From 9623fb51b66d6feb931f86effdc11d8188d1e72d Mon Sep 17 00:00:00 2001 From: Azure Policy Bot Date: Thu, 7 Dec 2023 02:13:17 +0000 Subject: [PATCH] Built-in Policy Release cbf95f4c --- ...es.json => CannotEditIndividualNodes.json} | 8 +++--- ...json => MustHaveAntiAffinityRulesSet.json} | 0 ...icLabels.json => NoAKSSpecificLabels.json} | 0 ...nts.json => ReservedSystemPoolTaints.json} | 0 ...es.json => CannotEditIndividualNodes.json} | 8 +++--- ...json => MustHaveAntiAffinityRulesSet.json} | 0 ...icLabels.json => NoAKSSpecificLabels.json} | 0 ...nts.json => ReservedSystemPoolTaints.json} | 0 ...reatProtectionOnStorageAccounts_Audit.json | 11 ++++---- ...KS_Guardrails.json => AKS_Safeguards.json} | 12 ++++----- ...KS_Guardrails.json => AKS_Safeguards.json} | 12 ++++----- .../Regulatory Compliance/CISv1_1_0.json | 8 +++--- .../Regulatory Compliance/CISv1_3_0.json | 25 ++++++++++++----- .../Regulatory Compliance/CISv1_4_0.json | 25 ++++++++++++----- .../Regulatory Compliance/CISv2_0_0.json | 25 ++++++++++++----- .../Regulatory Compliance/CMMC_2_0_L2.json | 8 +++--- .../Regulatory Compliance/CMMC_L3.json | 25 ++++++++++++----- .../FedRAMP_H_audit.json | 8 +++--- .../FedRAMP_M_audit.json | 8 +++--- .../NIST_SP_800-171_R2.json | 8 +++--- .../NIST_SP_800-53_R4.json | 8 +++--- .../NIST_SP_800-53_R5.json | 8 +++--- .../NL_BIO_Cloud_Theme.json | 25 ++++++++++++----- .../NZ_ISM_Restricted_v3_5.json | 8 +++--- .../RBI_ITF_Banks_v2016.json | 8 +++--- .../RBI_ITF_NBFC_v2017.json | 8 +++--- .../Regulatory Compliance/RMIT_Malaysia.json | 8 +++--- .../Regulatory Compliance/SOC_2.json | 25 ++++++++++++----- .../SWIFT_CSP-CSCF_v2021.json | 8 +++--- .../SWIFT_CSP-CSCF_v2022.json | 8 +++--- .../Regulatory Compliance/asb_v2.json | 27 ++++--------------- .../Regulatory Compliance/nz_ism.json | 25 ++++++++++++----- .../Security Center/AzureSecurityCenter.json | 24 +++-------------- 33 files changed, 220 insertions(+), 161 deletions(-) rename built-in-policies/policyDefinitions/Azure Government/Kubernetes/{AKS_GuardrailsCannotEditIndividualNodes.json => CannotEditIndividualNodes.json} (94%) rename built-in-policies/policyDefinitions/Azure Government/Kubernetes/{AKS_GuardrailsMustHaveAntiAffinityRulesSet.json => MustHaveAntiAffinityRulesSet.json} (100%) rename built-in-policies/policyDefinitions/Azure Government/Kubernetes/{AKS_GuardrailsNoAKSSpecificLabels.json => NoAKSSpecificLabels.json} (100%) rename built-in-policies/policyDefinitions/Azure Government/Kubernetes/{AKS_GuardrailsReservedSystemPoolTaints.json => ReservedSystemPoolTaints.json} (100%) rename built-in-policies/policyDefinitions/Kubernetes/{AKS_GuardrailsCannotEditIndividualNodes.json => CannotEditIndividualNodes.json} (94%) rename built-in-policies/policyDefinitions/Kubernetes/{AKS_GuardrailsMustHaveAntiAffinityRulesSet.json => MustHaveAntiAffinityRulesSet.json} (100%) rename built-in-policies/policyDefinitions/Kubernetes/{AKS_GuardrailsNoAKSSpecificLabels.json => NoAKSSpecificLabels.json} (100%) rename built-in-policies/policyDefinitions/Kubernetes/{AKS_GuardrailsReservedSystemPoolTaints.json => ReservedSystemPoolTaints.json} (100%) rename built-in-policies/policySetDefinitions/Azure Government/Kubernetes/{AKS_Guardrails.json => AKS_Safeguards.json} (94%) rename built-in-policies/policySetDefinitions/Kubernetes/{AKS_Guardrails.json => AKS_Safeguards.json} (94%) diff --git a/built-in-policies/policyDefinitions/Azure Government/Kubernetes/AKS_GuardrailsCannotEditIndividualNodes.json b/built-in-policies/policyDefinitions/Azure Government/Kubernetes/CannotEditIndividualNodes.json similarity index 94% rename from built-in-policies/policyDefinitions/Azure Government/Kubernetes/AKS_GuardrailsCannotEditIndividualNodes.json rename to built-in-policies/policyDefinitions/Azure Government/Kubernetes/CannotEditIndividualNodes.json index 892c1ed00..2faceeea4 100644 --- a/built-in-policies/policyDefinitions/Azure Government/Kubernetes/AKS_GuardrailsCannotEditIndividualNodes.json +++ b/built-in-policies/policyDefinitions/Azure Government/Kubernetes/CannotEditIndividualNodes.json @@ -5,11 +5,11 @@ "mode": "Microsoft.Kubernetes.Data", "description": "Cannot Edit Individual Nodes. Users should not edit individual nodes. Please edit node pools.", "metadata": { - "version": "1.0.1-preview", + "version": "1.0.2-preview", "category": "Kubernetes", "preview": true }, - "version": "1.0.1-preview", + "version": "1.0.2-preview", "parameters": { "effect": { "type": "String", @@ -107,14 +107,14 @@ "type": "Array", "metadata": { "displayName": "Allowed Users", - "description": "Users that are allowed by AKS Guardrails to modify node labels on individual nodes." + "description": "Users that are allowed by AKS Safeguards to modify node labels on individual nodes." } }, "allowedGroups": { "type": "Array", "metadata": { "displayName": "Allowed Groups", - "description": "Groups that are allowed by AKS Guardrails to modify node labels on individual nodes." + "description": "Groups that are allowed by AKS Safeguards to modify node labels on individual nodes." } } }, diff --git a/built-in-policies/policyDefinitions/Azure Government/Kubernetes/AKS_GuardrailsMustHaveAntiAffinityRulesSet.json b/built-in-policies/policyDefinitions/Azure Government/Kubernetes/MustHaveAntiAffinityRulesSet.json similarity index 100% rename from built-in-policies/policyDefinitions/Azure Government/Kubernetes/AKS_GuardrailsMustHaveAntiAffinityRulesSet.json rename to built-in-policies/policyDefinitions/Azure Government/Kubernetes/MustHaveAntiAffinityRulesSet.json diff --git a/built-in-policies/policyDefinitions/Azure Government/Kubernetes/AKS_GuardrailsNoAKSSpecificLabels.json b/built-in-policies/policyDefinitions/Azure Government/Kubernetes/NoAKSSpecificLabels.json similarity index 100% rename from built-in-policies/policyDefinitions/Azure Government/Kubernetes/AKS_GuardrailsNoAKSSpecificLabels.json rename to built-in-policies/policyDefinitions/Azure Government/Kubernetes/NoAKSSpecificLabels.json diff --git a/built-in-policies/policyDefinitions/Azure Government/Kubernetes/AKS_GuardrailsReservedSystemPoolTaints.json b/built-in-policies/policyDefinitions/Azure Government/Kubernetes/ReservedSystemPoolTaints.json similarity index 100% rename from built-in-policies/policyDefinitions/Azure Government/Kubernetes/AKS_GuardrailsReservedSystemPoolTaints.json