtectionMonitoringEffect": { "type": "string", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Monitor missing Endpoint Protection in Microsoft Defender for Cloud", - "description": "Enable or disable endpoint protection monitoring" + "description": "Enable or disable endpoint protection monitoring", + "deprecated": true } }, "diskEncryptionMonitoringEffect": { @@ -4801,19 +4803,6 @@ "Azure_Security_Benchmark_v3.0_PV-6" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "vmssEndpointProtectionMonitoring", - "parameters": { - "effect": { - "value": "[parameters('vmssEndpointProtectionMonitoringEffect')]" - } - }, - "groupNames": [ - "Azure_Security_Benchmark_v3.0_ES-2" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe", "definitionVersion": "3.*.*", @@ -5301,19 +5290,6 @@ "Azure_Security_Benchmark_v3.0_PV-6" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "endpointProtectionMonitoring", - "parameters": { - "effect": { - "value": "[parameters('endpointProtectionMonitoringEffect')]" - } - }, - "groupNames": [ - "Azure_Security_Benchmark_v3.0_ES-2" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9daedab3-fb2d-461e-b861-71790eead4f6", "definitionVersion": "3.*.*", @@ -7181,6 +7157,7 @@ } ], "versions": [ + "47.26.0", "47.25.0", "47.24.0", "47.23.0", diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/CISv1_1_0.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/CISv1_1_0.json index ff21eb384..f6772d520 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/CISv1_1_0.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/CISv1_1_0.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "The Center for Internet Security (CIS) is a nonprofit entity whose mission is to 'identify, develop, validate, promote, and sustain best practice solutions for cyberdefense.' CIS benchmarks are configuration baselines and best practices for securely configuring a system. These policies address a subset of CIS Microsoft Azure Foundations Benchmark v1.1.0 controls. For more information, visit https://aka.ms/cisazure110-initiative", "metadata": { - "version": "16.5.0", + "version": "16.6.0", "category": "Regulatory Compliance" }, - "version": "16.5.0", + "version": "16.6.0", "policyDefinitionGroups": [ { "name": "CIS_Azure_1.1.0_1.1", @@ -644,16 +644,6 @@ "CIS_Azure_1.1.0_2.4" ] }, - { - "policyDefinitionReferenceId": "CISv110x2x5CISv110x7x6", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "CIS_Azure_1.1.0_2.5", - "CIS_Azure_1.1.0_7.6" - ] - }, { "policyDefinitionReferenceId": "CISv110x2x7", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/08e6af2d-db70-460a-bfe9-d5bd474ba9d6", @@ -2295,6 +2285,7 @@ } ], "versions": [ + "16.6.0", "16.5.0", "16.4.0", "16.3.0", diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/CISv1_3_0.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/CISv1_3_0.json index 690e44ed9..c6ddb10ab 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/CISv1_3_0.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/CISv1_3_0.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "The Center for Internet Security (CIS) is a nonprofit entity whose mission is to 'identify, develop, validate, promote, and sustain best practice solutions for cyberdefense.' CIS benchmarks are configuration baselines and best practices for securely configuring a system. These policies address a subset of CIS Microsoft Azure Foundations Benchmark v1.3.0 controls. For more information, visit https://aka.ms/cisazure130-initiative", "metadata": { - "version": "8.7.0", + "version": "8.8.0", "category": "Regulatory Compliance" }, - "version": "8.7.0", + "version": "8.8.0", "policyDefinitionGroups": [ { "name": "CIS_Azure_1.3.0_1.1", @@ -1523,14 +1523,15 @@ }, "effect-af6cd1bd-1635-48cb-bde7-5b15693900b9": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Monitor missing Endpoint Protection in Azure Security Center", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "effect-152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0": { @@ -4264,6 +4265,7 @@ } ], "versions": [ + "8.8.0", "8.7.0", "8.6.0", "8.5.0", diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/CISv1_4_0.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/CISv1_4_0.json index cbacacc2e..98d7ea96d 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/CISv1_4_0.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/CISv1_4_0.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "The Center for Internet Security (CIS) is a nonprofit entity whose mission is to 'identify, develop, validate, promote, and sustain best practice solutions for cyberdefense.' CIS benchmarks are configuration baselines and best practices for securely configuring a system. These policies address a subset of CIS Microsoft Azure Foundations Benchmark v1.4.0 controls. For more information, visit https://aka.ms/cisazure140-initiative", "metadata": { - "version": "1.8.0", + "version": "1.9.0", "category": "Regulatory Compliance" }, - "version": "1.8.0", + "version": "1.9.0", "policyDefinitionGroups": [ { "name": "CIS_Azure_1.4.0_1.1", @@ -1413,14 +1413,15 @@ }, "effect-af6cd1bd-1635-48cb-bde7-5b15693900b9": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Monitor missing Endpoint Protection in Azure Security Center", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "effect-152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0": { @@ -3771,19 +3772,6 @@ "CIS_Azure_1.4.0_7.6" ] }, - { - "policyDefinitionReferenceId": "af6cd1bd-1635-48cb-bde7-5b15693900b9", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-af6cd1bd-1635-48cb-bde7-5b15693900b9')]" - } - }, - "groupNames": [ - "CIS_Azure_1.4.0_7.6" - ] - }, { "policyDefinitionReferenceId": "152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0", @@ -4042,6 +4030,7 @@ } ], "versions": [ + "1.9.0", "1.8.0", "1.7.0", "1.6.0", diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/CISv2_0_0.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/CISv2_0_0.json index c23ac2e6b..f6ff46a86 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/CISv2_0_0.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/CISv2_0_0.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "The Center for Internet Security (CIS) is a nonprofit entity whose mission is to 'identify, develop, validate, promote, and sustain best practice solutions for cyberdefense.' CIS benchmarks are configuration baselines and best practices for securely configuring a system. These policies address a subset of CIS Microsoft Azure Foundations Benchmark v2.0.0 controls. For more information, visit https://aka.ms/cisazure200-initiative", "metadata": { - "version": "1.2.0", + "version": "1.3.0", "category": "Regulatory Compliance" }, - "version": "1.2.0", + "version": "1.3.0", "policyDefinitionGroups": [ { "name": "CIS_Azure_2.0.0_1.1.1", @@ -1717,14 +1717,15 @@ }, "effect-1f7c564c-0a90-4d44-b7e1-9d456cffaee8": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Endpoint protection should be installed on your machines", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "effect-152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0": { @@ -4513,19 +4514,6 @@ "CIS_Azure_2.0.0_7.6" ] }, - { - "policyDefinitionReferenceId": "1f7c564c-0a90-4d44-b7e1-9d456cffaee8", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1f7c564c-0a90-4d44-b7e1-9d456cffaee8", - "definitionVersion": "1.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-1f7c564c-0a90-4d44-b7e1-9d456cffaee8')]" - } - }, - "groupNames": [ - "CIS_Azure_2.0.0_7.6" - ] - }, { "policyDefinitionReferenceId": "152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0", @@ -4967,6 +4955,7 @@ } ], "versions": [ + "1.3.0", "1.2.0", "1.1.0", "1.0.0" diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/CMMC_2_0_L2.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/CMMC_2_0_L2.json index d52bba95a..09c1ba06a 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/CMMC_2_0_L2.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/CMMC_2_0_L2.json @@ -4,11 +4,11 @@ "policyType": "BuiltIn", "description": "This initiative includes policies that address a subset of CMMC 2.0 Level 2 practices. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/cmmc2l2-initiative.", "metadata": { - "version": "2.12.0-preview", + "version": "2.13.0-preview", "category": "Regulatory Compliance", "preview": true }, - "version": "2.12.0-preview", + "version": "2.13.0-preview", "policyDefinitionGroups": [ { "name": "CMMC_2.0_L2_AC.L1-3.1.1", @@ -3451,19 +3451,6 @@ "CMMC_2.0_L2_AU.L2-3.3.4" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "af6cd1bd-1635-48cb-bde7-5b15693900b9", - "parameters": {}, - "groupNames": [ - "CMMC_2.0_L2_SI.L2-3.14.3", - "CMMC_2.0_L2_SI.L1-3.14.4", - "CMMC_2.0_L2_SI.L1-3.14.1", - "CMMC_2.0_L2_SI.L1-3.14.2", - "CMMC_2.0_L2_SI.L1-3.14.5" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e", "definitionVersion": "1.