Built-in Policy Release cbf95f4c (#1251)

Co-authored-by: Azure Policy Bot <azgovpolicy@microsoft.com>

built-in-policies/policyDefinitions/Azure Government/Kubernetes/AKS_GuardrailsCannotEditIndividualNodes.json → built-in-policies/policyDefinitions/Azure Government/Kubernetes/CannotEditIndividualNodes.json

@@ -5,11 +5,11 @@
     "mode": "Microsoft.Kubernetes.Data",
     "description": "Cannot Edit Individual Nodes. Users should not edit individual nodes. Please edit node pools.",
     "metadata": {
-      "version": "1.0.1-preview",
+      "version": "1.0.2-preview",
       "category": "Kubernetes",
       "preview": true
     },
-    "version": "1.0.1-preview",
+    "version": "1.0.2-preview",
     "parameters": {
       "effect": {
         "type": "String",
@@ -107,14 +107,14 @@
         "type": "Array",
         "metadata": {
           "displayName": "Allowed Users",
-          "description": "Users that are allowed by AKS Guardrails to modify node labels on individual nodes."
+          "description": "Users that are allowed by AKS Safeguards to modify node labels on individual nodes."
         }
       },
       "allowedGroups": {
         "type": "Array",
         "metadata": {
           "displayName": "Allowed Groups",
-          "description": "Groups that are allowed by AKS Guardrails to modify node labels on individual nodes."
+          "description": "Groups that are allowed by AKS Safeguards to modify node labels on individual nodes."
         }
       }
     },

built-in-policies/policyDefinitions/Kubernetes/AKS_GuardrailsCannotEditIndividualNodes.json → built-in-policies/policyDefinitions/Kubernetes/CannotEditIndividualNodes.json

@@ -5,11 +5,11 @@
     "mode": "Microsoft.Kubernetes.Data",
     "description": "Cannot Edit Individual Nodes. Users should not edit individual nodes. Please edit node pools.",
     "metadata": {
-      "version": "1.0.1-preview",
+      "version": "1.0.2-preview",
       "category": "Kubernetes",
       "preview": true
     },
-    "version": "1.0.1-preview",
+    "version": "1.0.2-preview",
     "parameters": {
       "effect": {
         "type": "String",
@@ -107,14 +107,14 @@
         "type": "Array",
         "metadata": {
           "displayName": "Allowed Users",
-          "description": "Users that are allowed by AKS Guardrails to modify node labels on individual nodes."
+          "description": "Users that are allowed by AKS Safeguards to modify node labels on individual nodes."
         }
       },
       "allowedGroups": {
         "type": "Array",
         "metadata": {
           "displayName": "Allowed Groups",
-          "description": "Groups that are allowed by AKS Guardrails to modify node labels on individual nodes."
+          "description": "Groups that are allowed by AKS Safeguards to modify node labels on individual nodes."
         }
       }
     },

built-in-policies/policyDefinitions/Security Center/ASC_EnableAdvancedThreatProtectionOnStorageAccounts_Audit.json

@@ -1,18 +1,19 @@
 {
   "properties": {
-    "displayName": "Microsoft Defender for Storage (Classic) should be enabled",
+    "displayName": "[Deprecated]: Microsoft Defender for Storage (Classic) should be enabled",
     "policyType": "BuiltIn",
     "mode": "All",
     "description": "Microsoft Defender for Storage (Classic) provides detections of unusual and potentially harmful attempts to access or exploit storage accounts.",
     "metadata": {
-      "version": "1.0.4",
-      "category": "Security Center"
+      "version": "1.1.0-deprecated",
+      "category": "Security Center",
+      "deprecated": true
     },
-    "version": "1.0.4",
+    "version": "1.1.0",
     "parameters": {
       "effect": {
         "type": "string",
-        "defaultValue": "AuditIfNotExists",
+        "defaultValue": "Disabled",
         "allowedValues": [
           "AuditIfNotExists",
           "Disabled"

built-in-policies/policySetDefinitions/Azure Government/Kubernetes/AKS_Guardrails.json → built-in-policies/policySetDefinitions/Azure Government/Kubernetes/AKS_Safeguards.json