rename to built-in-policies/policyDefinitions/Azure Government/Kubernetes/ReservedSystemPoolTaints.json diff --git a/built-in-policies/policyDefinitions/Kubernetes/AKS_GuardrailsCannotEditIndividualNodes.json b/built-in-policies/policyDefinitions/Kubernetes/CannotEditIndividualNodes.json similarity index 94% rename from built-in-policies/policyDefinitions/Kubernetes/AKS_GuardrailsCannotEditIndividualNodes.json rename to built-in-policies/policyDefinitions/Kubernetes/CannotEditIndividualNodes.json index 86dbf1927..006fb66c9 100644 --- a/built-in-policies/policyDefinitions/Kubernetes/AKS_GuardrailsCannotEditIndividualNodes.json +++ b/built-in-policies/policyDefinitions/Kubernetes/CannotEditIndividualNodes.json @@ -5,11 +5,11 @@ "mode": "Microsoft.Kubernetes.Data", "description": "Cannot Edit Individual Nodes. Users should not edit individual nodes. Please edit node pools.", "metadata": { - "version": "1.0.1-preview", + "version": "1.0.2-preview", "category": "Kubernetes", "preview": true }, - "version": "1.0.1-preview", + "version": "1.0.2-preview", "parameters": { "effect": { "type": "String", @@ -107,14 +107,14 @@ "type": "Array", "metadata": { "displayName": "Allowed Users", - "description": "Users that are allowed by AKS Guardrails to modify node labels on individual nodes." + "description": "Users that are allowed by AKS Safeguards to modify node labels on individual nodes." } }, "allowedGroups": { "type": "Array", "metadata": { "displayName": "Allowed Groups", - "description": "Groups that are allowed by AKS Guardrails to modify node labels on individual nodes." + "description": "Groups that are allowed by AKS Safeguards to modify node labels on individual nodes." } } }, diff --git a/built-in-policies/policyDefinitions/Kubernetes/AKS_GuardrailsMustHaveAntiAffinityRulesSet.json b/built-in-policies/policyDefinitions/Kubernetes/MustHaveAntiAffinityRulesSet.json similarity index 100% rename from built-in-policies/policyDefinitions/Kubernetes/AKS_GuardrailsMustHaveAntiAffinityRulesSet.json rename to built-in-policies/policyDefinitions/Kubernetes/MustHaveAntiAffinityRulesSet.json diff --git a/built-in-policies/policyDefinitions/Kubernetes/AKS_GuardrailsNoAKSSpecificLabels.json b/built-in-policies/policyDefinitions/Kubernetes/NoAKSSpecificLabels.json similarity index 100% rename from built-in-policies/policyDefinitions/Kubernetes/AKS_GuardrailsNoAKSSpecificLabels.json rename to built-in-policies/policyDefinitions/Kubernetes/NoAKSSpecificLabels.json diff --git a/built-in-policies/policyDefinitions/Kubernetes/AKS_GuardrailsReservedSystemPoolTaints.json b/built-in-policies/policyDefinitions/Kubernetes/ReservedSystemPoolTaints.json similarity index 100% rename from built-in-policies/policyDefinitions/Kubernetes/AKS_GuardrailsReservedSystemPoolTaints.json rename to built-in-policies/policyDefinitions/Kubernetes/ReservedSystemPoolTaints.json diff --git a/built-in-policies/policyDefinitions/Security Center/ASC_EnableAdvancedThreatProtectionOnStorageAccounts_Audit.json b/built-in-policies/policyDefinitions/Security Center/ASC_EnableAdvancedThreatProtectionOnStorageAccounts_Audit.json index 60d37b032..8db7f0c7c 100644 --- a/built-in-policies/policyDefinitions/Security Center/ASC_EnableAdvancedThreatProtectionOnStorageAccounts_Audit.json +++ b/built-in-policies/policyDefinitions/Security Center/ASC_EnableAdvancedThreatProtectionOnStorageAccounts_Audit.json @@ -1,18 +1,19 @@ { "properties": { - "displayName": "Microsoft Defender for Storage (Classic) should be enabled", + "displayName": "[Deprecated]: Microsoft Defender for Storage (Classic) should be enabled", "policyType": "BuiltIn", "mode": "All", "description": "Microsoft Defender for Storage (Classic) provides detections of unusual and potentially harmful attempts to access or exploit storage accounts.", "metadata": { - "version": "1.0.4", - "category": "Security Center" + "version": "1.1.0-deprecated", + "category": "Security Center", + "deprecated": true }, - "version": "1.0.4", + "version": "1.1.0", "parameters": { "effect": { "type": "string", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" diff --git a/built-in-policies/policySetDefinitions/Azure Government/Kubernetes/AKS_Guardrails.json b/built-in-policies/policySetDefinitions/Azure Government/Kubernetes/AKS_Safeguards.json similarity index 94% rename from built-in-policies/policySetDefinitions/Azure Government/Kubernetes/AKS_Guardrails.json rename to built-in-policies/policySetDefinitions/Azure Government/Kubernetes/AKS_Safeguards.json index 0c87efa01..def690322 100644 --- a/built-in-policies/policySetDefinitions/Azure Government/Kubernetes/AKS_Guardrails.json +++ b/built-in-policies/policySetDefinitions/Azure Government/Kubernetes/AKS_Safeguards.json @@ -1,14 +1,14 @@ { "properties": { - "displayName": "[Preview]: AKS Guardrails should help guide developers towards AKS recommended best practices", + "displayName": "[Preview]: AKS Safeguards should help guide developers towards AKS recommended best practices", "policyType": "BuiltIn", - "description": "A collection of Kubernetes best practices that are recommended by Azure Kubernetes Service (AKS). For the best experience, use AKS Guardrails to assign this policy initiative: https://aka.ms/aks/guardrails.", + "description": "A collection of Kubernetes best practices that are recommended by Azure Kubernetes Service (AKS). For the best experience, use AKS Deployment Safeguards to assign this policy initiative: https://aka.ms/aks/safeguards. Azure Policy Add-On for AKS is a pre-requisite for applying these best practices to your clusters. For instructions on enabling the Azure Policy Add-On, go to aka.ms/akspolicydoc", "metadata": { - "version": "1.3.1-preview", + "version": "1.3.2-preview", "category": "Kubernetes", "preview": true }, - "version": "1.3.1-preview", + "version": "1.3.2-preview", "parameters": { "effect": { "type": "String", @@ -39,14 +39,14 @@ "type": "Array", "metadata": { "displayName": "Allowed Users", - "description": "Users that are allowed by AKS Guardrails to make changes on kubernetes object." + "description": "Users that are allowed by AKS Safeguards to make changes on kubernetes object." } }, "allowedGroups": { "type": "Array", "metadata": { "displayName": "Allowed Groups", - "description": "Groups that are allowed by AKS Guardrails