*.*-preview", @@ -4575,18 +4562,6 @@ "CMMC_2.0_L2_SI.L1-3.14.1" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "26a828e1-e88f-464e-bbb3-c134a282b9de", - "parameters": {}, - "groupNames": [ - "CMMC_2.0_L2_SI.L1-3.14.1", - "CMMC_2.0_L2_SI.L1-3.14.2", - "CMMC_2.0_L2_SI.L1-3.14.4", - "CMMC_2.0_L2_SI.L1-3.14.5" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bed48b13-6647-468e-aa2f-1af1d3f4dd40", "definitionVersion": "2.*.*", @@ -5710,6 +5685,7 @@ } ], "versions": [ + "2.13.0-PREVIEW", "2.12.0-PREVIEW", "2.11.0-PREVIEW", "2.10.0-PREVIEW", diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/CMMC_L3.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/CMMC_L3.json index 42bf8a315..657631cfd 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/CMMC_L3.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/CMMC_L3.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "This initiative includes policies that address a subset of Cybersecurity Maturity Model Certification (CMMC) Level 3 requirements. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/cmmc-initiative.", "metadata": { - "version": "11.7.0", + "version": "11.8.0", "category": "Regulatory Compliance" }, - "version": "11.7.0", + "version": "11.8.0", "policyDefinitionGroups": [ { "name": "CMMC_L3_AC.1.001", @@ -747,14 +747,15 @@ }, "effect-26a828e1-e88f-464e-bbb3-c134a282b9de": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Endpoint protection solution should be installed on virtual machine scale sets", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "listOfImageIdToInclude_windows": { @@ -1462,14 +1463,15 @@ }, "effect-af6cd1bd-1635-48cb-bde7-5b15693900b9": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Monitor missing Endpoint Protection in Azure Security Center", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "MinimumTLSVersion-5752e6d6-1206-46d8-8ab1-ecc2f71a8112": { @@ -3806,21 +3808,6 @@ "CMMC_L3_IA.2.078" ] }, - { - "policyDefinitionReferenceId": "26a828e1-e88f-464e-bbb3-c134a282b9de", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-26a828e1-e88f-464e-bbb3-c134a282b9de')]" - } - }, - "groupNames": [ - "CMMC_L3_CA.2.158", - "CMMC_L3_CA.3.161", - "CMMC_L3_SI.1.211" - ] - }, { "policyDefinitionReferenceId": "32133ab0-ee4b-4b44-98d6-042180979d50", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50", @@ -4288,23 +4275,6 @@ "CMMC_L3_SI.2.217" ] }, - { - "policyDefinitionReferenceId": "af6cd1bd-1635-48cb-bde7-5b15693900b9", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-af6cd1bd-1635-48cb-bde7-5b15693900b9')]" - } - }, - "groupNames": [ - "CMMC_L3_CA.2.158", - "CMMC_L3_CA.3.161", - "CMMC_L3_IR.2.093", - "CMMC_L3_SI.1.211", - "CMMC_L3_SI.1.213" - ] - }, { "policyDefinitionReferenceId": "5752e6d6-1206-46d8-8ab1-ecc2f71a8112", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5752e6d6-1206-46d8-8ab1-ecc2f71a8112", @@ -6268,6 +6238,7 @@ } ], "versions": [ + "11.8.0", "11.7.0", "11.6.0", "11.5.0", diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/CanadaFederalPBMM_audit.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/CanadaFederalPBMM_audit.json index 595819602..0946111e5 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/CanadaFederalPBMM_audit.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/CanadaFederalPBMM_audit.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "This initiative includes policies that address a subset of Canada Federal PBMM controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/canadafederalpbmm-init.", "metadata": { - "version": "8.2.0", + "version": "8.3.0", "category": "Regulatory Compliance" }, - "version": "8.2.0", + "version": "8.3.0", "policyDefinitionGroups": [ { "name": "CCCS_AC-1", @@ -1831,16 +1831,6 @@ "CCCS_IA-5" ] }, - { - "policyDefinitionReferenceId": "EndpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "CCCS_SI-3", - "CCCS_SI-3(1)" - ] - }, { "policyDefinitionReferenceId": "PreviewAuditLinuxVMsThatAllowRemoteConnectionsFromAccountsWithoutPasswords", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ea53dbee-c6c9-4f0e-9f9e-de0039b78023", @@ -1954,16 +1944,6 @@ "CCCS_SC-7" ] }, - { - "policyDefinitionReferenceId": "MonitorMissingEndpointProtectionInAzureSecurityCenter", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "CCCS_SI-3", - "CCCS_SI-3(1)" - ] - }, { "policyDefinitionReferenceId": "SystemUpdatesShouldBeInstalledOnYourMachines", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", @@ -2191,6 +2171,7 @@ } ], "versions": [ + "8.3.0", "8.2.0", "8.1.0" ] diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/DOD_IL4_audit.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/DOD_IL4_audit.json index 272b850b5..ef0dc7021 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/DOD_IL4_audit.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/DOD_IL4_audit.json @@ -4,11 +4,11 @@ "policyType": "BuiltIn", "description": "This initiative includes policies that address a subset of DoD Impact Level 4 (IL4) controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/dodil4-initiative.", "metadata": { - "version": "9.2.0-deprecated", + "version": "9.3.0-deprecated", "category": "Regulatory Compliance", "deprecated": true }, - "version": "9.2.0", + "version": "9.3.0", "parameters": { "IncludeArcMachines": { "type": "string", @@ -541,12 +541,6 @@ "policyDefinitionReferenceId": "systemUpdatesShouldBeInstalledOnYourMachines", "parameters": {} }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "monitorMissingEndpointProtectionInAzureSecurityCenter", - "parameters": {} - }, { "policyDefinitionReferenceId": "Prerequisite_AddSystemIdentityWhenNone", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e", @@ -661,12 +655,6 @@ } } }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "endpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets", - "parameters": {} - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a7aca53f-2ed4-4466-a25e-0b45ade68efd", "definitionVersion": "3.*.*", @@ -1045,6 +1033,7 @@ } ], "versions": [ + "9.3.0", "9.2.0" ] }, diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/FedRAMP_H_audit.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/FedRAMP_H_audit.json index 8444b5ee9..a49734b96 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/FedRAMP_H_audit.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/FedRAMP_H_audit.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "FedRAMP is a US government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud-based products and services. FedRAMP defines a set of controls for Low, Moderate, or High security impact level systems based on NIST baseline controls. These policies address a subset of FedRAMP (High) controls. For more information, visit https://docs.microsoft.com/azure/compliance/offerings/offering-fedramp", "metadata": { - "version": "17.13.0", + "version": "17.14.0", "category": "Regulatory Compliance" }, - "version": "17.13.0", + "version": "17.14.0", "policyDefinitionGroups": [ { "name": "FedRAMP_High_R4_AC-1", @@ -5555,17 +5555,6 @@ "FedRAMP_High_R4_SI-2" ] }, - { - "policyDefinitionReferenceId": "endpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "FedRAMP_High_R4_SC-3", - "FedRAMP_High_R4_SI-3", - "FedRAMP_High_R4_SI-3(1)" - ] - }, { "policyDefinitionReferenceId": "identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoring", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0cfea604-3201-4e14-88fc-fae4c427a6c5", @@ -5746,17 +5735,6 @@ "FedRAMP_High_R4_SC-28(1)" ] }, - { - "policyDefinitionReferenceId": "monitorMissingEndpointProtectionInAzureSecurityCenter", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "FedRAMP_High_R4_SC-3", - "FedRAMP_High_R4_SI-3", - "FedRAMP_High_R4_SI-3(1)" - ] - }, { "policyDefinitionReferenceId": "identityRemoveExternalAccountWithOwnerPermissionsMonitoring", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/339353f6-2387-4a45-abe4-7f529d121046", @@ -11548,6 +11526,7 @@ } ], "versions": [ + "17.14.0", "17.13.0", "17.12.0", "17.11.0", diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/FedRAMP_M_audit.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/FedRAMP_M_audit.json index bb22e16b6..4a3667257 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/FedRAMP_M_audit.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/FedRAMP_M_audit.