diff --git a/.github/scripts/Invoke-PolicyToBicep-China.ps1 b/.github/scripts/Invoke-PolicyToBicep-China.ps1 index 23de4545d..e8d5e77f4 100644 --- a/.github/scripts/Invoke-PolicyToBicep-China.ps1 +++ b/.github/scripts/Invoke-PolicyToBicep-China.ps1 @@ -1,136 +1,227 @@ <# SUMMARY: This PowerShell script helps with the authoring of the policy definiton module for Azure China by outputting information required for the variables within the module. -DESCRIPTION: This PowerShell script outputs the Name & Path to a Bicep strucutred .txt file named '_mc_policyDefinitionsBicepInput.txt' and '_mc_policySetDefinitionsBicepInput.txt' respectively. It also creates a parameters file for each of the policy set definitions. It also outputs the number of policies definition and set definition files to the console for easier reviewing as part of the PR process. -AUTHOR/S: faister, jtracey93 -VERSION: 1.1 +DESCRIPTION: This PowerShell script outputs the Name & Path to a Bicep structured .txt file named '_mc_policyDefinitionsBicepInput.txt' (defintionsTxtFileName) and '_mc_policySetDefinitionsBicepInput.txt' (defintionsSetTxtFileName) respectively. It also creates a parameters file for each of the policy set definitions. It also outputs the number of policy and policy set definition files to the console for easier reviewing as part of the PR process. +AUTHOR/S: faister, jtracey93, seseicht +VERSION: 2.0.0 #> +[Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSReviewUnusedParameter", "", Justification = "False Positive")] + +[CmdletBinding(SupportsShouldProcess)] +param ( + [Parameter()] + [string] + $rootPath = "./infra-as-code/bicep/modules/policy", + [string] + $definitionsRoot = "definitions", + [string] + $definitionsPath = "lib/china/policy_definitions", + [string] + $definitionsLongPath = "$definitionsRoot/$definitionsPath", + [string] + $definitionsSetPath = "lib/china/policy_set_definitions", + [string] + $definitionsSetLongPath = "$definitionsRoot/$definitionsSetPath", + [string] + $assignmentsRoot = "assignments", + [string] + $assignmentsPath = "lib/china/policy_assignments", + [string] + $assignmentsLongPath = "$assignmentsRoot/$assignmentsPath", + [string] + $defintionsTxtFileName = "_mc_policyDefinitionsBicepInput.txt", + [string] + $defintionsSetTxtFileName = "_mc_policySetDefinitionsBicepInput.txt", + [string] + $assignmentsTxtFileName = "_mc_policyAssignmentsBicepInput.txt" +) + +#region Policy Definitions +function New-PolicyDefinitionsBicepInputTxtFile { + [CmdletBinding(SupportsShouldProcess)] + param() + + Write-Information "====> Creating/Emptying '$defintionsTxtFileName'" -InformationAction Continue + Set-Content -Path "$rootPath/$definitionsLongPath/$defintionsTxtFileName" -Value $null -Encoding "utf8" + + Write-Information "====> Looping Through Policy Definitions:" -InformationAction Continue + Get-ChildItem -Recurse -Path "$rootPath/$definitionsLongPath" -Filter "*.json" | ForEach-Object { + $policyDef = Get-Content $_.FullName | ConvertFrom-Json -Depth 100 + + $policyDefinitionName = $policyDef.name + $fileName = $_.Name + + Write-Information "==> Adding '$policyDefinitionName' to '$PWD/$defintionsTxtFileName'" -InformationAction Continue + Add-Content -Path "$rootPath/$definitionsLongPath/$defintionsTxtFileName" -Encoding "utf8" -Value "{`r`n`tname: '$policyDefinitionName'`r`n`tlibDefinition: json(loadTextContent('$definitionsPath/$fileName'))`r`n}" + } -# Policy Definitions - -Write-Information "====> Creating/Emptying '_mc_policyDefinitionsBicepInput.txt' for Azure China" -InformationAction Continue -Set-Content -Path "./infra-as-code/bicep/modules/policy/definitions/lib/china/policy_definitions/_mc_policyDefinitionsBicepInput.txt" -Value $null -Encoding "utf8" - -Write-Information "====> Looping Through Policy Definitions:" -InformationAction Continue -Get-ChildItem -Recurse -Path "./infra-as-code/bicep/modules/policy/definitions/lib/china/policy_definitions" -Filter "*.json" | ForEach-Object { - $policyDef = Get-Content $_.FullName | ConvertFrom-Json -Depth 100 - - $policyDefinitionName = $policyDef.name - $fileName = $_.Name - - Write-Information "==> Adding '$policyDefinitionName' to '$PWD/_mc_policyDefinitionsBicepInput.txt'" -InformationAction Continue - Add-Content -Path "./infra-as-code/bicep/modules/policy/definitions/lib/china/policy_definitions/_mc_policyDefinitionsBicepInput.txt" -Encoding "utf8" -Value "{`r`n`tname: '$policyDefinitionName'`r`n`tlibDefinition: json(loadTextContent('lib/china/policy_definitions/$fileName'))`r`n}" + $policyDefCount = Get-ChildItem -Recurse -Path "$rootPath/$definitionsLongPath" -Filter "*.json" | Measure-Object + $policyDefCountString = $policyDefCount.Count + Write-Information "====> Policy Definitions Total: $policyDefCountString" -InformationAction Continue } +#endregion -$policyDefCount = Get-ChildItem -Recurse -Path "./infra-as-code/bicep/modules/policy/definitions/lib/china/policy_definitions" -Filter "*.json" | Measure-Object -$policyDefCountString = $policyDefCount.Count -Write-Information "====> Policy Definitions Total: $policyDefCountString" -InformationAction Continue +#region Policy Set Definitions +function New-PolicySetDefinitionsBicepInputTxtFile { + [CmdletBinding(SupportsShouldProcess)] + param() -# Policy Set Definitions + Write-Information "====> Creating/Emptying '$defintionsSetTxtFileName'" -InformationAction Continue + Set-Content -Path "$rootPath/$definitionsSetLongPath/$defintionsSetTxtFileName" -Value $null -Encoding "utf8" + Add-Content -Path "$rootPath/$definitionsSetLongPath/$defintionsSetTxtFileName" -Value "var varCustomPolicySetDefinitionsArray = [" -Encoding "utf8" -Write-Information "====> Creating/Emptying '_mc_policySetDefinitionsBicepInput.txt'" -InformationAction Continue -Set-Content -Path "./infra-as-code/bicep/modules/policy/definitions/lib/china/policy_set_definitions/_mc_policySetDefinitionsBicepInput.txt" -Value $null -Encoding "utf8" + Write-Information "====> Looping Through Policy Set/Initiative Definition:" -InformationAction Continue -Write-Information "====> Looping Through Policy Set/Initiative Definition:" -InformationAction Continue + $policySetDefParamVarList = @() -Get-ChildItem -Recurse -Path "./infra-as-code/bicep/modules/policy/definitions/lib/china/policy_set_definitions" -Filter "*.json" -Exclude "*.parameters.json" | ForEach-Object { - $policyDef = Get-Content $_.FullName | ConvertFrom-Json -Depth 100 + Get-ChildItem -Recurse -Path "$rootPath/$definitionsSetLongPath" -Filter "*.json" -Exclude "*.parameters.json" | ForEach-Object { + $policyDef = Get-Content $_.FullName | ConvertFrom-Json -Depth 100 - # Load child Policy Set/Initiative Definitions - $policyDefinitions = $policyDef.properties.policyDefinitions | Sort-Object -Property policyDefinitionReferenceId + # Load child Policy Set/Initiative Definitions + $policyDefinitions = $policyDef.properties.policyDefinitions | Sort-Object -Property policyDefinitionReferenceId - $policyDefinitionName = $policyDef.name - $fileName = $_.Name + $policyDefinitionName = $policyDef.name + $fileName = $_.Name - # Construct file name for Policy Set/Initiative Definitions parameters files - $parametersFileName = $fileName.Substring(0, $fileName.Length - 5) + ".parameters.json" + # Construct file name for Policy Set/Initiative Definitions parameters files + $parametersFileName = $fileName.Substring(0, $fileName.Length - 5) + ".parameters.json" - # Create Policy Set/Initiative Definitions parameter file - Write-Information "==> Creating/Emptying '$parametersFileName'" -InformationAction Continue - Set-Content -Path "./infra-as-code/bicep/modules/policy/definitions/lib/china/policy_set_definitions/$parametersFileName" -Value $null -Encoding "utf8" + # Create Policy Set/Initiative Definitions parameter file + Write-Information "==> Creating/Emptying '$parametersFileName'" -InformationAction Continue + Set-Content -Path "$rootPath/$definitionsSetLongPath/$parametersFileName" -Value $null -Encoding "utf8" - # Loop through all Policy Set/Initiative Definitions Child Definitions and create parameters file for each of them - [System.Collections.Hashtable]$definitionParametersOutputJSONObject = [ordered]@{} - $policyDefinitions | Sort-Object | ForEach-Object { - $definitionReferenceId = $_.policyDefinitionReferenceId - $definitionParameters = $_.parameters - - $definitionParameters | Sort-Object | ForEach-Object { - [System.Collections.Hashtable]$definitionParametersOutputArray = [ordered]@{} - $definitionParametersOutputArray.Add("parameters", $_) + # Loop through all Policy Set/Initiative Definitions Child Definitions and create parameters file for each of them + [System.Collections.Hashtable]$definitionParametersOutputJSONObject = [ordered]@{} + $policyDefinitions | Sort-Object | ForEach-Object { + $definitionReferenceId = $_.policyDefinitionReferenceId + $definitionParameters = $_.parameters + + if ($definitionParameters) { + $definitionParameters | Sort-Object | ForEach-Object { + [System.Collections.Hashtable]$definitionParametersOutputArray = [ordered]@{} + $definitionParametersOutputArray.Add("parameters", $_) + } + } + else { + [System.Collections.Hashtable]$definitionParametersOutputArray = [ordered]@{} + $definitionParametersOutputArray.Add("parameters", @{}) + } + + $definitionParametersOutputJSONObject.Add("$definitionReferenceId", $definitionParametersOutputArray) } + Write-Information "==> Adding parameters to '$parametersFileName'" -InformationAction Continue + Add-Content -Path "$rootPath/$definitionsSetLongPath/$parametersFileName" -Value ($definitionParametersOutputJSONObject | ConvertTo-Json -Depth 10) -Encoding "utf8" + + # Sort parameters file alphabetically to remove false git diffs + Write-Information "==> Sorting parameters file '$parametersFileName' alphabetically" -InformationAction Continue + $definitionParametersOutputJSONObjectSorted = New-Object PSCustomObject + Get-Content -Raw -Path "$rootPath/$definitionsSetLongPath/$parametersFileName" | ConvertFrom-Json -pv fromPipe -Depth 10 | + Get-Member -Type NoteProperty | Sort-Object Name | ForEach-Object { + Add-Member -InputObject $definitionParametersOutputJSONObjectSorted -Type NoteProperty -Name $_.Name -Value $fromPipe.$($_.Name) + } + Set-Content -Path "$rootPath/$definitionsSetLongPath/$parametersFileName" -Value ($definitionParametersOutputJSONObjectSorted | ConvertTo-Json -Depth 10) -Encoding "utf8" - $definitionParametersOutputJSONObject.Add("$definitionReferenceId", $definitionParametersOutputArray) - } - Write-Information "==> Adding parameters to '$parametersFileName'" -InformationAction Continue - Add-Content -Path "./infra-as-code/bicep/modules/policy/definitions/lib/china/policy_set_definitions/$parametersFileName" -Value ($definitionParametersOutputJSONObject | ConvertTo-Json -Depth 10) -Encoding "utf8" - - # Sort parameters file alphabetically to remove false git diffs - Write-Information "==> Sorting parameters file '$parametersFileName' alphabetically" -InformationAction Continue - $definitionParametersOutputJSONObjectSorted = New-Object PSCustomObject - Get-Content -Raw -Path "./infra-as-code/bicep/modules/policy/definitions/lib/china/policy_set_definitions/$parametersFileName" | ConvertFrom-Json -pv fromPipe -Depth 10 | - Get-Member -Type NoteProperty | Sort-Object Name | ForEach-Object { - Add-Member -InputObject $definitionParametersOutputJSONObjectSorted -Type NoteProperty -Name $_.Name -Value $fromPipe.$($_.Name) - } - Set-Content -Path "./infra-as-code/bicep/modules/policy/definitions/lib/china/policy_set_definitions/$parametersFileName" -Value ($definitionParametersOutputJSONObjectSorted | ConvertTo-Json -Depth 10) -Encoding "utf8" - - # Check if variable exists before trying to clear it - if ($policySetDefinitionsOutputForBicep) { - Clear-Variable -Name policySetDefinitionsOutputForBicep -ErrorAction Continue - } + # Check if variable exists before trying to clear it + if ($policySetDefinitionsOutputForBicep) { + Clear-Variable -Name policySetDefinitionsOutputForBicep -ErrorAction Continue + } - # Create HashTable variable - [System.Collections.Hashtable]$policySetDefinitionsOutputForBicep = [ordered]@{} + # Create HashTable variable + [System.Collections.Hashtable]$policySetDefinitionsOutputForBicep = [ordered]@{} - # Loop through child Policy Set/Initiative Definitions if HashTable not == 0 - if (($policyDefinitions.Count) -ne 0) { - $policyDefinitions | Sort-Object | ForEach-Object { - $policySetDefinitionsOutputForBicep.Add($_.policyDefinitionReferenceId, $_.policyDefinitionId) + # Loop through child Policy Set/Initiative Definitions if HashTable not == 0 + if (($policyDefinitions.Count) -ne 0) { + $policyDefinitions | Sort-Object | ForEach-Object { + $policySetDefinitionsOutputForBicep.Add($_.policyDefinitionReferenceId, $_.policyDefinitionId) + } } - } - # Start output file creation of Policy Set/Initiative Definitions for Bicep - Write-Information "==> Adding '$policyDefinitionName' to '$PWD/_mc_policySetDefinitionsBicepInput.txt'" -InformationAction Continue - Add-Content -Path "./infra-as-code/bicep/modules/policy/definitions/lib/china/policy_set_definitions/_mc_policySetDefinitionsBicepInput.txt" -Encoding "utf8" -Value "{`r`n`tname: '$policyDefinitionName'`r`n`tlibSetDefinition: json(loadTextContent('lib/china/policy_set_definitions/$fileName'))`r`n`tlibSetChildDefinitions: [" - - # Loop through child Policy Set/Initiative Definitions for Bicep output if HashTable not == 0 - if (($policySetDefinitionsOutputForBicep.Count) -ne 0) { - $policySetDefinitionsOutputForBicep.Keys | Sort-Object | ForEach-Object { - $definitionReferenceId = $_ - $definitionId = $($policySetDefinitionsOutputForBicep[$_]) - # Add nested array of objects to each Policy Set/Initiative Definition in the Bicep variable - Add-Content -Path "./infra-as-code/bicep/modules/policy/definitions/lib/china/policy_set_definitions/_mc_policySetDefinitionsBicepInput.txt" -Encoding "utf8" -Value "`t`t{`r`n`t`t`tdefinitionReferenceId: '$definitionReferenceId'`r`n`t`t`tdefinitionId: '$definitionId'`r`n`t`t`tdefinitionParameters: json(loadTextContent('lib/china/policy_set_definitions/$parametersFileName')).$definitionReferenceId.parameters`r`n`t`t}" + # Add Policy Set/Initiative Definition Parameter Variables to Bicep Input File + $policySetDefParamVarTrimJsonExt = $parametersFileName.TrimEnd("json").Replace('.', '_') + $policySetDefParamVarCreation = "var" + ($policySetDefParamVarTrimJsonExt -replace '(?:^|_|-)(\p{L})', { $_.Groups[1].Value.ToUpper() }).TrimEnd('_') + $policySetDefParamVar = "var " + $policySetDefParamVarCreation + " = " + "loadJsonContent('$definitionsSetPath/$parametersFileName')" + $policySetDefParamVarList += $policySetDefParamVar + + # Start output file creation of Policy Set/Initiative Definitions for Bicep + Write-Information "==> Adding '$policyDefinitionName' to '$PWD/$defintionsSetTxtFileName'" -InformationAction Continue + Add-Content -Path "$rootPath/$definitionsSetLongPath/$defintionsSetTxtFileName" -Encoding "utf8" -Value "`t{`r`n`t`tname: '$policyDefinitionName'`r`n`t`tlibSetDefinition: json(loadTextContent('$definitionsSetPath/$fileName'))`r`n`t`tlibSetChildDefinitions: [" + + # Loop through child Policy Set/Initiative Definitions for Bicep output if HashTable not == 0 + if (($policySetDefinitionsOutputForBicep.Count) -ne 0) { + $policySetDefinitionsOutputForBicep.Keys | Sort-Object | ForEach-Object { + $definitionReferenceId = $_ + $definitionReferenceIdForParameters = $_ + $definitionId = $($policySetDefinitionsOutputForBicep[$_]) + + # If definitionReferenceId or definitionReferenceIdForParameters contains apostrophes, replace that apostrophe with a backslash and an apostrohphe for Bicep string escaping + if ($definitionReferenceId.Contains("'")) { + $definitionReferenceId = $definitionReferenceId.Replace("'", "\'") + } + + if ($definitionReferenceIdForParameters.Contains("'")) { + $definitionReferenceIdForParameters = $definitionReferenceIdForParameters.Replace("'", "\'") + } + + # If definitionReferenceId contains, then wrap in definitionReferenceId value in [] to comply with bicep formatting + if ($definitionReferenceIdForParameters.Contains("-") -or $definitionReferenceIdForParameters.Contains(" ") -or $definitionReferenceIdForParameters.Contains("\'")) { + $definitionReferenceIdForParameters = "['$definitionReferenceIdForParameters']" + + # Add nested array of objects to each Policy Set/Initiative Definition in the Bicep variable, without the '.' before the definitionReferenceId to make it an accessor + Add-Content -Path "$rootPath/$definitionsSetLongPath/$defintionsSetTxtFileName" -Encoding "utf8" -Value "`t`t`t{`r`n`t`t`t`tdefinitionReferenceId: '$definitionReferenceId'`r`n`t`t`t`tdefinitionId: '$definitionId'`r`n`t`t`t`tdefinitionParameters: $policySetDefParamVarCreation$definitionReferenceIdForParameters.parameters`r`n`t`t`t}" + } + else { + # Add nested array of objects to each Policy Set/Initiative Definition in the Bicep variable + Add-Content -Path "$rootPath/$definitionsSetLongPath/$defintionsSetTxtFileName" -Encoding "utf8" -Value "`t`t`t{`r`n`t`t`t`tdefinitionReferenceId: '$definitionReferenceId'`r`n`t`t`t`tdefinitionId: '$definitionId'`r`n`t`t`t`tdefinitionParameters: $policySetDefParamVarCreation.$definitionReferenceIdForParameters.parameters`r`n`t`t`t}" + } + } } + + # Finish output file creation of Policy Set/Initiative Definitions for Bicep + Add-Content -Path "$rootPath/$definitionsSetLongPath/$defintionsSetTxtFileName" -Encoding "utf8" -Value "`t`t]`r`n`t}" + } + Add-Content -Path "$rootPath/$definitionsSetLongPath/$defintionsSetTxtFileName" -Encoding "utf8" -Value "]`r`n" - # Finish output file creation of Policy Set/Initiative Definitions for Bicep - Add-Content -Path "./infra-as-code/bicep/modules/policy/definitions/lib/china/policy_set_definitions/_mc_policySetDefinitionsBicepInput.txt" -Encoding "utf8" -Value "`t]`r`n}" + # Add Policy Set/Initiative Definition Parameter Variables to Bicep Input File + Add-Content -Path "$rootPath/$definitionsSetLongPath/$defintionsSetTxtFileName" -Encoding "utf8" -Value "`r`n// Policy Set/Initiative Definition Parameter Variables`r`n" + $policySetDefParamVarList | ForEach-Object { + Add-Content -Path "$rootPath/$definitionsSetLongPath/$defintionsSetTxtFileName" -Encoding "utf8" -Value "$_`r`n" + } + $policyDefCount = Get-ChildItem -Recurse -Path "$rootPath/$definitionsSetLongPath" -Filter "*.json" -Exclude "*.parameters.json" | Measure-Object + $policyDefCountString = $policyDefCount.Count + Write-Information "====> Policy Set/Initiative Definitions Total: $policyDefCountString" -InformationAction Continue } +#endregion -$policyDefCount = Get-ChildItem -Recurse -Path "./infra-as-code/bicep/modules/policy/definitions/lib/china/policy_set_definitions" -Filter "*.json" -Exclude "*.parameters.json" | Measure-Object -$policyDefCountString = $policyDefCount.Count -Write-Information "====> Policy Set/Initiative Definitions Total: $policyDefCountString" -InformationAction Continue +#region # # Policy Asssignmts - separaee policy asnignments for Azure China due to different policy definitions - missing built-in policies, and featurests - separate policy assignments for Azure China due to different policy definitions - missing built-in policies, and features +function New-PolicyAssignmentsBicepInputTxtFile { + [CmdletBinding(SupportsShouldProcess)] + param() -# Policy Asssignments - separate policy assignments