to make changes on kubernetes object." + "description": "Groups that are allowed by AKS Safeguards to make changes on kubernetes object." } }, "cpuLimit": { diff --git a/built-in-policies/policySetDefinitions/Kubernetes/AKS_Guardrails.json b/built-in-policies/policySetDefinitions/Kubernetes/AKS_Safeguards.json similarity index 94% rename from built-in-policies/policySetDefinitions/Kubernetes/AKS_Guardrails.json rename to built-in-policies/policySetDefinitions/Kubernetes/AKS_Safeguards.json index 0f4229905..8fc7efd5e 100644 --- a/built-in-policies/policySetDefinitions/Kubernetes/AKS_Guardrails.json +++ b/built-in-policies/policySetDefinitions/Kubernetes/AKS_Safeguards.json @@ -1,14 +1,14 @@ { "properties": { - "displayName": "[Preview]: AKS Guardrails should help guide developers towards AKS recommended best practices", + "displayName": "[Preview]: AKS Safeguards should help guide developers towards AKS recommended best practices", "policyType": "BuiltIn", - "description": "A collection of Kubernetes best practices that are recommended by Azure Kubernetes Service (AKS). For the best experience, use AKS Guardrails to assign this policy initiative: https://aka.ms/aks/guardrails.", + "description": "A collection of Kubernetes best practices that are recommended by Azure Kubernetes Service (AKS). For the best experience, use AKS Deployment Safeguards to assign this policy initiative: https://aka.ms/aks/safeguards. Azure Policy Add-On for AKS is a pre-requisite for applying these best practices to your clusters. For instructions on enabling the Azure Policy Add-On, go to aka.ms/akspolicydoc", "metadata": { - "version": "1.3.1-preview", + "version": "1.3.2-preview", "category": "Kubernetes", "preview": true }, - "version": "1.3.1-preview", + "version": "1.3.2-preview", "parameters": { "effect": { "type": "String", @@ -39,14 +39,14 @@ "type": "Array", "metadata": { "displayName": "Allowed Users", - "description": "Users that are allowed by AKS Guardrails to make changes on kubernetes object." + "description": "Users that are allowed by AKS Safeguards to make changes on kubernetes object." } }, "allowedGroups": { "type": "Array", "metadata": { "displayName": "Allowed Groups", - "description": "Groups that are allowed by AKS Guardrails to make changes on kubernetes object." + "description": "Groups that are allowed by AKS Safeguards to make changes on kubernetes object." } }, "cpuLimit": { diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/CISv1_1_0.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/CISv1_1_0.json index bdec3b72c..84d4767ed 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/CISv1_1_0.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/CISv1_1_0.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "The Center for Internet Security (CIS) is a nonprofit entity whose mission is to 'identify, develop, validate, promote, and sustain best practice solutions for cyberdefense.' CIS benchmarks are configuration baselines and best practices for securely configuring a system. These policies address a subset of CIS Microsoft Azure Foundations Benchmark v1.1.0 controls. For more information, visit https://aka.ms/cisazure110-initiative", "metadata": { - "version": "16.2.0", + "version": "16.3.0", "category": "Regulatory Compliance" }, - "version": "16.2.0", + "version": "16.3.0", "policyDefinitionGroups": [ { "name": "CIS_Azure_1.1.0_1.1", @@ -572,8 +572,8 @@ ] }, { - "policyDefinitionReferenceId": "308fbb08-4ab8-4e67-9b29-592e93fb94fa", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa", + "policyDefinitionReferenceId": "640d2586-54d2-465f-877f-9ffc1d2109f4", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/640d2586-54d2-465f-877f-9ffc1d2109f4", "definitionVersion": "1.*.*", "parameters": {}, "groupNames": [ diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/CISv1_3_0.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/CISv1_3_0.json index 0e791cc70..1f1d64902 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/CISv1_3_0.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/CISv1_3_0.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "The Center for Internet Security (CIS) is a nonprofit entity whose mission is to 'identify, develop, validate, promote, and sustain best practice solutions for cyberdefense.' CIS benchmarks are configuration baselines and best practices for securely configuring a system. These policies address a subset of CIS Microsoft Azure Foundations Benchmark v1.3.0 controls. For more information, visit https://aka.ms/cisazure130-initiative", "metadata": { - "version": "8.4.0", + "version": "8.5.0", "category": "Regulatory Compliance" }, - "version": "8.4.0", + "version": "8.5.0", "policyDefinitionGroups": [ { "name": "CIS_Azure_1.3.0_1.1", @@ -668,13 +668,26 @@ }, "effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Azure Defender for Storage should be enabled", + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true + } + }, + "effect-640d2586-54d2-465f-877f-9ffc1d2109f4": { + "type": "String", + "defaultValue": "AuditIfNotExists", + "allowedValues": [ + "AuditIfNotExists", + "Disabled" + ], + "metadata": { + "displayName": "Effect for policy: Microsoft Defender for Storage should be enabled", "description": "For more information about effects, visit https://aka.ms/policyeffects" } }, @@ -2068,12 +2081,12 @@ ] }, { - "policyDefinitionReferenceId": "308fbb08-4ab8-4e67-9b29-592e93fb94fa", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa", + "policyDefinitionReferenceId": "640d2586-54d2-465f-877f-9ffc1d2109f4", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/640d2586-54d2-465f-877f-9ffc1d2109f4", "definitionVersion": "1.*.*", "parameters": { "effect": { - "value": "[parameters('effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa')]" + "value": "[parameters('effect-640d2586-54d2-465f-877f-9ffc1d2109f4')]" } }, "groupNames": [ diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/CISv1_4_0.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/CISv1_4_0.json index a3815d445..5f462104f 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/CISv1_4_0.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/CISv1_4_0.