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "FedRAMP is a U.S. government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud-based products and services. FedRAMP defines a set of controls for Low, Moderate, or High security impact level systems based on NIST baseline controls. These policies address a subset of FedRAMP (Moderate) controls. Additional policies will be added in upcoming releases. For more information, visit https://www.fedramp.gov/documents-templates/", "metadata": { - "version": "17.12.0", + "version": "17.13.0", "category": "Regulatory Compliance" }, - "version": "17.12.0", + "version": "17.13.0", "policyDefinitionGroups": [ { "name": "FedRAMP_Moderate_R4_AC-1", @@ -4826,16 +4826,6 @@ "FedRAMP_Moderate_R4_SI-2" ] }, - { - "policyDefinitionReferenceId": "EndpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "FedRAMP_Moderate_R4_SI-3", - "FedRAMP_Moderate_R4_SI-3(1)" - ] - }, { "policyDefinitionReferenceId": "DeprecatedAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0cfea604-3201-4e14-88fc-fae4c427a6c5", @@ -4999,16 +4989,6 @@ "FedRAMP_Moderate_R4_SC-28(1)" ] }, - { - "policyDefinitionReferenceId": "MonitorMissingEndpointProtectionInAzureSecurityCenter", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "FedRAMP_Moderate_R4_SI-3", - "FedRAMP_Moderate_R4_SI-3(1)" - ] - }, { "policyDefinitionReferenceId": "ExternalAccountsWithOwnerPermissionsShouldBeRemovedFromYourSubscription", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/339353f6-2387-4a45-abe4-7f529d121046", @@ -10077,6 +10057,7 @@ } ], "versions": [ + "17.13.0", "17.12.0", "17.11.0", "17.10.0", diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/HIPAA_HITRUST_audit.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/HIPAA_HITRUST_audit.json index 0cab28397..be9bf9a41 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/HIPAA_HITRUST_audit.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/HIPAA_HITRUST_audit.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "Health Information Trust Alliance (HITRUST) helps organizations from all sectors-but especially healthcare-effectively manage data, information risk, and compliance. HITRUST certification means that the organization has undergone a thorough assessment of the information security program. These policies address a subset of HITRUST controls. For more information, visit https://docs.microsoft.com/azure/governance/policy/samples/hipaa-hitrust-9-2", "metadata": { - "version": "14.4.0", + "version": "14.5.0", "category": "Regulatory Compliance" }, - "version": "14.4.0", + "version": "14.5.0", "policyDefinitionGroups": [ { "name": "hipaa-0101.00a1Organizational.123-00.a", @@ -5092,24 +5092,6 @@ "hipaa-1197.01l3Organizational.3-01.l" ] }, - { - "policyDefinitionReferenceId": "vmssEndpointProtectionMonitoring", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "hipaa-0201.09j1Organizational.124-09.j" - ] - }, - { - "policyDefinitionReferenceId": "endpointProtectionMonitoring", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "hipaa-0201.09j1Organizational.124-09.j" - ] - }, { "policyDefinitionReferenceId": "microsoftAntimalwareForAzureShouldBeConfiguredToAutomaticallyUpdateProtectionSignatures", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c43e4a30-77cb-48ab-a4dd-93f175c63b57", @@ -12046,6 +12028,7 @@ } ], "versions": [ + "14.5.0", "14.4.0", "14.3.0", "14.2.0" diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/IRAP_Audit.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/IRAP_Audit.json index a90d6253a..94c1157f8 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/IRAP_Audit.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/IRAP_Audit.json @@ -4,11 +4,11 @@ "policyType": "BuiltIn", "description": "This initiative includes policies that address a subset of Australian Government Information Security Manual (ISM) controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/auism-initiative.", "metadata": { - "version": "8.3.0-preview", + "version": "8.4.0-preview", "category": "Regulatory Compliance", "preview": true }, - "version": "8.3.0-preview", + "version": "8.4.0-preview", "policyDefinitionGroups": [ { "name": "AU_ISM_100", @@ -3339,14 +3339,15 @@ }, "vmssEndpointProtectionMonitoringEffect": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Endpoint protection solution should be installed on virtual machine scale sets", - "description": "The effect determines what happens when the policy rule is evaluated to match; for more information about effects, visit https://aka.ms/policyeffects" + "description": "The effect determines what happens when the policy rule is evaluated to match; for more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "auditUnrestrictedNetworkToStorageAccountMonitoringEffect": { @@ -3582,14 +3583,15 @@ }, "endpointProtectionMonitoringEffect": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Monitor missing Endpoint Protection in Azure Security Center", - "description": "The effect determines what happens when the policy rule is evaluated to match; for more information about effects, visit https://aka.ms/policyeffects" + "description": "The effect determines what happens when the policy rule is evaluated to match; for more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "jitNetworkAccessMonitoringEffect": { @@ -3964,20 +3966,6 @@ "AU_ISM_1552" ] }, - { - "policyDefinitionReferenceId": "vmssEndpointProtectionMonitoring", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('vmssEndpointProtectionMonitoringEffect')]" - } - }, - "groupNames": [ - "AU_ISM_1288", - "AU_ISM_1417" - ] - }, { "policyDefinitionReferenceId": "previewAuditLinuxVmAccountsWithNoPasswords", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f6ec09a3-78bf-4f8f-99dc-6c77182d0f99", @@ -4265,20 +4253,6 @@ "AU_ISM_1537" ] }, - { - "policyDefinitionReferenceId": "endpointProtectionMonitoring", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('endpointProtectionMonitoringEffect')]" - } - }, - "groupNames": [ - "AU_ISM_1288", - "AU_ISM_1417" - ] - }, { "policyDefinitionReferenceId": "jitNetworkAccessMonitoring", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", @@ -4618,6 +4592,7 @@ } ], "versions": [ + "8.4.0-PREVIEW", "8.3.0-PREVIEW", "8.2.2-PREVIEW", "8.2.1-PREVIEW" diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/IRS1075_audit.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/IRS1075_audit.json index 6b6b5dc37..296ec7663 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/IRS1075_audit.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/IRS1075_audit.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "This initiative includes policies that address a subset of IRS1075 September 2016 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/irs1075-init.", "metadata": { - "version": "8.2.0", + "version": "8.3.0", "category": "Regulatory Compliance" }, - "version": "8.2.0", + "version": "8.3.0", "policyDefinitionGroups": [ { "name": "IRS_1075_9.3.1.1", @@ -956,15 +956,6 @@ "IRS_1075_9.3.16.4" ] }, - { - "policyDefinitionReferenceId": "PreviewAuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "IRS_1075_9.3.17.3" - ] - }, { "policyDefinitionReferenceId": "Prerequisite_AddSystemIdentityWhenNone", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3cf2ab00-13f1-4d0c-8971-2ac904541a7e", @@ -1139,15 +1130,6 @@ "IRS_1075_9.3.16.5" ] }, - { - "policyDefinitionReferenceId": "PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "IRS_1075_9.3.17.3" - ] - }, { "policyDefinitionReferenceId": "PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", @@ -1394,6 +1376,7 @@ } ], "versions": [ + "8.3.0", "8.2.0", "8.1.0" ] diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/ISO27001_2013_audit.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/ISO27001_2013_audit.json index b27dff2cd..6c0ab4718 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/ISO27001_2013_audit.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/ISO27001_2013_audit.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "The International Organization for Standardization (ISO) 27001 standard provides requirements for establishing, implementing, maintaining, and continuously improving an Information Security Management System (ISMS). These policies address a subset of ISO 27001:2013 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/iso27001-init", "metadata": { - "version": "8.2.0", + "version": "8.3.0", "category": "Regulatory Compliance" }, - "version": "8.2.0", + "version": "8.3.0", "policyDefinitionGroups": [ { "name": "ISO27001-2013_A.5.1.1", @@ -5953,15 +5953,6 @@ "ISO27001-2013_A.16.1.3" ] }, - { - "policyDefinitionReferenceId": "PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "ISO27001-2013_A.12.6.1" - ] - }, { "policyDefinitionReferenceId": "PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", @@ -6786,6 +6777,7 @@ } ], "versions": [ + "8.3.0", "8.2.0", "8.1.0" ] diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/NIST_SP_800-171_R2.