@@ -1,14 +1,14 @@
 {
   "properties": {
-    "displayName": "[Preview]: AKS Guardrails should help guide developers towards AKS recommended best practices",
+    "displayName": "[Preview]: AKS Safeguards should help guide developers towards AKS recommended best practices",
     "policyType": "BuiltIn",
-    "description": "A collection of Kubernetes best practices that are recommended by Azure Kubernetes Service (AKS). For the best experience, use AKS Guardrails to assign this policy initiative: https://aka.ms/aks/guardrails.",
+    "description": "A collection of Kubernetes best practices that are recommended by Azure Kubernetes Service (AKS). For the best experience, use AKS Deployment Safeguards to assign this policy initiative: https://aka.ms/aks/safeguards. Azure Policy Add-On for AKS is a pre-requisite for applying these best practices to your clusters. For instructions on enabling the Azure Policy Add-On, go to aka.ms/akspolicydoc",
     "metadata": {
-      "version": "1.3.1-preview",
+      "version": "1.3.2-preview",
       "category": "Kubernetes",
       "preview": true
     },
-    "version": "1.3.1-preview",
+    "version": "1.3.2-preview",
     "parameters": {
       "effect": {
         "type": "String",
@@ -39,14 +39,14 @@
         "type": "Array",
         "metadata": {
           "displayName": "Allowed Users",
-          "description": "Users that are allowed by AKS Guardrails to make changes on kubernetes object."
+          "description": "Users that are allowed by AKS Safeguards to make changes on kubernetes object."
         }
       },
       "allowedGroups": {
         "type": "Array",
         "metadata": {
           "displayName": "Allowed Groups",
-          "description": "Groups that are allowed by AKS Guardrails to make changes on kubernetes object."
+          "description": "Groups that are allowed by AKS Safeguards to make changes on kubernetes object."
         }
       },
       "cpuLimit": {

built-in-policies/policySetDefinitions/Kubernetes/AKS_Guardrails.json → built-in-policies/policySetDefinitions/Kubernetes/AKS_Safeguards.json

@@ -1,14 +1,14 @@
 {
   "properties": {
-    "displayName": "[Preview]: AKS Guardrails should help guide developers towards AKS recommended best practices",
+    "displayName": "[Preview]: AKS Safeguards should help guide developers towards AKS recommended best practices",
     "policyType": "BuiltIn",
-    "description": "A collection of Kubernetes best practices that are recommended by Azure Kubernetes Service (AKS). For the best experience, use AKS Guardrails to assign this policy initiative: https://aka.ms/aks/guardrails.",
+    "description": "A collection of Kubernetes best practices that are recommended by Azure Kubernetes Service (AKS). For the best experience, use AKS Deployment Safeguards to assign this policy initiative: https://aka.ms/aks/safeguards. Azure Policy Add-On for AKS is a pre-requisite for applying these best practices to your clusters. For instructions on enabling the Azure Policy Add-On, go to aka.ms/akspolicydoc",
     "metadata": {
-      "version": "1.3.1-preview",
+      "version": "1.3.2-preview",
       "category": "Kubernetes",
       "preview": true
     },
-    "version": "1.3.1-preview",
+    "version": "1.3.2-preview",
     "parameters": {
       "effect": {
         "type": "String",
@@ -39,14 +39,14 @@
         "type": "Array",
         "metadata": {
           "displayName": "Allowed Users",
-          "description": "Users that are allowed by AKS Guardrails to make changes on kubernetes object."
+          "description": "Users that are allowed by AKS Safeguards to make changes on kubernetes object."
         }
       },
       "allowedGroups": {
         "type": "Array",
         "metadata": {
           "displayName": "Allowed Groups",
-          "description": "Groups that are allowed by AKS Guardrails to make changes on kubernetes object."
+          "description": "Groups that are allowed by AKS Safeguards to make changes on kubernetes object."
         }
       },
       "cpuLimit": {

built-in-policies/policySetDefinitions/Regulatory Compliance/CISv1_1_0.json

@@ -4,10 +4,10 @@
     "policyType": "BuiltIn",
     "description": "The Center for Internet Security (CIS) is a nonprofit entity whose mission is to 'identify, develop, validate, promote, and sustain best practice solutions for cyberdefense.' CIS benchmarks are configuration baselines and best practices for securely configuring a system. These policies address a subset of CIS Microsoft Azure Foundations Benchmark v1.1.0 controls. For more information, visit https://aka.ms/cisazure110-initiative",
     "metadata": {
-      "version": "16.2.0",
+      "version": "16.3.0",
       "category": "Regulatory Compliance"
     },
-    "version": "16.2.0",
+    "version": "16.3.0",
     "policyDefinitionGroups": [
       {
         "name": "CIS_Azure_1.1.0_1.1",
@@ -572,8 +572,8 @@
         ]
       },
       {
-        "policyDefinitionReferenceId": "308fbb08-4ab8-4e67-9b29-592e93fb94fa",
-        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa",
+        "policyDefinitionReferenceId": "640d2586-54d2-465f-877f-9ffc1d2109f4",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/640d2586-54d2-465f-877f-9ffc1d2109f4",
         "definitionVersion": "1.*.*",
         "parameters": {},
         "groupNames": [