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "The Center for Internet Security (CIS) is a nonprofit entity whose mission is to 'identify, develop, validate, promote, and sustain best practice solutions for cyberdefense.' CIS benchmarks are configuration baselines and best practices for securely configuring a system. These policies address a subset of CIS Microsoft Azure Foundations Benchmark v1.4.0 controls. For more information, visit https://aka.ms/cisazure140-initiative", "metadata": { - "version": "1.5.1", + "version": "1.6.0", "category": "Regulatory Compliance" }, - "version": "1.5.1", + "version": "1.6.0", "policyDefinitionGroups": [ { "name": "CIS_Azure_1.4.0_1.1", @@ -671,13 +671,26 @@ }, "effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Azure Defender for Storage should be enabled", + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true + } + }, + "effect-640d2586-54d2-465f-877f-9ffc1d2109f4": { + "type": "String", + "defaultValue": "AuditIfNotExists", + "allowedValues": [ + "AuditIfNotExists", + "Disabled" + ], + "metadata": { + "displayName": "Effect for policy: Microsoft Defender for Storage should be enabled", "description": "For more information about effects, visit https://aka.ms/policyeffects" } }, @@ -2410,12 +2423,12 @@ ] }, { - "policyDefinitionReferenceId": "308fbb08-4ab8-4e67-9b29-592e93fb94fa", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa", + "policyDefinitionReferenceId": "640d2586-54d2-465f-877f-9ffc1d2109f4", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/640d2586-54d2-465f-877f-9ffc1d2109f4", "definitionVersion": "1.*.*", "parameters": { "effect": { - "value": "[parameters('effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa')]" + "value": "[parameters('effect-640d2586-54d2-465f-877f-9ffc1d2109f4')]" } }, "groupNames": [ diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/CISv2_0_0.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/CISv2_0_0.json index dc6825d0c..745a195f8 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/CISv2_0_0.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/CISv2_0_0.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "The Center for Internet Security (CIS) is a nonprofit entity whose mission is to 'identify, develop, validate, promote, and sustain best practice solutions for cyberdefense.' CIS benchmarks are configuration baselines and best practices for securely configuring a system. These policies address a subset of CIS Microsoft Azure Foundations Benchmark v2.0.0 controls. For more information, visit https://aka.ms/cisazure200-initiative", "metadata": { - "version": "1.0.0", + "version": "1.1.0", "category": "Regulatory Compliance" }, - "version": "1.0.0", + "version": "1.1.0", "policyDefinitionGroups": [ { "name": "CIS_Azure_2.0.0_1.1.1", @@ -773,13 +773,26 @@ }, "effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Azure Defender for Storage should be enabled", + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true + } + }, + "effect-640d2586-54d2-465f-877f-9ffc1d2109f4": { + "type": "String", + "defaultValue": "AuditIfNotExists", + "allowedValues": [ + "AuditIfNotExists", + "Disabled" + ], + "metadata": { + "displayName": "Effect for policy: Microsoft Defender for Storage should be enabled", "description": "For more information about effects, visit https://aka.ms/policyeffects" } }, @@ -2863,12 +2876,12 @@ ] }, { - "policyDefinitionReferenceId": "308fbb08-4ab8-4e67-9b29-592e93fb94fa", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa", + "policyDefinitionReferenceId": "640d2586-54d2-465f-877f-9ffc1d2109f4", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/640d2586-54d2-465f-877f-9ffc1d2109f4", "definitionVersion": "1.*.*", "parameters": { "effect": { - "value": "[parameters('effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa')]" + "value": "[parameters('effect-640d2586-54d2-465f-877f-9ffc1d2109f4')]" } }, "groupNames": [ diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/CMMC_2_0_L2.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/CMMC_2_0_L2.json index 134564572..1a08d992e 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/CMMC_2_0_L2.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/CMMC_2_0_L2.json @@ -4,11 +4,11 @@ "policyType": "BuiltIn", "description": "This initiative includes policies that address a subset of CMMC 2.0 Level 2 practices. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/cmmc2l2-initiative.", "metadata": { - "version": "2.5.1-preview", + "version": "2.6.0-preview", "category": "Regulatory Compliance", "preview": true }, - "version": "2.5.1-preview", + "version": "2.6.0-preview", "policyDefinitionGroups": [ { "name": "CMMC_2.0_L2_AC.L1-3.1.1", @@ -3356,9 +3356,9 @@ ] }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/640d2586-54d2-465f-877f-9ffc1d2109f4", "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "308fbb08-4ab8-4e67-9b29-592e93fb94fa", + "policyDefinitionReferenceId": "640d2586-54d2-465f-877f-9ffc1d2109f4", "parameters": {}, "groupNames": [ "CMMC_2.0_L2_SI.L1-3.14.1", diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/CMMC_L3.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/CMMC_L3.json index ddb30873a..43f67a0f2 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/CMMC_L3.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/CMMC_L3.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "This initiative includes policies that address a subset of Cybersecurity Maturity Model Certification (CMMC) Level 3 requirements. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/cmmc-initiative.", "metadata": { - "version": "11.3.1", + "version": "11.4.0", "category": "Regulatory Compliance" }, - "version": "11.3.1", + "version": "11.4.0", "policyDefinitionGroups": [ { "name": "CMMC_L3_AC.1.001", @@ -2027,13 +2027,26 @@ }, "effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Azure Defender for Storage should be enabled", + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true + } + }, + "effect-640d2586-54d2-465f-877f-9ffc1d2109f4": { + "type": "String", + "defaultValue": "AuditIfNotExists", + "allowedValues": [ + "AuditIfNotExists", + "Disabled" + ], + "metadata": { + "displayName": "Effect for policy: Microsoft Defender for Storage should be enabled", "description": "For more information about effects, visit https://aka.ms/policyeffects" } }, @@ -4875,12 +4888,12 @@ ] }, { - "policyDefinitionReferenceId": "308fbb08-4ab8-4e67-9b29-592e93fb94fa", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa", + "policyDefinitionReferenceId": "640d2586-54d2-465f-877f-9ffc1d2109f4", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/640d2586-54d2-465f-877f-9ffc1d2109f4", "definitionVersion": "1.