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/NIST_SP_800-171_R2.json index 03643af57..716d35e9c 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/NIST_SP_800-171_R2.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/NIST_SP_800-171_R2.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "The US National Institute of Standards and Technology (NIST) promotes and maintains measurement standards and guidelines to help protect the information and information systems of federal agencies. In response to Executive Order 13556 on managing controlled unclassified information (CUI), it published NIST SP 800-171. These policies address a subset of NIST SP 800-171 Rev. 2 controls. For more information, visit https://docs.microsoft.com/azure/compliance/offerings/offering-nist-800-171", "metadata": { - "version": "15.12.0", + "version": "15.13.0", "category": "Regulatory Compliance" }, - "version": "15.12.0", + "version": "15.13.0", "policyDefinitionGroups": [ { "name": "NIST_SP_800-171_R2_3.1.1", @@ -5341,31 +5341,6 @@ "NIST_SP_800-171_R2_3.14.5" ] }, - { - "policyDefinitionReferenceId": "vmssEndpointProtectionMonitoring", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "NIST_SP_800-171_R2_3.14.1", - "NIST_SP_800-171_R2_3.14.2", - "NIST_SP_800-171_R2_3.14.4", - "NIST_SP_800-171_R2_3.14.5" - ] - }, - { - "policyDefinitionReferenceId": "endpointProtectionMonitoring", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "NIST_SP_800-171_R2_3.14.1", - "NIST_SP_800-171_R2_3.14.2", - "NIST_SP_800-171_R2_3.14.3", - "NIST_SP_800-171_R2_3.14.4", - "NIST_SP_800-171_R2_3.14.5" - ] - }, { "policyDefinitionReferenceId": "Prerequisite_DeployExtensionLinux", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1221c620-d201-468c-81e7-2817e6107e84", @@ -7595,6 +7570,7 @@ } ], "versions": [ + "15.13.0", "15.12.0", "15.11.0", "15.10.0", diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/NIST_SP_800-53_R4.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/NIST_SP_800-53_R4.json index c3d3ed2af..1058c8cf2 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/NIST_SP_800-53_R4.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/NIST_SP_800-53_R4.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "National Institute of Standards and Technology (NIST) SP 800-53 R4 provides a standardized approach for assessing, monitoring and authorizing cloud computing products and services to manage information security risk.These policies address a subset of NIST SP 800-53 R4 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/nist800-53r4-initiative", "metadata": { - "version": "17.12.0", + "version": "17.13.0", "category": "Regulatory Compliance" }, - "version": "17.12.0", + "version": "17.13.0", "policyDefinitionGroups": [ { "name": "NIST_SP_800-53_R4_AC-1", @@ -11399,28 +11399,6 @@ "NIST_SP_800-53_R4_SI-16" ] }, - { - "policyDefinitionReferenceId": "PreviewAuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "NIST_SP_800-53_R4_SC-3", - "NIST_SP_800-53_R4_SI-3", - "NIST_SP_800-53_R4_SI-3(1)" - ] - }, - { - "policyDefinitionReferenceId": "PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "NIST_SP_800-53_R4_SC-3", - "NIST_SP_800-53_R4_SI-3", - "NIST_SP_800-53_R4_SI-3(1)" - ] - }, { "policyDefinitionReferenceId": "b7306e73-0494-83a2-31f5-280e934a8f70", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b7306e73-0494-83a2-31f5-280e934a8f70", @@ -12840,6 +12818,7 @@ } ], "versions": [ + "17.13.0", "17.12.0", "17.11.0", "17.10.0", diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/NIST_SP_800-53_R5.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/NIST_SP_800-53_R5.json index 338b561e9..34eaa26e7 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/NIST_SP_800-53_R5.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/NIST_SP_800-53_R5.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "National Institute of Standards and Technology (NIST) SP 800-53 Rev. 5 provides a standardized approach for assessing, monitoring and authorizing cloud computing products and services to manage information security risk. These policies address a subset of NIST SP 800-53 R5 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/nist800-53r5-initiative", "metadata": { - "version": "14.12.0", + "version": "14.13.0", "category": "Regulatory Compliance" }, - "version": "14.12.0", + "version": "14.13.0", "policyDefinitionGroups": [ { "name": "NIST_SP_800-53_R5_AC-1", @@ -7386,16 +7386,6 @@ "NIST_SP_800-53_R5_SI-2" ] }, - { - "policyDefinitionReferenceId": "26a828e1-e88f-464e-bbb3-c134a282b9de", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "NIST_SP_800-53_R5_SC-3", - "NIST_SP_800-53_R5_SI-3" - ] - }, { "policyDefinitionReferenceId": "0cfea604-3201-4e14-88fc-fae4c427a6c5", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0cfea604-3201-4e14-88fc-fae4c427a6c5", @@ -7563,16 +7553,6 @@ "NIST_SP_800-53_R5_SC-28(1)" ] }, - { - "policyDefinitionReferenceId": "af6cd1bd-1635-48cb-bde7-5b15693900b9", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "NIST_SP_800-53_R5_SC-3", - "NIST_SP_800-53_R5_SI-3" - ] - }, { "policyDefinitionReferenceId": "339353f6-2387-4a45-abe4-7f529d121046", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/339353f6-2387-4a45-abe4-7f529d121046", @@ -13155,6 +13135,7 @@ } ], "versions": [ + "14.13.0", "14.12.0", "14.11.0", "14.10.0", diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/NL_BIO_Cloud_Theme.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/NL_BIO_Cloud_Theme.json index 79eedea96..26938e57f 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/NL_BIO_Cloud_Theme.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/NL_BIO_Cloud_Theme.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "This initiative includes policies that address the Dutch Baseline Informatiebeveiliging (BIO) controls specifically for the 'thema-uitwerking Clouddiensten' and include policies covered under the SOC2 and ISO 27001:2013 controls.", "metadata": { - "version": "1.6.0", + "version": "1.7.0", "category": "Regulatory Compliance" }, - "version": "1.6.0", + "version": "1.7.0", "policyDefinitionGroups": [ { "name": "B.01 - Laws and regulations", @@ -1150,14 +1150,15 @@ }, "effect-af6cd1bd-1635-48cb-bde7-5b15693900b9": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Monitor missing Endpoint Protection in Azure Security Center", - "description": "The effect determines what happens when the policy rule is evaluated to match; for more information about effects, visit https://aka.ms/policyeffects" + "description": "The effect determines what happens when the policy rule is evaluated to match; for more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "effect-86b3d65f-7626-441e-b690-81a8b71cff60": { @@ -1477,14 +1478,15 @@ }, "effect-26a828e1-e88f-464e-bbb3-c134a282b9de": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Endpoint protection solution should be installed on virtual machine scale sets", - "description": "The effect determines what happens when the policy rule is evaluated to match; for more information about effects, visit https://aka.ms/policyeffects" + "description": "The effect determines what happens when the policy rule is evaluated to match; for more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c": { @@ -5047,23 +5049,6 @@ "U.15.3 - Events logged" ] }, - { - "policyDefinitionReferenceId": "PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-af6cd1bd-1635-48cb-bde7-5b15693900b9')]" - } - }, - "groupNames": [ - "U.09.3 - Detection, prevention and recovery", - "C.04.3 - Timelines", - "C.04.6 - Timelines", - "C.04.7 - Evaluated", - "C.04.8 - Evaluated" - ] - }, { "policyDefinitionReferenceId": "PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", @@ -5451,22 +5436,6 @@ "C.04.7 - Evaluated" ] }, - { - "policyDefinitionReferenceId": "endpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-26a828e1-e88f-464e-bbb3-c134a282b9de')]" - } - }, - "groupNames": [ - "U.09.3 - Detection, prevention and recovery", - "C.04.3 - Timelines", - "C.04.6 - Timelines", - "C.04.7 - Evaluated" - ] - }, { "policyDefinitionReferenceId": "AzureWebApplicationFirewallShouldBeEnabledForAzureFrontDoorEntryPoints", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/055aa869-bc98-4af8-bafc-23f1ab6ffe2c", @@ -8508,6 +8477,7 @@ } ], "versions": [ + "1.7.0", "1.6.0", "1.5.1", "1.5.0", diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/NZ_ISM_Restricted_v3_5.