for Azure China due to different policy definitions - missing built-in policies, and features + Write-Information "====> Creating/Emptying '$assignmentsTxtFileName '" -InformationAction Continue + Set-Content -Path "$rootPath/$assignmentsLongPath/$assignmentsTxtFileName" -Value $null -Encoding "utf8" -Write-Information "====> Creating/Emptying '_mc_policyAssignmentsBicepInput.txt'" -InformationAction Continue -Set-Content -Path "./infra-as-code/bicep/modules/policy/assignments/lib/china/policy_assignments/_mc_policyAssignmentsBicepInput.txt" -Value $null -Encoding "utf8" + Write-Information "====> Looping Through Policy Assignments:" -InformationAction Continue + Get-ChildItem -Recurse -Path "$rootPath/$assignmentsLongPath" -Filter "*.json" | ForEach-Object { + $policyAssignment = Get-Content $_.FullName | ConvertFrom-Json -Depth 100 -Write-Information "====> Looping Through Policy Assignments:" -InformationAction Continue -Get-ChildItem -Recurse -Path "./infra-as-code/bicep/modules/policy/assignments/lib/china/policy_assignments" -Filter "*.json" | ForEach-Object { - $policyAssignment = Get-Content $_.FullName | ConvertFrom-Json -Depth 100 + $policyAssignmentName = $policyAssignment.name + $policyAssignmentDefinitionID = $policyAssignment.properties.policyDefinitionId + $fileName = $_.Name - $policyAssignmentName = $policyAssignment.name - $policyAssignmentDefinitionID = $policyAssignment.properties.policyDefinitionId - $fileName = $_.Name + # Remove hyphens from Policy Assignment Name + $policyAssignmentNameNoHyphens = $policyAssignmentName.replace("-", "") - # Remove hyphens from Policy Assignment Name - $policyAssignmentNameNoHyphens = $policyAssignmentName.replace("-","") + Write-Information "==> Adding '$policyAssignmentName' to '$PWD/$assignmentsTxtFileName'" -InformationAction Continue + Add-Content -Path "$rootPath/$assignmentsLongPath/$assignmentsTxtFileName" -Encoding "utf8" -Value "var varPolicyAssignment$policyAssignmentNameNoHyphens = {`r`n`tdefinitionId: '$policyAssignmentDefinitionID'`r`n`tlibDefinition: json(loadTextContent('../../policy/$assignmentsLongPath/$fileName'))`r`n}`r`n" + } - Write-Information "==> Adding '$policyAssignmentName' to '$PWD/_mc_policyAssignmentsBicepInput.txt'" -InformationAction Continue - Add-Content -Path "./infra-as-code/bicep/modules/policy/assignments/lib/china/policy_assignments/_mc_policyAssignmentsBicepInput.txt" -Encoding "utf8" -Value "var varPolicyAssignment$policyAssignmentNameNoHyphens = {`r`n`tdefinitionID: '$policyAssignmentDefinitionID'`r`n`tlibDefinition: json(loadTextContent('../../policy/assignments/lib/china/policy_assignments/$fileName'))`r`n}`r`n" + $policyAssignmentCount = Get-ChildItem -Recurse -Path "$rootPath/$assignmentsLongPath" -Filter "*.json" | Measure-Object + $policyAssignmentCountString = $policyAssignmentCount.Count + Write-Information "====> Policy Assignments Total: $policyAssignmentCountString" -InformationAction Continue } +#endregion -$policyAssignmentCount = Get-ChildItem -Recurse -Path "./infra-as-code/bicep/modules/policy/assignments/lib/china/policy_assignments" -Filter "*.json" | Measure-Object -$policyAssignmentCountString = $policyAssignmentCount.Count -Write-Information "====> Policy Assignments Total: $policyAssignmentCountString" -InformationAction Continue +New-PolicyDefinitionsBicepInputTxtFile +New-PolicySetDefinitionsBicepInputTxtFile +New-PolicyAssignmentsBicepInputTxtFile \ No newline at end of file diff --git a/.github/scripts/Invoke-PolicyToBicep.ps1 b/.github/scripts/Invoke-PolicyToBicep.ps1 index 5ca46aa4d..90a5e30fc 100644 --- a/.github/scripts/Invoke-PolicyToBicep.ps1 +++ b/.github/scripts/Invoke-PolicyToBicep.ps1 @@ -1,136 +1,227 @@ <# SUMMARY: This PowerShell script helps with the authoring of the policy definiton module by outputting information required for the variables within the module. -DESCRIPTION: This PowerShell script outputs the Name & Path to a Bicep strucutred .txt file named '_policyDefinitionsBicepInput.txt' and '_policySetDefinitionsBicepInput.txt' respectively. It also creates a parameters file for each of the policy set definitions. It also outputs the number of policies definition and set definition files to the console for easier reviewing as part of the PR process. -AUTHOR/S: jtracey93 -VERSION: 1.5.3 +DESCRIPTION: This PowerShell script outputs the Name & Path to a Bicep structured .txt file named '_policyDefinitionsBicepInput.txt' ($defintionsTxtFileName) and '_policySetDefinitionsBicepInput.txt' ($defintionsSetTxtFileName) respectively. It also creates a parameters file for each of the policy set definitions. It also outputs the number of policy and policy set definition files to the console for easier reviewing as part of the PR process. +AUTHOR/S: jtracey93, seseicht +VERSION: 2.0.0 #> +[Diagnostics.CodeAnalysis.SuppressMessageAttribute("PSReviewUnusedParameter", "", Justification="False Positive")] + +[CmdletBinding(SupportsShouldProcess)] +param ( + [Parameter()] + [string] + $rootPath = "./infra-as-code/bicep/modules/policy", + [string] + $definitionsRoot = "definitions", + [string] + $definitionsPath = "lib/policy_definitions", + [string] + $definitionsLongPath = "$definitionsRoot/$definitionsPath", + [string] + $definitionsSetPath = "lib/policy_set_definitions", + [string] + $definitionsSetLongPath = "$definitionsRoot/$definitionsSetPath", + [string] + $assignmentsRoot = "assignments", + [string] + $assignmentsPath = "lib/policy_assignments", + [string] + $assignmentsLongPath = "$assignmentsRoot/$assignmentsPath", + [string] + $defintionsTxtFileName = "_policyDefinitionsBicepInput.txt", + [string] + $defintionsSetTxtFileName = "_policySetDefinitionsBicepInput.txt", + [string] + $assignmentsTxtFileName = "_policyAssignmentsBicepInput.txt" +) + +#region Policy Definitions +function New-PolicyDefinitionsBicepInputTxtFile { + [CmdletBinding(SupportsShouldProcess)] + param() + + Write-Information "====> Creating/Emptying '$defintionsTxtFileName'" -InformationAction Continue + Set-Content -Path "$rootPath/$definitionsLongPath/$defintionsTxtFileName" -Value $null -Encoding "utf8" + + Write-Information "====> Looping Through Policy Definitions:" -InformationAction Continue + Get-ChildItem -Recurse -Path "$rootPath/$definitionsLongPath" -Filter "*.json" | ForEach-Object { + $policyDef = Get-Content $_.FullName | ConvertFrom-Json -Depth 100 + + $policyDefinitionName = $policyDef.name + $fileName = $_.Name + + Write-Information "==> Adding '$policyDefinitionName' to '$PWD/$defintionsTxtFileName'" -InformationAction Continue + Add-Content -Path "$rootPath/$definitionsLongPath/$defintionsTxtFileName" -Encoding "utf8" -Value "{`r`n`tname: '$policyDefinitionName'`r`n`tlibDefinition: json(loadTextContent('$definitionsPath/$fileName'))`r`n}" + } -# Policy Definitions - -Write-Information "====> Creating/Emptying '_policyDefinitionsBicepInput.txt'" -InformationAction Continue -Set-Content -Path "./infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/_policyDefinitionsBicepInput.txt" -Value $null -Encoding "utf8" - -Write-Information "====> Looping Through Policy Definitions:" -InformationAction Continue -Get-ChildItem -Recurse -Path "./infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions" -Filter "*.json" | ForEach-Object { - $policyDef = Get-Content $_.FullName | ConvertFrom-Json -Depth 100 - - $policyDefinitionName = $policyDef.name - $fileName = $_.Name - - Write-Information "==> Adding '$policyDefinitionName' to '$PWD/_policyDefinitionsBicepInput.txt'" -InformationAction Continue - Add-Content -Path "./infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/_policyDefinitionsBicepInput.txt" -Encoding "utf8" -Value "{`r`n`tname: '$policyDefinitionName'`r`n`tlibDefinition: json(loadTextContent('lib/policy_definitions/$fileName'))`r`n}" + $policyDefCount = Get-ChildItem -Recurse -Path "$rootPath/$definitionsLongPath" -Filter "*.json" | Measure-Object + $policyDefCountString = $policyDefCount.Count + Write-Information "====> Policy Definitions Total: $policyDefCountString" -InformationAction Continue } +#endregion -$policyDefCount = Get-ChildItem -Recurse -Path "./infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions" -Filter "*.json" | Measure-Object -$policyDefCountString = $policyDefCount.Count -Write-Information "====> Policy Definitions Total: $policyDefCountString" -InformationAction Continue +#region Policy Set Definitions +function New-PolicySetDefinitionsBicepInputTxtFile { + [CmdletBinding(SupportsShouldProcess)] + param() -# Policy Set Definitions + Write-Information "====> Creating/Emptying '$defintionsSetTxtFileName'" -InformationAction Continue + Set-Content -Path "$rootPath/$definitionsSetLongPath/$defintionsSetTxtFileName" -Value $null -Encoding "utf8" + Add-Content -Path "$rootPath/$definitionsSetLongPath/$defintionsSetTxtFileName" -Value "var varCustomPolicySetDefinitionsArray = [" -Encoding "utf8" -Write-Information "====> Creating/Emptying '_policySetDefinitionsBicepInput.txt'" -InformationAction Continue -Set-Content -Path "./infra-as-code/bicep/modules/policy/definitions/lib/policy_set_definitions/_policySetDefinitionsBicepInput.txt" -Value $null -Encoding "utf8" + Write-Information "====> Looping Through Policy Set/Initiative Definition:" -InformationAction Continue -Write-Information "====> Looping Through Policy Set/Initiative Definition:" -InformationAction Continue + $policySetDefParamVarList = @() -Get-ChildItem -Recurse -Path "./infra-as-code/bicep/modules/policy/definitions/lib/policy_set_definitions" -Filter "*.json" -Exclude "*.parameters.json" | ForEach-Object { - $policyDef = Get-Content $_.FullName | ConvertFrom-Json -Depth 100 + Get-ChildItem -Recurse -Path "$rootPath/$definitionsSetLongPath" -Filter "*.json" -Exclude "*.parameters.json" | ForEach-Object { + $policyDef = Get-Content $_.FullName | ConvertFrom-Json -Depth 100 - # Load child Policy Set/Initiative Definitions - $policyDefinitions = $policyDef.properties.policyDefinitions | Sort-Object -Property policyDefinitionReferenceId + # Load child Policy Set/Initiative Definitions + $policyDefinitions = $policyDef.properties.policyDefinitions | Sort-Object -Property policyDefinitionReferenceId - $policyDefinitionName = $policyDef.name - $fileName = $_.Name + $policyDefinitionName = $policyDef.name + $fileName = $_.Name - # Construct file name for Policy Set/Initiative Definitions parameters files - $parametersFileName = $fileName.Substring(0, $fileName.Length - 5) + ".parameters.json" + # Construct file name for Policy Set/Initiative Definitions parameters files + $parametersFileName = $fileName.Substring(0, $fileName.Length - 5) + ".parameters.json" - # Create Policy Set/Initiative Definitions parameter file - Write-Information "==> Creating/Emptying '$parametersFileName'" -InformationAction Continue - Set-Content -Path "./infra-as-code/bicep/modules/policy/definitions/lib/policy_set_definitions/$parametersFileName" -Value $null -Encoding "utf8" + # Create Policy Set/Initiative Definitions parameter file + Write-Information "==> Creating/Emptying '$parametersFileName'" -InformationAction Continue + Set-Content -Path "$rootPath/$definitionsSetLongPath/$parametersFileName" -Value $null -Encoding "utf8" - # Loop through all Policy Set/Initiative Definitions Child Definitions and create parameters file for each of them - [System.Collections.Hashtable]$definitionParametersOutputJSONObject = [ordered]@{} - $policyDefinitions | Sort-Object | ForEach-Object { - $definitionReferenceId = $_.policyDefinitionReferenceId - $definitionParameters = $_.parameters - - $definitionParameters | Sort-Object | ForEach-Object { - [System.Collections.Hashtable]$definitionParametersOutputArray = [ordered]@{} - $definitionParametersOutputArray.Add("parameters", $_) + # Loop through all Policy Set/Initiative Definitions Child Definitions and create parameters file for each of them + [System.Collections.Hashtable]$definitionParametersOutputJSONObject = [ordered]@{} + $policyDefinitions | Sort-Object | ForEach-Object { + $definitionReferenceId = $_.policyDefinitionReferenceId + $definitionParameters = $_.parameters + + if ($definitionParameters) { + $definitionParameters | Sort-Object | ForEach-Object { + [System.Collections.Hashtable]$definitionParametersOutputArray = [ordered]@{} + $definitionParametersOutputArray.Add("parameters", $_) + } + } + else { + [System.Collections.Hashtable]$definitionParametersOutputArray = [ordered]@{} + $definitionParametersOutputArray.Add("parameters", @{}) + } + + $definitionParametersOutputJSONObject.Add("$definitionReferenceId", $definitionParametersOutputArray) } + Write-Information "==> Adding parameters to '$parametersFileName'" -InformationAction Continue + Add-Content -Path "$rootPath/$definitionsSetLongPath/$parametersFileName" -Value ($definitionParametersOutputJSONObject | ConvertTo-Json -Depth 10) -Encoding "utf8" + + # Sort parameters file alphabetically to remove false git diffs + Write-Information "==> Sorting parameters file '$parametersFileName' alphabetically" -InformationAction Continue + $definitionParametersOutputJSONObjectSorted = New-Object PSCustomObject + Get-Content -Raw -Path "$rootPath/$definitionsSetLongPath/$parametersFileName" | ConvertFrom-Json -pv fromPipe -Depth 10 | + Get-Member -Type NoteProperty | Sort-Object Name | ForEach-Object { + Add-Member -InputObject $definitionParametersOutputJSONObjectSorted -Type NoteProperty -Name $_.Name -Value $fromPipe.