*.*", "parameters": { "effect": { - "value": "[parameters('effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa')]" + "value": "[parameters('effect-640d2586-54d2-465f-877f-9ffc1d2109f4')]" } }, "groupNames": [ diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/FedRAMP_H_audit.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/FedRAMP_H_audit.json index fbed53a7e..a2615d6e1 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/FedRAMP_H_audit.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/FedRAMP_H_audit.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "FedRAMP is a US government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud-based products and services. FedRAMP defines a set of controls for Low, Moderate, or High security impact level systems based on NIST baseline controls. These policies address a subset of FedRAMP (High) controls. For more information, visit https://docs.microsoft.com/azure/compliance/offerings/offering-fedramp", "metadata": { - "version": "17.5.0", + "version": "17.6.0", "category": "Regulatory Compliance" }, - "version": "17.5.0", + "version": "17.6.0", "policyDefinitionGroups": [ { "name": "FedRAMP_High_R4_AC-1", @@ -6074,8 +6074,8 @@ ] }, { - "policyDefinitionReferenceId": "308fbb08-4ab8-4e67-9b29-592e93fb94fa", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa", + "policyDefinitionReferenceId": "640d2586-54d2-465f-877f-9ffc1d2109f4", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/640d2586-54d2-465f-877f-9ffc1d2109f4", "definitionVersion": "1.*.*", "parameters": {}, "groupNames": [ diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/FedRAMP_M_audit.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/FedRAMP_M_audit.json index 1b9f9368c..b3d7f0423 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/FedRAMP_M_audit.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/FedRAMP_M_audit.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "FedRAMP is a U.S. government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud-based products and services. FedRAMP defines a set of controls for Low, Moderate, or High security impact level systems based on NIST baseline controls. These policies address a subset of FedRAMP (Moderate) controls. Additional policies will be added in upcoming releases. For more information, visit https://www.fedramp.gov/documents-templates/", "metadata": { - "version": "17.5.0", + "version": "17.6.0", "category": "Regulatory Compliance" }, - "version": "17.5.0", + "version": "17.6.0", "policyDefinitionGroups": [ { "name": "FedRAMP_Moderate_R4_AC-1", @@ -5290,8 +5290,8 @@ ] }, { - "policyDefinitionReferenceId": "308fbb08-4ab8-4e67-9b29-592e93fb94fa", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa", + "policyDefinitionReferenceId": "640d2586-54d2-465f-877f-9ffc1d2109f4", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/640d2586-54d2-465f-877f-9ffc1d2109f4", "definitionVersion": "1.*.*", "parameters": {}, "groupNames": [ diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/NIST_SP_800-171_R2.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/NIST_SP_800-171_R2.json index 2e9fcf23a..7a7fbf15f 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/NIST_SP_800-171_R2.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/NIST_SP_800-171_R2.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "The US National Institute of Standards and Technology (NIST) promotes and maintains measurement standards and guidelines to help protect the information and information systems of federal agencies. In response to Executive Order 13556 on managing controlled unclassified information (CUI), it published NIST SP 800-171. These policies address a subset of NIST SP 800-171 Rev. 2 controls. For more information, visit https://docs.microsoft.com/azure/compliance/offerings/offering-nist-800-171", "metadata": { - "version": "15.5.0", + "version": "15.6.0", "category": "Regulatory Compliance" }, - "version": "15.5.0", + "version": "15.6.0", "policyDefinitionGroups": [ { "name": "NIST_SP_800-171_R2_3.1.1", @@ -3606,8 +3606,8 @@ ] }, { - "policyDefinitionReferenceId": "308fbb08-4ab8-4e67-9b29-592e93fb94fa", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa", + "policyDefinitionReferenceId": "640d2586-54d2-465f-877f-9ffc1d2109f4", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/640d2586-54d2-465f-877f-9ffc1d2109f4", "definitionVersion": "1.*.*", "parameters": {}, "groupNames": [ diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/NIST_SP_800-53_R4.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/NIST_SP_800-53_R4.json index a0b0757d1..217fb05a9 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/NIST_SP_800-53_R4.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/NIST_SP_800-53_R4.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "National Institute of Standards and Technology (NIST) SP 800-53 R4 provides a standardized approach for assessing, monitoring and authorizing cloud computing products and services to manage information security risk.These policies address a subset of NIST SP 800-53 R4 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/nist800-53r4-initiative", "metadata": { - "version": "17.5.0", + "version": "17.6.0", "category": "Regulatory Compliance" }, - "version": "17.5.0", + "version": "17.6.0", "policyDefinitionGroups": [ { "name": "NIST_SP_800-53_R4_AC-1", @@ -5440,8 +5440,8 @@ ] }, { - "policyDefinitionReferenceId": "308fbb08-4ab8-4e67-9b29-592e93fb94fa", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa", + "policyDefinitionReferenceId": "640d2586-54d2-465f-877f-9ffc1d2109f4", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/640d2586-54d2-465f-877f-9ffc1d2109f4", "definitionVersion": "1.*.*", "parameters": {}, "groupNames": [ diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/NIST_SP_800-53_R5.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/NIST_SP_800-53_R5.json index a7e0e5f14..162979c9d 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/NIST_SP_800-53_R5.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/NIST_SP_800-53_R5.