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/NZ_ISM_Restricted_v3_5.json index 7bf53dd11..555086f34 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/NZ_ISM_Restricted_v3_5.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/NZ_ISM_Restricted_v3_5.json @@ -4,11 +4,11 @@ "policyType": "BuiltIn", "description": "This initiative includes policies that address a subset of New Zealand Information Security Manual v3.5 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/nzism-initiative. ", "metadata": { - "version": "2.11.0-deprecated", + "version": "2.12.0-deprecated", "category": "Regulatory Compliance", "deprecated": true }, - "version": "2.11.0", + "version": "2.12.0", "policyDefinitionGroups": [ { "name": "NZ_ISM_v3.5_AC-1", @@ -2535,24 +2535,6 @@ "NZ_ISM_v3.5_PRS-5" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "26a828e1-e88f-464e-bbb3-c134a282b9de", - "parameters": {}, - "groupNames": [ - "NZ_ISM_v3.5_SS-3" - ] - }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "af6cd1bd-1635-48cb-bde7-5b15693900b9", - "parameters": {}, - "groupNames": [ - "NZ_ISM_v3.5_SS-3" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4", "definitionVersion": "9.*.*", @@ -3169,6 +3151,7 @@ } ], "versions": [ + "2.12.0", "2.11.0", "2.10.0", "2.9.0", diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/NewZealand_ISM.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/NewZealand_ISM.json index 08122a010..0027cd310 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/NewZealand_ISM.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/NewZealand_ISM.json @@ -5,10 +5,10 @@ "description": "New Zealand Information Security Manual (ISM) policy initiative. This policy set includes definitions that have a Deny effect by default", "metadata": { "category": "Regulatory Compliance", - "version": "1.0.0-preview", + "version": "1.1.0-preview", "preview": true }, - "version": "1.0.0-preview", + "version": "1.1.0-preview", "policyDefinitionGroups": [ { "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/New_Zealand_ISM_06.2.5.C.01", @@ -1267,24 +1267,6 @@ "definitionVersion": "1.*.*", "parameters": {} }, - { - "policyDefinitionReferenceId": "Endpoint protection should be installed on your machines", - "groupNames": [ - "New_Zealand_ISM_14.1.9.C.01" - ], - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1f7c564c-0a90-4d44-b7e1-9d456cffaee8", - "definitionVersion": "1.*.*", - "parameters": {} - }, - { - "policyDefinitionReferenceId": "Endpoint protection solution should be installed on virtual machine scale sets", - "groupNames": [ - "New_Zealand_ISM_14.1.9.C.01" - ], - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de", - "definitionVersion": "3.*.*", - "parameters": {} - }, { "policyDefinitionReferenceId": "Guest Configuration extension should be installed on your machines", "groupNames": [ @@ -1506,15 +1488,6 @@ "definitionVersion": "1.*.*", "parameters": {} }, - { - "policyDefinitionReferenceId": "Monitor missing Endpoint Protection in Azure Security Center", - "groupNames": [ - "New_Zealand_ISM_14.1.9.C.01" - ], - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", - "definitionVersion": "3.*.*", - "parameters": {} - }, { "policyDefinitionReferenceId": "Virtual machines- Guest Configuration extension should be deployed with system-assigned managed identity", "groupNames": [ @@ -2886,6 +2859,7 @@ } ], "versions": [ + "1.1.0-PREVIEW", "1.0.0-PREVIEW" ] }, diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/PCI_DSS_V4.0.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/PCI_DSS_V4.0.json index fbdb90972..ecb652b34 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/PCI_DSS_V4.0.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/PCI_DSS_V4.0.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "The Payment Card Industry (PCI) Data Security Standards (DSS) is a global information security standard designed to prevent fraud through increased control of credit card data. Compliance with PCI DSS is required for any organization that stores, processes, or transmits payment and cardholder data. These policies address a subset of PCI-DSS v4 controls. For more information, visit https://docs.microsoft.com/azure/governance/policy/samples/pci-dss-3-2-1", "metadata": { - "version": "1.3.0", + "version": "1.4.0", "category": "Regulatory Compliance" }, - "version": "1.3.0", + "version": "1.4.0", "policyDefinitionGroups": [ { "name": "PCI_DSS_v4.0_1.1.1", @@ -2315,20 +2315,6 @@ "PCI_DSS_v4.0_5.4.1" ] }, - { - "policyDefinitionReferenceId": "previewMonitorMissingEndpointProtectionInAzureSecurityCenter", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "PCI_DSS_v4.0_5.2.1", - "PCI_DSS_v4.0_5.2.2", - "PCI_DSS_v4.0_5.2.3", - "PCI_DSS_v4.0_6.3.3", - "PCI_DSS_v4.0_6.4.1", - "PCI_DSS_v4.0_11.3.1" - ] - }, { "policyDefinitionReferenceId": "previewMonitorMissingSystemUpdatesInAzureSecurityCenter", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", @@ -4299,6 +4285,7 @@ } ], "versions": [ + "1.4.0", "1.3.0", "1.2.0", "1.1.0" diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/PCIv3_2_1_2018_audit.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/PCIv3_2_1_2018_audit.json index 8eb38869f..6cd017851 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/PCIv3_2_1_2018_audit.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/PCIv3_2_1_2018_audit.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "This initiative includes policies that address a subset of PCI v3.2.1:2018 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/pciv321-init.", "metadata": { - "version": "6.2.0", + "version": "6.3.0", "category": "Regulatory Compliance" }, - "version": "6.2.0", + "version": "6.3.0", "policyDefinitionGroups": [ { "name": "PCI_DSS_V3.2.1_1.1.1", @@ -1250,18 +1250,6 @@ "PCI_DSS_V3.2.1_7.1.3" ] }, - { - "policyDefinitionReferenceId": "previewMonitorMissingEndpointProtectionInAzureSecurityCenter", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "PCI_DSS_V3.2.1_11.2.1", - "PCI_DSS_V3.2.1_5.1", - "PCI_DSS_V3.2.1_6.2", - "PCI_DSS_V3.2.1_6.6" - ] - }, { "policyDefinitionReferenceId": "previewMonitorMissingSystemUpdatesInAzureSecurityCenter", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", @@ -1453,6 +1441,7 @@ } ], "versions": [ + "6.3.0", "6.2.0", "6.1.0" ] diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/RBI_ITF_Banks_v2016.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/RBI_ITF_Banks_v2016.json index 2e31e1daa..ed975f894 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/RBI_ITF_Banks_v2016.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/RBI_ITF_Banks_v2016.json @@ -4,11 +4,11 @@ "policyType": "BuiltIn", "description": "This initiative includes policies that address a subset of Reserve Bank of India IT Framework for Banks controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/rbiitfbanks-initiative.", "metadata": { - "version": "1.13.0-preview", + "version": "1.14.0-preview", "category": "Regulatory Compliance", "preview": true }, - "version": "1.13.0-preview", + "version": "1.14.0-preview", "policyDefinitionGroups": [ { "name": "RBI_CSF_Banks_v2016_9.1", @@ -1153,18 +1153,6 @@ "RBI_CSF_Banks_v2016_17.1" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "af6cd1bd-1635-48cb-bde7-5b15693900b9", - "parameters": {}, - "groupNames": [ - "RBI_CSF_Banks_v2016_13.2", - "RBI_CSF_Banks_v2016_15.1", - "RBI_CSF_Banks_v2016_15.3", - "RBI_CSF_Banks_v2016_13.1" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9", "definitionVersion": "1.*.*", @@ -1464,18 +1452,6 @@ "RBI_CSF_Banks_v2016_14.1" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1f7c564c-0a90-4d44-b7e1-9d456cffaee8", - "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "1f7c564c-0a90-4d44-b7e1-9d456cffaee8", - "parameters": {}, - "groupNames": [ - "RBI_CSF_Banks_v2016_15.3", - "RBI_CSF_Banks_v2016_13.2", - "RBI_CSF_Banks_v2016_13.1", - "RBI_CSF_Banks_v2016_15.1" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/eb6f77b9-bd53-4e35-a23d-7f65d5f0e8f3", "definitionVersion": "1.*.*", @@ -1902,18 +1878,6 @@ "RBI_CSF_Banks_v2016_13.1" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "26a828e1-e88f-464e-bbb3-c134a282b9de", - "parameters": {}, - "groupNames": [ - "RBI_CSF_Banks_v2016_13.2", - "RBI_CSF_Banks_v2016_15.1", - "RBI_CSF_Banks_v2016_15.3", - "RBI_CSF_Banks_v2016_13.1" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c3d20c29-b36d-48fe-808b-99a87530ad99", "definitionVersion": "1.*.