built-in-policies/policySetDefinitions/Regulatory Compliance/CISv1_3_0.json

@@ -4,10 +4,10 @@
     "policyType": "BuiltIn",
     "description": "The Center for Internet Security (CIS) is a nonprofit entity whose mission is to 'identify, develop, validate, promote, and sustain best practice solutions for cyberdefense.' CIS benchmarks are configuration baselines and best practices for securely configuring a system. These policies address a subset of CIS Microsoft Azure Foundations Benchmark v1.3.0 controls. For more information, visit https://aka.ms/cisazure130-initiative",
     "metadata": {
-      "version": "8.4.0",
+      "version": "8.5.0",
       "category": "Regulatory Compliance"
     },
-    "version": "8.4.0",
+    "version": "8.5.0",
     "policyDefinitionGroups": [
       {
         "name": "CIS_Azure_1.3.0_1.1",
@@ -668,13 +668,26 @@
       },
       "effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa": {
         "type": "String",
-        "defaultValue": "AuditIfNotExists",
+        "defaultValue": "Disabled",
         "allowedValues": [
           "AuditIfNotExists",
           "Disabled"
         ],
         "metadata": {
           "displayName": "Effect for policy: Azure Defender for Storage should be enabled",
+          "description": "For more information about effects, visit https://aka.ms/policyeffects",
+          "deprecated": true
+        }
+      },
+      "effect-640d2586-54d2-465f-877f-9ffc1d2109f4": {
+        "type": "String",
+        "defaultValue": "AuditIfNotExists",
+        "allowedValues": [
+          "AuditIfNotExists",
+          "Disabled"
+        ],
+        "metadata": {
+          "displayName": "Effect for policy: Microsoft Defender for Storage should be enabled",
           "description": "For more information about effects, visit https://aka.ms/policyeffects"
         }
       },
@@ -2068,12 +2081,12 @@
         ]
       },
       {
-        "policyDefinitionReferenceId": "308fbb08-4ab8-4e67-9b29-592e93fb94fa",
-        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa",
+        "policyDefinitionReferenceId": "640d2586-54d2-465f-877f-9ffc1d2109f4",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/640d2586-54d2-465f-877f-9ffc1d2109f4",
         "definitionVersion": "1.*.*",
         "parameters": {
           "effect": {
-            "value": "[parameters('effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa')]"
+            "value": "[parameters('effect-640d2586-54d2-465f-877f-9ffc1d2109f4')]"
           }
         },
         "groupNames": [

built-in-policies/policySetDefinitions/Regulatory Compliance/CISv1_4_0.json

@@ -4,10 +4,10 @@
     "policyType": "BuiltIn",
     "description": "The Center for Internet Security (CIS) is a nonprofit entity whose mission is to 'identify, develop, validate, promote, and sustain best practice solutions for cyberdefense.' CIS benchmarks are configuration baselines and best practices for securely configuring a system. These policies address a subset of CIS Microsoft Azure Foundations Benchmark v1.4.0 controls. For more information, visit https://aka.ms/cisazure140-initiative",
     "metadata": {
-      "version": "1.5.1",
+      "version": "1.6.0",
       "category": "Regulatory Compliance"
     },
-    "version": "1.5.1",
+    "version": "1.6.0",
     "policyDefinitionGroups": [
       {
         "name": "CIS_Azure_1.4.0_1.1",
@@ -671,13 +671,26 @@
       },
       "effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa": {
         "type": "String",
-        "defaultValue": "AuditIfNotExists",
+        "defaultValue": "Disabled",
         "allowedValues": [
           "AuditIfNotExists",
           "Disabled"
         ],
         "metadata": {
           "displayName": "Effect for policy: Azure Defender for Storage should be enabled",
+          "description": "For more information about effects, visit https://aka.ms/policyeffects",
+          "deprecated": true
+        }
+      },
+      "effect-640d2586-54d2-465f-877f-9ffc1d2109f4": {
+        "type": "String",
+        "defaultValue": "AuditIfNotExists",
+        "allowedValues": [
+          "AuditIfNotExists",
+          "Disabled"
+        ],
+        "metadata": {
+          "displayName": "Effect for policy: Microsoft Defender for Storage should be enabled",
           "description": "For more information about effects, visit https://aka.ms/policyeffects"
         }
       },
@@ -2410,12 +2423,12 @@
         ]
       },
       {
-        "policyDefinitionReferenceId": "308fbb08-4ab8-4e67-9b29-592e93fb94fa",
-        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa",
+        "policyDefinitionReferenceId": "640d2586-54d2-465f-877f-9ffc1d2109f4",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/640d2586-54d2-465f-877f-9ffc1d2109f4",
         "definitionVersion": "1.*.*",
         "parameters": {
           "effect": {
-            "value": "[parameters('effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa')]"
+            "value": "[parameters('effect-640d2586-54d2-465f-877f-9ffc1d2109f4')]"
           }
         },
         "groupNames": [