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "National Institute of Standards and Technology (NIST) SP 800-53 Rev. 5 provides a standardized approach for assessing, monitoring and authorizing cloud computing products and services to manage information security risk. These policies address a subset of NIST SP 800-53 R5 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/nist800-53r5-initiative", "metadata": { - "version": "14.5.0", + "version": "14.6.0", "category": "Regulatory Compliance" }, - "version": "14.5.0", + "version": "14.6.0", "policyDefinitionGroups": [ { "name": "NIST_SP_800-53_R5_AC-1", @@ -7868,8 +7868,8 @@ ] }, { - "policyDefinitionReferenceId": "308fbb08-4ab8-4e67-9b29-592e93fb94fa", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa", + "policyDefinitionReferenceId": "640d2586-54d2-465f-877f-9ffc1d2109f4", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/640d2586-54d2-465f-877f-9ffc1d2109f4", "definitionVersion": "1.*.*", "parameters": {}, "groupNames": [ diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/NL_BIO_Cloud_Theme.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/NL_BIO_Cloud_Theme.json index cce4ab90f..1873ae173 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/NL_BIO_Cloud_Theme.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/NL_BIO_Cloud_Theme.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "This initiative includes policies that address the Dutch Baseline Informatiebeveiliging (BIO) controls specifically for the 'thema-uitwerking Clouddiensten' and include policies covered under the SOC2 and ISO 27001:2013 controls.", "metadata": { - "version": "1.0.0", + "version": "1.1.0", "category": "Regulatory Compliance" }, - "version": "1.0.0", + "version": "1.1.0", "policyDefinitionGroups": [ { "name": "B.01 - Laws and regulations", @@ -2779,13 +2779,26 @@ }, "effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Azure Defender for Storage should be enabled", + "description": "The effect determines what happens when the policy rule is evaluated to match; for more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true + } + }, + "effect-640d2586-54d2-465f-877f-9ffc1d2109f4": { + "type": "String", + "defaultValue": "AuditIfNotExists", + "allowedValues": [ + "AuditIfNotExists", + "Disabled" + ], + "metadata": { + "displayName": "Effect for policy: Microsoft Defender for Storage should be enabled", "description": "The effect determines what happens when the policy rule is evaluated to match; for more information about effects, visit https://aka.ms/policyeffects" } }, @@ -6658,12 +6671,12 @@ ] }, { - "policyDefinitionReferenceId": "AzureDefenderForStorageShouldBeEnabled", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa", + "policyDefinitionReferenceId": "MicrosoftDefenderForStorageShouldBeEnabled", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/640d2586-54d2-465f-877f-9ffc1d2109f4", "definitionVersion": "1.*.*", "parameters": { "effect": { - "value": "[parameters('effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa')]" + "value": "[parameters('effect-640d2586-54d2-465f-877f-9ffc1d2109f4')]" } }, "groupNames": [ diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/NZ_ISM_Restricted_v3_5.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/NZ_ISM_Restricted_v3_5.json index e530f77f2..0542298fe 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/NZ_ISM_Restricted_v3_5.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/NZ_ISM_Restricted_v3_5.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "This initiative includes policies that address a subset of New Zealand Information Security Manual v3.5 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/nzism-initiative. ", "metadata": { - "version": "2.5.1", + "version": "2.6.0", "category": "Regulatory Compliance" }, - "version": "2.5.1", + "version": "2.6.0", "policyDefinitionGroups": [ { "name": "NZ_ISM_v3.5_AC-1", @@ -2538,9 +2538,9 @@ ] }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/640d2586-54d2-465f-877f-9ffc1d2109f4", "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "308fbb08-4ab8-4e67-9b29-592e93fb94fa", + "policyDefinitionReferenceId": "640d2586-54d2-465f-877f-9ffc1d2109f4", "parameters": {}, "groupNames": [ "NZ_ISM_v3.5_ISI-2" diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/RBI_ITF_Banks_v2016.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/RBI_ITF_Banks_v2016.json index 7dffbb2a5..cb82fb2b3 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/RBI_ITF_Banks_v2016.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/RBI_ITF_Banks_v2016.json @@ -4,11 +4,11 @@ "policyType": "BuiltIn", "description": "This initiative includes policies that address a subset of Reserve Bank of India IT Framework for Banks controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/rbiitfbanks-initiative.", "metadata": { - "version": "1.5.0-preview", + "version": "1.6.0-preview", "category": "Regulatory Compliance", "preview": true }, - "version": "1.5.0-preview", + "version": "1.6.0-preview", "policyDefinitionGroups": [ { "name": "RBI_CSF_Banks_v2016_9.1", @@ -862,9 +862,9 @@ ] }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/640d2586-54d2-465f-877f-9ffc1d2109f4", "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "308fbb08-4ab8-4e67-9b29-592e93fb94fa", + "policyDefinitionReferenceId": "640d2586-54d2-465f-877f-9ffc1d2109f4", "parameters": {}, "groupNames": [ "RBI_CSF_Banks_v2016_4.9", diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/RBI_ITF_NBFC_v2017.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/RBI_ITF_NBFC_v2017.json index 0e19d25d2..52f024c59 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/RBI_ITF_NBFC_v2017.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/RBI_ITF_NBFC_v2017.json @@ -4,11 +4,11 @@ "policyType": "BuiltIn", "description": "This initiative includes policies that address a subset of Reserve Bank of India IT Framework for Non-Banking Financial Companies (NBFC) controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/rbiitfnbfc-initiative.", "metadata": { - "version": "2.4.1-preview", + "version": "2.5.0-preview", "category": "Regulatory Compliance", "preview": true }, - "version": "2.4.1-preview", + "version": "2.5.0-preview", "policyDefinitionGroups": [ { "name": "RBI_ITF_NBFC_v2017_6", @@ -1625,9 +1625,9 @@ ] }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/640d2586-54d2-465f-877f-9ffc1d2109f4", "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "308fbb08-4ab8-4e67-9b29-592e93fb94fa", + "policyDefinitionReferenceId": "640d2586-54d2-465f-877f-9ffc1d2109f4", "parameters": {}, "groupNames": [ "RBI_ITF_NBFC_v2017_3", diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/RMIT_Malaysia.