$($_.Name) + } + Set-Content -Path "$rootPath/$definitionsSetLongPath/$parametersFileName" -Value ($definitionParametersOutputJSONObjectSorted | ConvertTo-Json -Depth 10) -Encoding "utf8" - $definitionParametersOutputJSONObject.Add("$definitionReferenceId", $definitionParametersOutputArray) - } - Write-Information "==> Adding parameters to '$parametersFileName'" -InformationAction Continue - Add-Content -Path "./infra-as-code/bicep/modules/policy/definitions/lib/policy_set_definitions/$parametersFileName" -Value ($definitionParametersOutputJSONObject | ConvertTo-Json -Depth 10) -Encoding "utf8" - - # Sort parameters file alphabetically to remove false git diffs - Write-Information "==> Sorting parameters file '$parametersFileName' alphabetically" -InformationAction Continue - $definitionParametersOutputJSONObjectSorted = New-Object PSCustomObject - Get-Content -Raw -Path "./infra-as-code/bicep/modules/policy/definitions/lib/policy_set_definitions/$parametersFileName" | ConvertFrom-Json -pv fromPipe -Depth 10 | - Get-Member -Type NoteProperty | Sort-Object Name | ForEach-Object { - Add-Member -InputObject $definitionParametersOutputJSONObjectSorted -Type NoteProperty -Name $_.Name -Value $fromPipe.$($_.Name) - } - Set-Content -Path "./infra-as-code/bicep/modules/policy/definitions/lib/policy_set_definitions/$parametersFileName" -Value ($definitionParametersOutputJSONObjectSorted | ConvertTo-Json -Depth 10) -Encoding "utf8" - - # Check if variable exists before trying to clear it - if ($policySetDefinitionsOutputForBicep) { - Clear-Variable -Name policySetDefinitionsOutputForBicep -ErrorAction Continue - } + # Check if variable exists before trying to clear it + if ($policySetDefinitionsOutputForBicep) { + Clear-Variable -Name policySetDefinitionsOutputForBicep -ErrorAction Continue + } - # Create HashTable variable - [System.Collections.Hashtable]$policySetDefinitionsOutputForBicep = [ordered]@{} + # Create HashTable variable + [System.Collections.Hashtable]$policySetDefinitionsOutputForBicep = [ordered]@{} - # Loop through child Policy Set/Initiative Definitions if HashTable not == 0 - if (($policyDefinitions.Count) -ne 0) { - $policyDefinitions | Sort-Object | ForEach-Object { - $policySetDefinitionsOutputForBicep.Add($_.policyDefinitionReferenceId, $_.policyDefinitionId) + # Loop through child Policy Set/Initiative Definitions if HashTable not == 0 + if (($policyDefinitions.Count) -ne 0) { + $policyDefinitions | Sort-Object | ForEach-Object { + $policySetDefinitionsOutputForBicep.Add($_.policyDefinitionReferenceId, $_.policyDefinitionId) + } } - } - # Start output file creation of Policy Set/Initiative Definitions for Bicep - Write-Information "==> Adding '$policyDefinitionName' to '$PWD/_policySetDefinitionsBicepInput.txt'" -InformationAction Continue - Add-Content -Path "./infra-as-code/bicep/modules/policy/definitions/lib/policy_set_definitions/_policySetDefinitionsBicepInput.txt" -Encoding "utf8" -Value "{`r`n`tname: '$policyDefinitionName'`r`n`tlibSetDefinition: json(loadTextContent('lib/policy_set_definitions/$fileName'))`r`n`tlibSetChildDefinitions: [" - - # Loop through child Policy Set/Initiative Definitions for Bicep output if HashTable not == 0 - if (($policySetDefinitionsOutputForBicep.Count) -ne 0) { - $policySetDefinitionsOutputForBicep.Keys | Sort-Object | ForEach-Object { - $definitionReferenceId = $_ - $definitionId = $($policySetDefinitionsOutputForBicep[$_]) - # Add nested array of objects to each Policy Set/Initiative Definition in the Bicep variable - Add-Content -Path "./infra-as-code/bicep/modules/policy/definitions/lib/policy_set_definitions/_policySetDefinitionsBicepInput.txt" -Encoding "utf8" -Value "`t`t{`r`n`t`t`tdefinitionReferenceId: '$definitionReferenceId'`r`n`t`t`tdefinitionId: '$definitionId'`r`n`t`t`tdefinitionParameters: json(loadTextContent('lib/policy_set_definitions/$parametersFileName')).$definitionReferenceId.parameters`r`n`t`t}" + # Add Policy Set/Initiative Definition Parameter Variables to Bicep Input File + $policySetDefParamVarTrimJsonExt = $parametersFileName.TrimEnd("json").Replace('.', '_') + $policySetDefParamVarCreation = "var" + ($policySetDefParamVarTrimJsonExt -replace '(?:^|_|-)(\p{L})', { $_.Groups[1].Value.ToUpper() }).TrimEnd('_') + $policySetDefParamVar = "var " + $policySetDefParamVarCreation + " = " + "loadJsonContent('$definitionsSetPath/$parametersFileName')" + $policySetDefParamVarList += $policySetDefParamVar + + # Start output file creation of Policy Set/Initiative Definitions for Bicep + Write-Information "==> Adding '$policyDefinitionName' to '$PWD/$defintionsSetTxtFileName'" -InformationAction Continue + Add-Content -Path "$rootPath/$definitionsSetLongPath/$defintionsSetTxtFileName" -Encoding "utf8" -Value "`t{`r`n`t`tname: '$policyDefinitionName'`r`n`t`tlibSetDefinition: json(loadTextContent('$definitionsSetPath/$fileName'))`r`n`t`tlibSetChildDefinitions: [" + + # Loop through child Policy Set/Initiative Definitions for Bicep output if HashTable not == 0 + if (($policySetDefinitionsOutputForBicep.Count) -ne 0) { + $policySetDefinitionsOutputForBicep.Keys | Sort-Object | ForEach-Object { + $definitionReferenceId = $_ + $definitionReferenceIdForParameters = $_ + $definitionId = $($policySetDefinitionsOutputForBicep[$_]) + + # If definitionReferenceId or definitionReferenceIdForParameters contains apostrophes, replace that apostrophe with a backslash and an apostrohphe for Bicep string escaping + if ($definitionReferenceId.Contains("'")) { + $definitionReferenceId = $definitionReferenceId.Replace("'", "\'") + } + + if ($definitionReferenceIdForParameters.Contains("'")) { + $definitionReferenceIdForParameters = $definitionReferenceIdForParameters.Replace("'", "\'") + } + + # If definitionReferenceId contains, then wrap in definitionReferenceId value in [] to comply with bicep formatting + if ($definitionReferenceIdForParameters.Contains("-") -or $definitionReferenceIdForParameters.Contains(" ") -or $definitionReferenceIdForParameters.Contains("\'")) { + $definitionReferenceIdForParameters = "['$definitionReferenceIdForParameters']" + + # Add nested array of objects to each Policy Set/Initiative Definition in the Bicep variable, without the '.' before the definitionReferenceId to make it an accessor + Add-Content -Path "$rootPath/$definitionsSetLongPath/$defintionsSetTxtFileName" -Encoding "utf8" -Value "`t`t`t{`r`n`t`t`t`tdefinitionReferenceId: '$definitionReferenceId'`r`n`t`t`t`tdefinitionId: '$definitionId'`r`n`t`t`t`tdefinitionParameters: $policySetDefParamVarCreation$definitionReferenceIdForParameters.parameters`r`n`t`t`t}" + } + else { + # Add nested array of objects to each Policy Set/Initiative Definition in the Bicep variable + Add-Content -Path "$rootPath/$definitionsSetLongPath/$defintionsSetTxtFileName" -Encoding "utf8" -Value "`t`t`t{`r`n`t`t`t`tdefinitionReferenceId: '$definitionReferenceId'`r`n`t`t`t`tdefinitionId: '$definitionId'`r`n`t`t`t`tdefinitionParameters: $policySetDefParamVarCreation.$definitionReferenceIdForParameters.parameters`r`n`t`t`t}" + } + } } + + # Finish output file creation of Policy Set/Initiative Definitions for Bicep + Add-Content -Path "$rootPath/$definitionsSetLongPath/$defintionsSetTxtFileName" -Encoding "utf8" -Value "`t`t]`r`n`t}" + } + Add-Content -Path "$rootPath/$definitionsSetLongPath/$defintionsSetTxtFileName" -Encoding "utf8" -Value "]`r`n" - # Finish output file creation of Policy Set/Initiative Definitions for Bicep - Add-Content -Path "./infra-as-code/bicep/modules/policy/definitions/lib/policy_set_definitions/_policySetDefinitionsBicepInput.txt" -Encoding "utf8" -Value "`t]`r`n}" + # Add Policy Set/Initiative Definition Parameter Variables to Bicep Input File + Add-Content -Path "$rootPath/$definitionsSetLongPath/$defintionsSetTxtFileName" -Encoding "utf8" -Value "`r`n// Policy Set/Initiative Definition Parameter Variables`r`n" + $policySetDefParamVarList | ForEach-Object { + Add-Content -Path "$rootPath/$definitionsSetLongPath/$defintionsSetTxtFileName" -Encoding "utf8" -Value "$_`r`n" + } + $policyDefCount = Get-ChildItem -Recurse -Path "$rootPath/$definitionsSetLongPath" -Filter "*.json" -Exclude "*.parameters.json" | Measure-Object + $policyDefCountString = $policyDefCount.Count + Write-Information "====> Policy Set/Initiative Definitions Total: $policyDefCountString" -InformationAction Continue } +#endregion -$policyDefCount = Get-ChildItem -Recurse -Path "./infra-as-code/bicep/modules/policy/definitions/lib/policy_set_definitions" -Filter "*.json" -Exclude "*.parameters.json" | Measure-Object -$policyDefCountString = $policyDefCount.Count -Write-Information "====> Policy Set/Initiative Definitions Total: $policyDefCountString" -InformationAction Continue +#region Policy Asssignments +function New-PolicyAssignmentsBicepInputTxtFile { + [CmdletBinding(SupportsShouldProcess)] + param() -# Policy Asssignments + Write-Information "====> Creating/Emptying '$assignmentsTxtFileName'" -InformationAction Continue + Set-Content -Path "$rootPath/$assignmentsLongPath/$assignmentsTxtFileName" -Value $null -Encoding "utf8" -Write-Information "====> Creating/Emptying '_policyAssignmentsBicepInput.txt'" -InformationAction Continue -Set-Content -Path "./infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/_policyAssignmentsBicepInput.txt" -Value $null -Encoding "utf8" + Write-Information "====> Looping Through Policy Assignments:" -InformationAction Continue + Get-ChildItem -Recurse -Path "$rootPath/$assignmentsLongPath" -Filter "*.json" | ForEach-Object { + $policyAssignment = Get-Content $_.FullName | ConvertFrom-Json -Depth 100 -Write-Information "====> Looping Through Policy Assignments:" -InformationAction Continue -Get-ChildItem -Recurse -Path "./infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments" -Filter "*.json" | ForEach-Object { - $policyAssignment = Get-Content $_.FullName | ConvertFrom-Json -Depth 100 + $policyAssignmentName = $policyAssignment.name + $policyAssignmentDefinitionID = $policyAssignment.properties.policyDefinitionId + $fileName = $_.Name - $policyAssignmentName = $policyAssignment.name - $policyAssignmentDefinitionID = $policyAssignment.properties.policyDefinitionId - $fileName = $_.Name + # Remove hyphens from Policy Assignment Name + $policyAssignmentNameNoHyphens = $policyAssignmentName.replace("-", "") - # Remove hyphens from Policy Assignment Name - $policyAssignmentNameNoHyphens = $policyAssignmentName.replace("-","") + Write-Information "==> Adding '$policyAssignmentName' to '$PWD/$assignmentsTxtFileName'" -InformationAction Continue + Add-Content -Path "$rootPath/$assignmentsLongPath/$assignmentsTxtFileName" -Encoding "utf8" -Value "var varPolicyAssignment$policyAssignmentNameNoHyphens = {`r`n`tdefinitionId: '$policyAssignmentDefinitionID'`r`n`tlibDefinition: json(loadTextContent('../../policy/$assignmentsLongPath/$fileName'))`r`n}`r`n" + } - Write-Information "==> Adding '$policyAssignmentName' to '$PWD/_policyAssignmentsBicepInput.txt'" -InformationAction Continue - Add-Content -Path "./infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/_policyAssignmentsBicepInput.txt" -Encoding "utf8" -Value "var varPolicyAssignment$policyAssignmentNameNoHyphens = {`r`n`tdefinitionId: '$policyAssignmentDefinitionID'`r`n`tlibDefinition: json(loadTextContent('../../policy/assignments/lib/policy_assignments/$fileName'))`r`n}`r`n" + $policyAssignmentCount = Get-ChildItem -Recurse -Path "$rootPath/$assignmentsLongPath" -Filter "*.json" | Measure-Object + $policyAssignmentCountString = $policyAssignmentCount.Count + Write-Information "====> Policy Assignments Total: $policyAssignmentCountString" -InformationAction Continue } +#endregion -$policyAssignmentCount = Get-ChildItem -Recurse -Path "./infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments" -Filter "*.json" | Measure-Object -$policyAssignmentCountString = $policyAssignmentCount.Count -Write-Information "====> Policy Assignments Total: $policyAssignmentCountString" -InformationAction Continue \ No newline at end of file +New-PolicyDefinitionsBicepInputTxtFile +New-PolicySetDefinitionsBicepInputTxtFile +New-PolicyAssignmentsBicepInputTxtFile \ No newline at end of file diff --git a/.vscode/tours/upstreamPolicyUpdateProcess.tour b/.vscode/tours/upstreamPolicyUpdateProcess.tour index bdc3487a7..802d61c35 100644 --- a/.vscode/tours/upstreamPolicyUpdateProcess.tour +++ b/.vscode/tours/upstreamPolicyUpdateProcess.tour @@ -206,10 +206,11 @@ }, "end": { "line": 