*", @@ -2056,18 +2020,6 @@ "RBI_CSF_Banks_v2016_7.7" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8e42c1f2-a2ab-49bc-994a-12bcd0dc4ac2", - "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "8e42c1f2-a2ab-49bc-994a-12bcd0dc4ac2", - "parameters": {}, - "groupNames": [ - "RBI_CSF_Banks_v2016_15.1", - "RBI_CSF_Banks_v2016_13.2", - "RBI_CSF_Banks_v2016_13.1", - "RBI_CSF_Banks_v2016_15.3" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bed48b13-6647-468e-aa2f-1af1d3f4dd40", "definitionVersion": "2.*.*", @@ -2687,6 +2639,7 @@ } ], "versions": [ + "1.14.0-PREVIEW", "1.13.0-PREVIEW", "1.12.0-PREVIEW", "1.11.0-PREVIEW", diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/RMIT_Malaysia.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/RMIT_Malaysia.json index 6d20564f3..6aa947424 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/RMIT_Malaysia.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/RMIT_Malaysia.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "This initiative includes policies that address a subset of RMIT requirements. Additional policies will be added in upcoming releases. For more information, visit aka.ms/rmit-initiative.", "metadata": { - "version": "9.9.0", + "version": "9.10.0", "category": "Regulatory Compliance" }, - "version": "9.9.0", + "version": "9.10.0", "policyDefinitionGroups": [ { "name": "RMiT_v1.0_10.1", @@ -3922,15 +3922,6 @@ "RMiT_v1.0_10.49" ] }, - { - "policyDefinitionReferenceId": "26a828e1-e88f-464e-bbb3-c134a282b9de", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "RMiT_v1.0_11.17" - ] - }, { "policyDefinitionReferenceId": "2913021d-f2fd-4f3d-b958-22354e2bdbcb", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2913021d-f2fd-4f3d-b958-22354e2bdbcb", @@ -4165,15 +4156,6 @@ "RMiT_v1.0_10.61" ] }, - { - "policyDefinitionReferenceId": "af6cd1bd-1635-48cb-bde7-5b15693900b9", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "RMiT_v1.0_Appendix_5.7" - ] - }, { "policyDefinitionReferenceId": "b0f33259-77d7-4c9e-aac6-3aabcfae693c", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", @@ -4903,6 +4885,7 @@ } ], "versions": [ + "9.10.0", "9.9.0", "9.8.0", "9.7.0", diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/SOC_2.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/SOC_2.json index 23d9bfb08..e2f675b7f 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/SOC_2.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/SOC_2.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "A System and Organization Controls (SOC) 2 is a report based on the Trust Service Principles and Criteria established by the American Institute of Certified Public Accountants (AICPA). The Report evaluates an organization's information system relevant to the following principles: security, availability, processing integrity, confidentiality and privacy. These policies address a subset of SOC 2 Type 2 controls. For more information, visit https://docs.microsoft.com/azure/compliance/offerings/offering-soc-2", "metadata": { - "version": "1.7.0", + "version": "1.8.0", "category": "Regulatory Compliance" }, - "version": "1.7.0", + "version": "1.8.0", "policyDefinitionGroups": [ { "name": "SOC_2_A1.1", @@ -2594,50 +2594,54 @@ }, "effect-af6cd1bd-1635-48cb-bde7-5b15693900b9": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Monitor missing Endpoint Protection in Azure Security Center", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "effect-8e42c1f2-a2ab-49bc-994a-12bcd0dc4ac2": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Endpoint protection health issues should be resolved on your machines", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "effect-26a828e1-e88f-464e-bbb3-c134a282b9de": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Endpoint protection solution should be installed on virtual machine scale sets", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "effect-1f7c564c-0a90-4d44-b7e1-9d456cffaee8": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Endpoint protection should be installed on your machines", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "effect-c5447c04-a4d7-4ba8-a263-c9ee321a6858": { @@ -5945,45 +5949,6 @@ "SOC_2_CC6.8" ] }, - { - "policyDefinitionReferenceId": "8e42c1f2-a2ab-49bc-994a-12bcd0dc4ac2", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8e42c1f2-a2ab-49bc-994a-12bcd0dc4ac2", - "definitionVersion": "1.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-8e42c1f2-a2ab-49bc-994a-12bcd0dc4ac2')]" - } - }, - "groupNames": [ - "SOC_2_CC6.8" - ] - }, - { - "policyDefinitionReferenceId": "26a828e1-e88f-464e-bbb3-c134a282b9de", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-26a828e1-e88f-464e-bbb3-c134a282b9de')]" - } - }, - "groupNames": [ - "SOC_2_CC6.8" - ] - }, - { - "policyDefinitionReferenceId": "1f7c564c-0a90-4d44-b7e1-9d456cffaee8", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1f7c564c-0a90-4d44-b7e1-9d456cffaee8", - "definitionVersion": "1.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-1f7c564c-0a90-4d44-b7e1-9d456cffaee8')]" - } - }, - "groupNames": [ - "SOC_2_CC6.8" - ] - }, { "policyDefinitionReferenceId": "3d399cf3-8fc6-0efc-6ab0-1412f1198517", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3d399cf3-8fc6-0efc-6ab0-1412f1198517", @@ -6894,6 +6859,7 @@ } ], "versions": [ + "1.8.0", "1.7.0", "1.6.0", "1.5.0", diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/SWIFT_CSP-CSCF_v2021.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/SWIFT_CSP-CSCF_v2021.json index 0cea8e636..fcc1d6866 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/SWIFT_CSP-CSCF_v2021.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/SWIFT_CSP-CSCF_v2021.json @@ -4,11 +4,11 @@ "policyType": "BuiltIn", "description": "This initiative includes policies that address a subset of the SWIFT Customer Security Program's Customer Security Controls Framework v2021 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/swift2021-init.", "metadata": { - "version": "4.7.0-preview", + "version": "4.8.0-preview", "category": "Regulatory Compliance", "preview": true }, - "version": "4.7.0-preview", + "version": "4.8.0-preview", "policyDefinitionGroups": [ { "name": "SWIFT_CSCF_v2021_1.1", @@ -1608,24 +1608,6 @@ "SWIFT_CSCF_v2021_1.2" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "af6cd1bd-1635-48cb-bde7-5b15693900b9", - "parameters": {}, - "groupNames": [ - "SWIFT_CSCF_v2021_6.1" - ] - }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "26a828e1-e88f-464e-bbb3-c134a282b9de", - "parameters": {}, - "groupNames": [ - "SWIFT_CSCF_v2021_6.1" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c43e4a30-77cb-48ab-a4dd-93f175c63b57", "definitionVersion": "1.*.*", @@ -2004,6 +1986,7 @@ } ], "versions": [ + "4.8.0-PREVIEW", "4.7.0-PREVIEW", "4.6.0-PREVIEW", "4.5.0-PREVIEW", diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/SWIFT_CSP-CSCF_v2022.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/SWIFT_CSP-CSCF_v2022.json index 805e1f68c..01e06d9e7 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/SWIFT_CSP-CSCF_v2022.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/SWIFT_CSP-CSCF_v2022.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "SWIFT's Customer Security Programme (CSP) helps financial institutions ensure their defences against cyberattacks are up to date and effective, to protect the integrity of the wider financial network. Users compare the security measures they have implemented with those detailed in the Customer Security Controls Framework (CSCF). These policies address a subset of SWIFT controls. For more information, visit https://docs.microsoft.com/azure/governance/policy/samples/swift-cscf-v2021", "metadata": { - "version": "2.4.0", + "version": "2.5.0", "category": "Regulatory Compliance" }, - "version": "2.4.0", + "version": "2.5.0", "policyDefinitionGroups": [ { "name": "SWIFT_CSCF_v2022_1.1", @@ -2807,24 +2807,6 @@ "SWIFT_CSCF_v2022_6.1" ] }, - { - "policyDefinitionReferenceId": "26a828e1-e88f-464e-bbb3-c134a282b9de", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "SWIFT_CSCF_v2022_6.1" - ] - }, - { - "policyDefinitionReferenceId": "af6cd1bd-1635-48cb-bde7-5b15693900b9", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "SWIFT_CSCF_v2022_6.1" - ] - }, { "policyDefinitionReferenceId": "0123edae-3567-a05a-9b05-b53ebe9d3e7e", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0123edae-3567-a05a-9b05-b53ebe9d3e7e", @@ -3916,6 +3898,7 @@ } ], "versions": [ + "2.5.0", "2.4.0", "2.3.0", "2.2.0" diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/SWIFTv2020_audit.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/SWIFTv2020_audit.json index 8aabca171..468953b2b 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/SWIFTv2020_audit.