built-in-policies/policySetDefinitions/Regulatory Compliance/CISv2_0_0.json

@@ -4,10 +4,10 @@
     "policyType": "BuiltIn",
     "description": "The Center for Internet Security (CIS) is a nonprofit entity whose mission is to 'identify, develop, validate, promote, and sustain best practice solutions for cyberdefense.' CIS benchmarks are configuration baselines and best practices for securely configuring a system. These policies address a subset of CIS Microsoft Azure Foundations Benchmark v2.0.0 controls. For more information, visit https://aka.ms/cisazure200-initiative",
     "metadata": {
-      "version": "1.0.0",
+      "version": "1.1.0",
       "category": "Regulatory Compliance"
     },
-    "version": "1.0.0",
+    "version": "1.1.0",
     "policyDefinitionGroups": [
       {
         "name": "CIS_Azure_2.0.0_1.1.1",
@@ -773,13 +773,26 @@
       },
       "effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa": {
         "type": "String",
-        "defaultValue": "AuditIfNotExists",
+        "defaultValue": "Disabled",
         "allowedValues": [
           "AuditIfNotExists",
           "Disabled"
         ],
         "metadata": {
           "displayName": "Effect for policy: Azure Defender for Storage should be enabled",
+          "description": "For more information about effects, visit https://aka.ms/policyeffects",
+          "deprecated": true
+        }
+      },
+      "effect-640d2586-54d2-465f-877f-9ffc1d2109f4": {
+        "type": "String",
+        "defaultValue": "AuditIfNotExists",
+        "allowedValues": [
+          "AuditIfNotExists",
+          "Disabled"
+        ],
+        "metadata": {
+          "displayName": "Effect for policy: Microsoft Defender for Storage should be enabled",
           "description": "For more information about effects, visit https://aka.ms/policyeffects"
         }
       },
@@ -2863,12 +2876,12 @@
         ]
       },
       {
-        "policyDefinitionReferenceId": "308fbb08-4ab8-4e67-9b29-592e93fb94fa",
-        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa",
+        "policyDefinitionReferenceId": "640d2586-54d2-465f-877f-9ffc1d2109f4",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/640d2586-54d2-465f-877f-9ffc1d2109f4",
         "definitionVersion": "1.*.*",
         "parameters": {
           "effect": {
-            "value": "[parameters('effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa')]"
+            "value": "[parameters('effect-640d2586-54d2-465f-877f-9ffc1d2109f4')]"
           }
         },
         "groupNames": [

built-in-policies/policySetDefinitions/Regulatory Compliance/CMMC_2_0_L2.json

@@ -4,11 +4,11 @@
     "policyType": "BuiltIn",
     "description": "This initiative includes policies that address a subset of CMMC 2.0 Level 2 practices. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/cmmc2l2-initiative.",
     "metadata": {
-      "version": "2.5.1-preview",
+      "version": "2.6.0-preview",
       "category": "Regulatory Compliance",
       "preview": true
     },
-    "version": "2.5.1-preview",
+    "version": "2.6.0-preview",
     "policyDefinitionGroups": [
       {
         "name": "CMMC_2.0_L2_AC.L1-3.1.1",
@@ -3356,9 +3356,9 @@
         ]
       },
       {
-        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa",
+        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/640d2586-54d2-465f-877f-9ffc1d2109f4",
         "definitionVersion": "1.*.*",
-        "policyDefinitionReferenceId": "308fbb08-4ab8-4e67-9b29-592e93fb94fa",
+        "policyDefinitionReferenceId": "640d2586-54d2-465f-877f-9ffc1d2109f4",
         "parameters": {},
         "groupNames": [
           "CMMC_2.0_L2_SI.L1-3.14.1",