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/RMIT_Malaysia.json index 62035a399..378454f4c 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/RMIT_Malaysia.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/RMIT_Malaysia.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "This initiative includes policies that address a subset of RMIT requirements. Additional policies will be added in upcoming releases. For more information, visit aka.ms/rmit-initiative.", "metadata": { - "version": "9.4.0", + "version": "9.5.0", "category": "Regulatory Compliance" }, - "version": "9.4.0", + "version": "9.5.0", "policyDefinitionGroups": [ { "name": "RMiT_v1.0_10.1", @@ -3951,8 +3951,8 @@ ] }, { - "policyDefinitionReferenceId": "308fbb08-4ab8-4e67-9b29-592e93fb94fa", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa", + "policyDefinitionReferenceId": "640d2586-54d2-465f-877f-9ffc1d2109f4", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/640d2586-54d2-465f-877f-9ffc1d2109f4", "definitionVersion": "1.*.*", "parameters": {}, "groupNames": [ diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/SOC_2.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/SOC_2.json index 83bd9ea99..944dee3b6 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/SOC_2.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/SOC_2.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "A System and Organization Controls (SOC) 2 is a report based on the Trust Service Principles and Criteria established by the American Institute of Certified Public Accountants (AICPA). The Report evaluates an organization's information system relevant to the following principles: security, availability, processing integrity, confidentiality and privacy. These policies address a subset of SOC 2 Type 2 controls. For more information, visit https://docs.microsoft.com/azure/compliance/offerings/offering-soc-2", "metadata": { - "version": "1.4.0", + "version": "1.5.0", "category": "Regulatory Compliance" }, - "version": "1.4.0", + "version": "1.5.0", "policyDefinitionGroups": [ { "name": "SOC_2_A1.1", @@ -2841,13 +2841,26 @@ }, "effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Azure Defender for Storage should be enabled", + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true + } + }, + "effect-640d2586-54d2-465f-877f-9ffc1d2109f4": { + "type": "String", + "defaultValue": "AuditIfNotExists", + "allowedValues": [ + "AuditIfNotExists", + "Disabled" + ], + "metadata": { + "displayName": "Effect for policy: Microsoft Defender for Storage should be enabled", "description": "For more information about effects, visit https://aka.ms/policyeffects" } }, @@ -6322,12 +6335,12 @@ ] }, { - "policyDefinitionReferenceId": "308fbb08-4ab8-4e67-9b29-592e93fb94fa", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa", + "policyDefinitionReferenceId": "640d2586-54d2-465f-877f-9ffc1d2109f4", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/640d2586-54d2-465f-877f-9ffc1d2109f4", "definitionVersion": "1.*.*", "parameters": { "effect": { - "value": "[parameters('effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa')]" + "value": "[parameters('effect-640d2586-54d2-465f-877f-9ffc1d2109f4')]" } }, "groupNames": [ diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/SWIFT_CSP-CSCF_v2021.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/SWIFT_CSP-CSCF_v2021.json index 0aa3f17d2..46c58a02a 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/SWIFT_CSP-CSCF_v2021.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/SWIFT_CSP-CSCF_v2021.json @@ -4,11 +4,11 @@ "policyType": "BuiltIn", "description": "This initiative includes policies that address a subset of the SWIFT Customer Security Program's Customer Security Controls Framework v2021 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/swift2021-init.", "metadata": { - "version": "4.4.0-preview", + "version": "4.5.0-preview", "category": "Regulatory Compliance", "preview": true }, - "version": "4.4.0-preview", + "version": "4.5.0-preview", "policyDefinitionGroups": [ { "name": "SWIFT_CSCF_v2021_1.1", @@ -820,9 +820,9 @@ ] }, { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/640d2586-54d2-465f-877f-9ffc1d2109f4", "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "308fbb08-4ab8-4e67-9b29-592e93fb94fa", + "policyDefinitionReferenceId": "640d2586-54d2-465f-877f-9ffc1d2109f4", "parameters": {}, "groupNames": [ "SWIFT_CSCF_v2021_2.7", diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/SWIFT_CSP-CSCF_v2022.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/SWIFT_CSP-CSCF_v2022.json index 764e452c7..71c1c0123 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/SWIFT_CSP-CSCF_v2022.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/SWIFT_CSP-CSCF_v2022.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "SWIFT's Customer Security Programme (CSP) helps financial institutions ensure their defences against cyberattacks are up to date and effective, to protect the integrity of the wider financial network. Users compare the security measures they have implemented with those detailed in the Customer Security Controls Framework (CSCF). These policies address a subset of SWIFT controls. For more information, visit https://docs.microsoft.com/azure/governance/policy/samples/swift-cscf-v2021", "metadata": { - "version": "2.2.0", + "version": "2.3.0", "category": "Regulatory Compliance" }, - "version": "2.2.0", + "version": "2.3.0", "policyDefinitionGroups": [ { "name": "SWIFT_CSCF_v2022_1.1", @@ -1866,8 +1866,8 @@ ] }, { - "policyDefinitionReferenceId": "308fbb08-4ab8-4e67-9b29-592e93fb94fa", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa", + "policyDefinitionReferenceId": "640d2586-54d2-465f-877f-9ffc1d2109f4", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/640d2586-54d2-465f-877f-9ffc1d2109f4", "definitionVersion": "1.*.*", "parameters": {}, "groupNames": [ diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/asb_v2.