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/SWIFTv2020_audit.json @@ -4,11 +4,11 @@ "policyType": "BuiltIn", "description": "This initiative includes audit and virtual machine extension deployment policies that address a subset of SWIFT CSP-CSCF v2020 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/swift2020-init.", "metadata": { - "version": "6.1.0-preview", + "version": "6.2.0-preview", "category": "Regulatory Compliance", "preview": true }, - "version": "6.1.0-preview", + "version": "6.2.0-preview", "parameters": { "IncludeArcMachines": { "type": "string", @@ -381,18 +381,6 @@ } } }, - { - "policyDefinitionReferenceId": "EndpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de", - "definitionVersion": "3.*.*", - "parameters": {} - }, - { - "policyDefinitionReferenceId": "MonitorMissingEndpointProtectionInAzureSecurityCenter", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", - "definitionVersion": "3.*.*", - "parameters": {} - }, { "policyDefinitionReferenceId": "SystemUpdatesShouldBeInstalledOnYourMachines", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", @@ -592,6 +580,7 @@ } ], "versions": [ + "6.2.0-PREVIEW", "6.1.0-PREVIEW" ] }, diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/Spain_ENS.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/Spain_ENS.json index 8dc0d51c6..26e236791 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/Spain_ENS.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/Spain_ENS.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "This initiative includes policies that address National Security Scheme (ENS) controls specifically for the 'CCN-STIC 884'. This policy set includes definitions that have a Deny effect by default.", "metadata": { - "version": "1.1.0", + "version": "1.2.0", "category": "Regulatory Compliance" }, - "version": "1.1.0", + "version": "1.2.0", "policyDefinitionGroups": [ { "name": "org.1 Security policy", @@ -11192,72 +11192,6 @@ ], "definitionVersion": "1.*.*" }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1e378679-f122-4a96-a739-a7729c46e1aa", - "policyDefinitionReferenceId": "CloudServices(extendedSupport)RoleInstancesShouldHaveAnEndpointProtectionSolutionInstalled", - "parameters": { - "effect": { - "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" - } - }, - "groupNames": [ - "op.exp.6 Protection against harmful code", - "op.nub.1 Cloud service protection" - ], - "definitionVersion": "1.*.*" - }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1f7c564c-0a90-4d44-b7e1-9d456cffaee8", - "policyDefinitionReferenceId": "EndpointProtectionShouldBeInstalledOnYourMachines", - "parameters": { - "effect": { - "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" - } - }, - "groupNames": [ - "op.exp.6 Protection against harmful code" - ], - "definitionVersion": "1.*.*" - }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de", - "policyDefinitionReferenceId": "EndpointProtectionSolutionShouldBeInstalledOnVirtualMachineScaleSets", - "parameters": { - "effect": { - "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" - } - }, - "groupNames": [ - "op.exp.6 Protection against harmful code" - ], - "definitionVersion": "3.*.*" - }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8e42c1f2-a2ab-49bc-994a-12bcd0dc4ac2", - "policyDefinitionReferenceId": "EndpointProtectionHealthIssuesShouldBeResolvedOnYourMachines", - "parameters": { - "effect": { - "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" - } - }, - "groupNames": [ - "op.exp.6 Protection against harmful code" - ], - "definitionVersion": "1.*.*" - }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", - "policyDefinitionReferenceId": "MonitorMissingEndpointProtectionInAzureSecurityCenter", - "parameters": { - "effect": { - "value": "[parameters('effect-EnableRelatedResourceAuditingByDefaultOrDisablePolicy')]" - } - }, - "groupNames": [ - "op.exp.6 Protection against harmful code" - ], - "definitionVersion": "3.*.*" - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7", "policyDefinitionReferenceId": "SubscriptionsShouldHaveAContactEmailAddressForSecurityIssues", @@ -15294,6 +15228,7 @@ } ], "versions": [ + "1.2.0", "1.1.0", "1.0.0" ] diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/asb_audit.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/asb_audit.json index 034ee3ebe..059417302 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/asb_audit.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/asb_audit.json @@ -4,11 +4,11 @@ "policyType": "BuiltIn", "description": "This initiative has been deprecated. The Azure Security Benchmark initiative now represents the Azure Security Benchmark v2 controls, and serves as the Azure Security Center default policy initiative. Please assign that initiative, or manage its policies and compliance results within Azure Security Center.", "metadata": { - "version": "14.3.0-deprecated", + "version": "14.4.0-deprecated", "deprecated": true, "category": "Regulatory Compliance" }, - "version": "14.3.0", + "version": "14.4.0", "policyDefinitionGroups": [ { "name": "Azure_Security_Benchmark_v1.0_1.1", @@ -822,16 +822,6 @@ "Azure_Security_Benchmark_v1.0_4.4" ] }, - { - "policyDefinitionReferenceId": "26a828e1-e88f-464e-bbb3-c134a282b9de", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "Azure_Security_Benchmark_v1.0_2.8", - "Azure_Security_Benchmark_v1.0_8.1" - ] - }, { "policyDefinitionReferenceId": "2b9ad585-36bc-4615-b300-fd4435808332", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2b9ad585-36bc-4615-b300-fd4435808332", @@ -1324,16 +1314,6 @@ "Azure_Security_Benchmark_v1.0_1.1" ] }, - { - "policyDefinitionReferenceId": "af6cd1bd-1635-48cb-bde7-5b15693900b9", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "Azure_Security_Benchmark_v1.0_2.8", - "Azure_Security_Benchmark_v1.0_8.1" - ] - }, { "policyDefinitionReferenceId": "b0f33259-77d7-4c9e-aac6-3aabcfae693c", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", @@ -1776,6 +1756,7 @@ } ], "versions": [ + "14.4.0", "14.3.0", "14.2.0" ] diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/asb_v2.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/asb_v2.json index 142c4271b..b70941178 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/asb_v2.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/asb_v2.json @@ -4,11 +4,11 @@ "policyType": "BuiltIn", "description": "This initiative has been deprecated. The Azure Security Benchmark v2 policy set is now represented in the consolidated Azure Security Benchmark initiative, which also serves as the Azure Security Center default policy initiative. Please assign that initiative, or manage its policies and compliance results within Azure Security Center", "metadata": { - "version": "11.7.0-deprecated", + "version": "11.8.0-deprecated", "deprecated": true, "category": "Regulatory Compliance" }, - "version": "11.7.0", + "version": "11.8.0", "policyDefinitionGroups": [ { "name": "Azure_Security_Benchmark_v2.0_NS-1", @@ -2970,26 +2970,28 @@ }, "effect-af6cd1bd-1635-48cb-bde7-5b15693900b9": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Monitor missing Endpoint Protection in Azure Security Center", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "effect-26a828e1-e88f-464e-bbb3-c134a282b9de": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Endpoint protection solution should be installed on virtual machine scale sets", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "IncludeArcMachines-bed48b13-6647-468e-aa2f-1af1d3f4dd40": { @@ -5358,6 +5360,7 @@ } ], "versions": [ + "11.8.0", "11.7.0", "11.6.0", "11.5.0", diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/nz_ism.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/nz_ism.json index e72f2a1b4..d1d8c351f 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/nz_ism.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/nz_ism.json @@ -4,11 +4,11 @@ "policyType": "BuiltIn", "description": "This initiative includes policies that address a subset of New Zealand Information Security Manual controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/nzism-initiative.", "metadata": { - "version": "11.8.0-deprecated", + "version": "11.9.0-deprecated", "category": "Regulatory Compliance", "deprecated": true }, - "version": "11.8.0", + "version": "11.9.0", "policyDefinitionGroups": [ { "name": "NZISM_Security_Benchmark_v1.1_AC-1", @@ -788,14 +788,15 @@ }, "effect-26a828e1-e88f-464e-bbb3-c134a282b9de": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Endpoint protection solution should be installed on virtual machine scale sets", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "IncludeArcMachines-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7": { @@ -1330,14 +1331,15 @@ }, "effect-af6cd1bd-1635-48cb-bde7-5b15693900b9": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Monitor missing Endpoint Protection in Azure Security Center", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "effect-b02aacc0-b073-424e-8298-42b22829ee0a": { @@ -3153,19 +3155,6 @@ "NZISM_Security_Benchmark_v1.1_PS-4" ] }, - { - "policyDefinitionReferenceId": "26a828e1-e88f-464e-bbb3-c134a282b9de", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-26a828e1-e88f-464e-bbb3-c134a282b9de')]" - } - }, - "groupNames": [ - "NZISM_Security_Benchmark_v1.1_SS-3" - ] - }, { "policyDefinitionReferenceId": "30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7", @@ -3514,19 +3503,6 @@ "NZISM_Security_Benchmark_v1.1_DM-6" ] }, - { - "policyDefinitionReferenceId": "af6cd1bd-1635-48cb-bde7-5b15693900b9", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", - "definitionVersion": "3.