Built-in Policy Release 905650cc

built-in-policies/policyDefinitions/Machine Learning/Workspace_CMKEnabled_Audit.json

@@ -5,10 +5,10 @@
     "mode": "Indexed",
     "description": "Manage encryption at rest of Azure Machine Learning workspace data with customer-managed keys. By default, customer data is encrypted with service-managed keys, but customer-managed keys are commonly required to meet regulatory compliance standards. Customer-managed keys enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more at https://aka.ms/azureml-workspaces-cmk.",
     "metadata": {
-      "version": "1.0.3",
+      "version": "1.1.0",
       "category": "Machine Learning"
     },
-    "version": "1.0.3",
+    "version": "1.1.0",
     "parameters": {
       "effect": {
         "type": "String",
@@ -31,6 +31,12 @@
             "field": "type",
             "equals": "Microsoft.MachineLearningServices/workspaces"
           },
+          {
+            "not": {
+              "field": "kind",
+              "equals": "project"
+            }
+          },
           {
             "not": {
               "field": "Microsoft.MachineLearningServices/workspaces/encryption.status",
@@ -44,6 +50,7 @@
       }
     },
     "versions": [
+      "1.1.0",
       "1.0.3"
     ]
   },

built-in-policies/policySetDefinitions/Azure Government/Regulatory Compliance/CMMC_L3.json

@@ -4,10 +4,10 @@
     "policyType": "BuiltIn",
     "description": "This initiative includes policies that address a subset of Cybersecurity Maturity Model Certification (CMMC) Level 3 requirements. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/cmmc-initiative.",
     "metadata": {
-      "version": "9.7.0",
+      "version": "9.8.0",
       "category": "Regulatory Compliance"
     },
-    "version": "9.7.0",
+    "version": "9.8.0",
     "policyDefinitionGroups": [
       {
         "name": "CMMC_L3_AC.1.001",
@@ -2594,21 +2594,6 @@
           "CMMC_L3_SC.3.185"
         ]
       },
-      {
-        "policyDefinitionReferenceId": "26a828e1-e88f-464e-bbb3-c134a282b9de",
-        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/26a828e1-e88f-464e-bbb3-c134a282b9de",
-        "definitionVersion": "3.*.*",
-        "parameters": {
-          "effect": {
-            "value": "[parameters('effect-26a828e1-e88f-464e-bbb3-c134a282b9de')]"
-          }
-        },
-        "groupNames": [
-          "CMMC_L3_CA.2.158",
-          "CMMC_L3_CA.3.161",
-          "CMMC_L3_SI.1.211"
-        ]
-      },
       {
         "policyDefinitionReferenceId": "32133ab0-ee4b-4b44-98d6-042180979d50",
         "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/32133ab0-ee4b-4b44-98d6-042180979d50",
@@ -4228,6 +4213,7 @@
       }
     ],
     "versions": [
+      "9.8.0",
       "9.7.0",
       "9.6.0",
       "9.5.0",

built-in-policies/policySetDefinitions/Regulatory Compliance/CISv1_3_0.json

@@ -4,10 +4,10 @@
     "policyType": "BuiltIn",
     "description": "The Center for Internet Security (CIS) is a nonprofit entity whose mission is to 'identify, develop, validate, promote, and sustain best practice solutions for cyberdefense.' CIS benchmarks are configuration baselines and best practices for securely configuring a system. These policies address a subset of CIS Microsoft Azure Foundations Benchmark v1.3.0 controls. For more information, visit https://aka.ms/cisazure130-initiative",
     "metadata": {
-      "version": "8.9.0",
+      "version": "8.10.0",
       "category": "Regulatory Compliance"
     },
-    "version": "8.9.0",
+    "version": "8.10.0",
     "policyDefinitionGroups": [
       {
         "name": "CIS_Azure_1.3.0_1.1",
@@ -2838,19 +2838,6 @@
           "CIS_Azure_1.3.0_7.5"
         ]
       },
-      {
-        "policyDefinitionReferenceId": "af6cd1bd-1635-48cb-bde7-5b15693900b9",
-        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9",
-        "definitionVersion": "3.*.*",
-        "parameters": {
-          "effect": {
-            "value": "[parameters('effect-af6cd1bd-1635-48cb-bde7-5b15693900b9')]"
-          }
-        },
-        "groupNames": [
-          "CIS_Azure_1.3.0_7.6"
-        ]
-      },
       {
         "policyDefinitionReferenceId": "152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0",
         "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0",
@@ -4253,6 +4240,7 @@
       }
     ],
     "versions": [
+      "8.10.0",
       "8.9.0",
       "8.8.0",
       "8.7.0",