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/asb_v2.json index 118c4ce85..ebeeabfb4 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/asb_v2.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/asb_v2.json @@ -4,11 +4,11 @@ "policyType": "BuiltIn", "description": "This initiative has been deprecated. The Azure Security Benchmark v2 policy set is now represented in the consolidated Azure Security Benchmark initiative, which also serves as the Azure Security Center default policy initiative. Please assign that initiative, or manage its policies and compliance results within Azure Security Center", "metadata": { - "version": "11.3.1-deprecated", + "version": "11.4.0-deprecated", "deprecated": true, "category": "Regulatory Compliance" }, - "version": "11.3.1", + "version": "11.4.0", "policyDefinitionGroups": [ { "name": "Azure_Security_Benchmark_v2.0_NS-1", @@ -1151,14 +1151,15 @@ }, "effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Azure Defender for Storage should be enabled", - "description": "For more information about effects, visit https://aka.ms/policyeffects" + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true } }, "effect-6581d072-105e-4418-827f-bd446d56421b": { @@ -3890,24 +3891,6 @@ "Azure_Security_Benchmark_v2.0_DP-2" ] }, - { - "policyDefinitionReferenceId": "azureDefenderForStorageShouldBeEnabled", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa", - "definitionVersion": "1.*.*", - "parameters": { - "effect": { - "value": "[parameters('effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa')]" - } - }, - "groupNames": [ - "Azure_Security_Benchmark_v2.0_DP-2", - "Azure_Security_Benchmark_v2.0_DP-3", - "Azure_Security_Benchmark_v2.0_LT-1", - "Azure_Security_Benchmark_v2.0_LT-2", - "Azure_Security_Benchmark_v2.0_IR-3", - "Azure_Security_Benchmark_v2.0_IR-5" - ] - }, { "policyDefinitionReferenceId": "azureDefenderForSQLServersOnMachinesShouldBeEnabled", "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6581d072-105e-4418-827f-bd446d56421b", diff --git a/built-in-policies/policySetDefinitions/Regulatory Compliance/nz_ism.json b/built-in-policies/policySetDefinitions/Regulatory Compliance/nz_ism.json index d0391abd6..01cf485c3 100644 --- a/built-in-policies/policySetDefinitions/Regulatory Compliance/nz_ism.json +++ b/built-in-policies/policySetDefinitions/Regulatory Compliance/nz_ism.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "This initiative includes policies that address a subset of New Zealand Information Security Manual controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/nzism-initiative.", "metadata": { - "version": "11.5.0", + "version": "11.6.0", "category": "Regulatory Compliance" }, - "version": "11.5.0", + "version": "11.6.0", "policyDefinitionGroups": [ { "name": "NZISM_Security_Benchmark_v1.1_AC-1", @@ -1942,13 +1942,26 @@ }, "effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa": { "type": "String", - "defaultValue": "AuditIfNotExists", + "defaultValue": "Disabled", "allowedValues": [ "AuditIfNotExists", "Disabled" ], "metadata": { "displayName": "Effect for policy: Azure Defender for Storage should be enabled", + "description": "For more information about effects, visit https://aka.ms/policyeffects", + "deprecated": true + } + }, + "effect-640d2586-54d2-465f-877f-9ffc1d2109f4": { + "type": "String", + "defaultValue": "AuditIfNotExists", + "allowedValues": [ + "AuditIfNotExists", + "Disabled" + ], + "metadata": { + "displayName": "Effect for policy: Microsoft Defender for Storage should be enabled", "description": "For more information about effects, visit https://aka.ms/policyeffects" } }, @@ -3883,12 +3896,12 @@ ] }, { - "policyDefinitionReferenceId": "308fbb08-4ab8-4e67-9b29-592e93fb94fa", - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa", + "policyDefinitionReferenceId": "640d2586-54d2-465f-877f-9ffc1d2109f4", + "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/640d2586-54d2-465f-877f-9ffc1d2109f4", "definitionVersion": "1.*.*", "parameters": { "effect": { - "value": "[parameters('effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa')]" + "value": "[parameters('effect-640d2586-54d2-465f-877f-9ffc1d2109f4')]" } }, "groupNames": [ diff --git a/built-in-policies/policySetDefinitions/Security Center/AzureSecurityCenter.json b/built-in-policies/policySetDefinitions/Security Center/AzureSecurityCenter.json index 45b1e2ecb..3f2a139d0 100644 --- a/built-in-policies/policySetDefinitions/Security Center/AzureSecurityCenter.json +++ b/built-in-policies/policySetDefinitions/Security Center/AzureSecurityCenter.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "description": "The Microsoft cloud security benchmark initiative represents the policies and controls implementing security recommendations defined in Microsoft cloud security benchmark, see https://aka.ms/azsecbm. This also serves as the Microsoft Defender for Cloud default policy initiative. You can directly assign this initiative, or manage its policies and compliance results within Microsoft Defender for Cloud.", "metadata": { - "version": "57.24.0", + "version": "57.25.0", "category": "Security Center" }, - "version": "57.24.0", + "version": "57.25.0", "policyDefinitionGroups": [ { "name": "Azure_Security_Benchmark_v3.0_NS-1", @@ -2498,7 +2498,8 @@ ], "metadata": { "displayName": "Azure Defender for Storage should be enabled", - "description": "Enable or disable Azure Defender for storage" + "description": "Enable or disable Azure Defender for storage", + "deprecated": true } }, "appServicesAdvancedThreatProtectionMonitoringEffect": { @@ -6811,23 +6812,6 @@ "Azure_Security_Benchmark_v3.0_IR-5" ] }, - { - "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/308fbb08-4ab8-4e67-9b29-592e93fb94fa", - "definitionVersion": "1.*.*", - "policyDefinitionReferenceId": "storageAccountsAdvancedDataSecurityMonitoringEffect", - "parameters": { - "effect": { - "value": "[parameters('storageAccountsAdvancedDataSecurityMonitoringEffect')]" - } - }, - "groupNames": [ - "Azure_Security_Benchmark_v3.0_DP-2", - "Azure_Security_Benchmark_v3.0_LT-1", - "Azure_Security_Benchmark_v3.0_LT-2", - "Azure_Security_Benchmark_v3.0_IR-3", - "Azure_Security_Benchmark_v3.0_IR-5" - ] - }, { "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2913021d-f2fd-4f3d-b958-22354e2bdbcb", "definitionVersion": "1.*.*",