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-af6cd1bd-1635-48cb-bde7-5b15693900b9')]" - } - }, - "groupNames": [ - "NZISM_Security_Benchmark_v1.1_SS-3" - ] - }, { "policyDefinitionReferenceId": "b0f33259-77d7-4c9e-aac6-3aabcfae693c", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", @@ -4734,6 +4710,7 @@ } ], "versions": [ + "11.9.0", "11.8.0", "11.7.0", "11.6.2", diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/ukofficial_audit.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/ukofficial_audit.json index 013b93a77..863cb0946 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/ukofficial_audit.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/ukofficial_audit.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "This initiative includes audit and virtual machine extension deployment policies that address a subset of UK OFFICIAL and UK NHS controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/ukofficial-init and https://aka.ms/uknhs-init.", "metadata": { - "version": "9.2.0", + "version": "9.3.0", "category": "Regulatory Compliance" }, - "version": "9.2.0", + "version": "9.3.0", "policyDefinitionGroups": [ { "name": "UK_NCSC_CSP_1", @@ -429,15 +429,6 @@ "UK_NCSC_CSP_10" ] }, - { - "policyDefinitionReferenceId": "PreviewMonitorMissingEndpointProtectionInAzureSecurityCenter", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "UK_NCSC_CSP_5.2" - ] - }, { "policyDefinitionReferenceId": "PreviewMonitorMissingSystemUpdatesInAzureSecurityCenter", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86b3d65f-7626-441e-b690-81a8b71cff60", @@ -710,15 +701,6 @@ "UK_NCSC_CSP_11" ] }, - { - "policyDefinitionReferenceId": "AuditTheEndpointProtectionSolutionOnVirtualMachineScaleSetsInAzureSecurityCenter", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de", - "definitionVersion": "3.*.*", - "parameters": {}, - "groupNames": [ - "UK_NCSC_CSP_11" - ] - }, { "policyDefinitionReferenceId": "MonitorPossibleNetworkJustInTimeJITAccessInAzureSecurityCenter", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0f33259-77d7-4c9e-aac6-3aabcfae693c", @@ -766,6 +748,7 @@ } ], "versions": [ + "9.3.0", "9.2.0", "9.1.0" ] diff --git a/built-in-policies/policySetDefinitions/Security Center/AzureSecurityCenter.json b/built-in-policies/policySetDefinitions/Security Center/AzureSecurityCenter.json index c04e76b1a..9d1cbc67f 100644 --- a/built-in-policies/policySetDefinitions/Security Center/AzureSecurityCenter.json +++ b/built-in-policies/policySetDefinitions/Security Center/AzureSecurityCenter.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "The Microsoft cloud security benchmark initiative represents the policies and controls implementing security recommendations defined in Microsoft cloud security benchmark, see https://aka.ms/azsecbm. This also serves as the Microsoft Defender for Cloud default policy initiative. You can directly assign this initiative, or manage its policies and compliance results within Microsoft Defender for Cloud.", "metadata": { - "version": "57.42.0", + "version": "57.43.0", "category": "Security Center" }, - "version": "57.42.0", + "version": "57.43.0", "policyDefinitionGroups": [ { "name": "Azure_Security_Benchmark_v3.0_NS-1", @@ -537,14 +537,15 @@ }, "vmssEndpointProtectionMonitoringEffect": { "type": "string", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Endpoint protection solution should be installed on virtual machine scale sets", - "description": "Enable or disable virtual machine scale sets endpoint protection monitoring" + "description": "Enable or disable virtual machine scale sets endpoint protection monitoring", + "deprecated": true } }, "vmssOsVulnerabilitiesMonitoringEffect": { @@ -609,14 +610,15 @@ }, "endpointProtectionMonitoringEffect": { "type": "string", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Monitor missing Endpoint Protection in Microsoft Defender for Cloud", - "description": "Enable or disable endpoint protection monitoring" + "description": "Enable or disable endpoint protection monitoring", + "deprecated": true } }, "diskEncryptionMonitoringEffect": { @@ -5520,26 +5522,28 @@ }, "installEndpointProtectionMonitoringEffect": { "type": "string", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Endpoint protection should be installed on your machines", - "description": "To protect your machines from threats and vulnerabilities, install a supported endpoint protection solution." + "description": "To protect your machines from threats and vulnerabilities, install a supported endpoint protection solution.", + "deprecated": true } }, "endpointProtectionHealthIssuesMonitoringEffect": { "type": "string", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Endpoint protection health issues should be resolved on your machines", - "description": "Resolve endpoint protection health issues on your virtual machines to protect them from latest threats and vulnerabilities. Microsoft Defender for Cloud supported endpoint protection solutions are documented here - https://docs.microsoft.com/azure/security-center/security-center-services?tabs=features-windows#supported-endpoint-protection-solutions. Endpoint protection assessment is documented here - https://docs.microsoft.com/azure/security-center/security-center-endpoint-protection." + "description": "Resolve endpoint protection health issues on your virtual machines to protect them from latest threats and vulnerabilities. Microsoft Defender for Cloud supported endpoint protection solutions are documented here - https://docs.microsoft.com/azure/security-center/security-center-services?tabs=features-windows#supported-endpoint-protection-solutions. Endpoint protection assessment is documented here - https://docs.microsoft.com/azure/security-center/security-center-endpoint-protection.", + "deprecated": true } } }, @@ -5599,19 +5603,6 @@ "Azure_Security_Benchmark_v3.0_PV-6" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "vmssEndpointProtectionMonitoring", - "parameters": { - "effect": { - "value": "[parameters('vmssEndpointProtectionMonitoringEffect')]" - } - }, - "groupNames": [ - "Azure_Security_Benchmark_v3.0_ES-2" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c3f317a7-a95c-4547-b7e7-11017ebdf2fe", "definitionVersion": "3.*.*", @@ -6153,19 +6144,6 @@ "Azure_Security_Benchmark_v3.0_PV-6" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9", - "definitionVersion": "3.*.*", - "policyDefinitionReferenceId": "endpointProtectionMonitoring", - "parameters": { - "effect": { - "value": "[parameters('endpointProtectionMonitoringEffect')]" - } - }, - "groupNames": [ - "Azure_Security_Benchmark_v3.0_ES-2" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/501541f7-f7e7-4cd6-868c-4190fdad3ac9", "definitionVersion": "3.*.*", @@ -8357,33 +8335,6 @@ "Azure_Security_Benchmark_v3.0_PV-4" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1f7c564c-0a90-4d44-b7e1-9d456cffaee8", - "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "installEndpointProtection", - "parameters": { - "effect": { - "value": "[parameters('installEndpointProtectionMonitoringEffect')]" - } - }, - "groupNames": [ - "Azure_Security_Benchmark_v3.0_ES-2" - ] - }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8e42c1f2-a2ab-49bc-994a-12bcd0dc4ac2", - "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "endpointProtectionHealthIssuesMonitoringEffect", - "parameters": { - "effect": { - "value": "[parameters('endpointProtectionHealthIssuesMonitoringEffect')]" - } - }, - "groupNames": [ - "Azure_Security_Benchmark_v3.0_ES-2", - "Azure_Security_Benchmark_v3.0_ES-3" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/245fc9df-fa96-4414-9a0b-3738c2f7341c", "definitionVersion": "1.*.*", @@ -8758,6 +8709,7 @@ } ], "versions": [ + "57.43.0", "57.42.0", "57.41.0", "57.40.0",