built-in-policies/policySetDefinitions/Regulatory Compliance/NewZealand_ISM.json

@@ -5,9 +5,9 @@
     "description": "New Zealand Information Security Manual (ISM) policy initiative. This policy set includes definitions that have a Deny effect by default",
     "metadata": {
       "category": "Regulatory Compliance",
-      "version": "1.2.1"
+      "version": "1.3.0"
     },
-    "version": "1.2.1",
+    "version": "1.3.0",
     "policyDefinitionGroups": [
       {
         "additionalMetadataId": "/providers/Microsoft.PolicyInsights/policyMetadata/New_Zealand_ISM_06.2.5.C.01",
@@ -1239,15 +1239,6 @@
         "definitionVersion": "1.*.*",
         "parameters": {}
       },
-      {
-        "policyDefinitionReferenceId": "Endpoint protection health issues should be resolved on your machines",
-        "groupNames": [
-          "New_Zealand_ISM_14.1.9.C.01"
-        ],
-        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8e42c1f2-a2ab-49bc-994a-12bcd0dc4ac2",
-        "definitionVersion": "1.*.*",
-        "parameters": {}
-      },
       {
         "policyDefinitionReferenceId": "Guest Configuration extension should be installed on your machines",
         "groupNames": [
@@ -2804,6 +2795,7 @@
       }
     ],
     "versions": [
+      "1.3.0",
       "1.2.1",
       "1.2.0-PREVIEW",
       "1.1.0-PREVIEW",

built-in-policies/policySetDefinitions/Regulatory Compliance/SOC_2.json

@@ -4,10 +4,10 @@
     "policyType": "BuiltIn",
     "description": "A System and Organization Controls (SOC) 2 is a report based on the Trust Service Principles and Criteria established by the American Institute of Certified Public Accountants (AICPA). The Report evaluates an organization's information system relevant to the following principles: security, availability, processing integrity, confidentiality and privacy. These policies address a subset of SOC 2 Type 2 controls. For more information, visit https://docs.microsoft.com/azure/compliance/offerings/offering-soc-2",
     "metadata": {
-      "version": "1.9.0",
+      "version": "1.10.0",
       "category": "Regulatory Compliance"
     },
-    "version": "1.9.0",
+    "version": "1.10.0",
     "policyDefinitionGroups": [
       {
         "name": "SOC_2_A1.1",
@@ -5896,19 +5896,6 @@
           "SOC_2_CC8.1"
         ]
       },
-      {
-        "policyDefinitionReferenceId": "af6cd1bd-1635-48cb-bde7-5b15693900b9",
-        "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/af6cd1bd-1635-48cb-bde7-5b15693900b9",
-        "definitionVersion": "3.*.*",
-        "parameters": {
-          "effect": {
-            "value": "[parameters('effect-af6cd1bd-1635-48cb-bde7-5b15693900b9')]"
-          }
-        },
-        "groupNames": [
-          "SOC_2_CC6.8"
-        ]
-      },
       {
         "policyDefinitionReferenceId": "3d399cf3-8fc6-0efc-6ab0-1412f1198517",
         "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3d399cf3-8fc6-0efc-6ab0-1412f1198517",
@@ -6819,6 +6806,7 @@
       }
     ],
     "versions": [
+      "1.10.0",
       "1.9.0",
       "1.8.0",
       "1.7.0",