11, - "character": 155 + "character": 18 } }, - "description": "Create and overwrite the `_policyDefinitionsBicepInput.txt` file in the specified directory with a new empty file with `utf8` encoding" + "description": "Create and overwrite the `_policyDefinitionsBicepInput.txt` file in the specified directory with a new empty file with `utf8` encoding", + "line": 44 }, { "file": ".github/scripts/Invoke-PolicyToBicep.ps1", @@ -223,7 +224,8 @@ "character": 264 } }, - "description": "For every `.json` file in the `lib/policy_definitions` directory extract the policy definition name and the file path and then write them (append) into the `_policyDefinitionsBicepInput.txt` file in a Bicep formatted output (see end of line 21)" + "description": "For every `.json` file in the `lib/policy_definitions` directory extract the policy definition name and the file path and then write them (append) into the `_policyDefinitionsBicepInput.txt` file in a Bicep formatted output (see end of line 54)", + "line": 47 }, { "file": ".github/scripts/Invoke-PolicyToBicep.ps1", @@ -237,49 +239,42 @@ "character": 102 } }, - "description": "Count the number of policy definitions in the `lib/policy_definitions` directory and output to the console the total number" + "description": "Count the number of policy definitions in the `lib/policy_definitions` directory and output to the console the total number", + "line": 57 }, { "file": ".github/scripts/Invoke-PolicyToBicep.ps1", "selection": { "start": { - "line": 30, + "line": 110, "character": 1 }, "end": { - "line": 31, - "character": 162 + "line": 112, + "character": 117 } }, - "description": "Create and overwrite the `_policySetDefinitionsBicepInput.txt` file in the specified directory with a new empty file with `utf8` encoding" + "description": "Count the number of policy set definitions in the `lib/policy_set_definitions` directory and output to the console the total number" }, { "file": ".github/scripts/Invoke-PolicyToBicep.ps1", "selection": { "start": { - "line": 35, + "line": 30, "character": 1 }, "end": { - "line": 108, - "character": 2 + "line": 31, + "character": 162 } }, - "description": "For every `.json` file in the `lib/policy_set_definitions` directory extract the policy set definitions (initiative) name and the file path and then write them (append) into the `_policySetDefinitionsBicepInput.txt` file in a Bicep formatted output (see end of line 93, 101 and 106).\r\n\r\nIt also creates a parameters file (not an ARM complaint one, just a JSON compliant document). And it also loops through all the child policy definitions of each policy set definition (initiative) and extracts the definition reference ID and the definition ID and adds them to the output in the `_policySetDefinitionsBicepInput.txt` file" + "description": "Create and overwrite the `_policySetDefinitionsBicepInput.txt` file in the specified directory with a new empty file with `utf8` encoding", + "line": 69 }, { "file": ".github/scripts/Invoke-PolicyToBicep.ps1", - "selection": { - "start": { - "line": 110, - "character": 1 - }, - "end": { - "line": 112, - "character": 117 - } - }, - "description": "Count the number of policy set definitions in the `lib/policy_set_definitions` directory and output to the console the total number" + "description": "For every `.json` file in the `lib/policy_set_definitions` directory extract the policy set definitions (initiative) name and the file path and then write them (append) into the `_policySetDefinitionsBicepInput.txt` file in a Bicep formatted output (see end of line 145, 168 and 172).\r\n\r\nIt also creates a parameters file (not an ARM complaint one, just a JSON compliant document). And it also loops through all the child policy definitions of each policy set definition (initiative) and extracts the definition reference ID and the definition ID and adds them to the output in the `_policySetDefinitionsBicepInput.txt` file", + "line": 64 }, { "file": ".github/scripts/Invoke-PolicyToBicep.ps1", @@ -293,7 +288,8 @@ "character": 155 } }, - "description": "Create and overwrite the `_policyAssignmentsBicepInput.txt` file in the specified directory with a new empty file with `utf8` encoding" + "description": "Create and overwrite the `_policyAssignmentsBicepInput.txt` file in the specified directory with a new empty file with `utf8` encoding", + "line": 200 }, { "file": ".github/scripts/Invoke-PolicyToBicep.ps1", @@ -307,7 +303,8 @@ "character": 2 } }, - "description": "For every `.json` file in the `lib/policy_assignments` directory extract the policy assignment's name and the file path and then write them (append) into the `_policyAssignmentsBicepInput.txt` file in a Bicep formatted output (see end of line 131)." + "description": "For every `.json` file in the `lib/policy_assignments` directory extract the policy assignment's name and the file path and then write them (append) into the `_policyAssignmentsBicepInput.txt` file in a Bicep formatted output (see end of line 131).", + "line": 203 }, { "file": ".github/scripts/Invoke-PolicyToBicep.ps1", @@ -321,7 +318,8 @@ "character": 109 } }, - "description": "Count the number of policy assignments in the `lib/policy_assignments` directory and output to the console the total number" + "description": "Count the number of policy assignments in the `lib/policy_assignments` directory and output to the console the total number", + "line": 218 }, { "file": ".github/workflows/update-policy.yml", diff --git a/docs/wiki/AddingPolicyDefs.md b/docs/wiki/AddingPolicyDefs.md index 41202a066..44d6ec733 100644 --- a/docs/wiki/AddingPolicyDefs.md +++ b/docs/wiki/AddingPolicyDefs.md @@ -25,6 +25,8 @@ We recommend were possible to use option 1 and extend the current `ALZ-Bicep` ap ## How do I extend the `ALZ-Bicep` Custom Policy Definitions module? +> ✋ Where possible avoid using `-`'s (hyphens/dashes) as these are an unsupported character in Bicep. camelCase or use `_` instead 👍 + To extend the [Custom Policy Definitions module](https://github.com/Azure/ALZ-Bicep/tree/main/infra-as-code/bicep/modules/policy/definitions) from `ALZ-Bicep` follow the below process. 1. Navigate to the relevant `lib` directory @@ -38,7 +40,7 @@ To extend the [Custom Policy Definitions module](https://github.com/Azure/ALZ-Bi 4. Run the [`Invoke-PolicyToBicep.ps1`](https://github.com/Azure/ALZ-Bicep/blob/main/.github/scripts/Invoke-PolicyToBicep.ps1) script to update the `_policyDefinitionsBicepInput.txt` and/or `_policySetDefinitionsBicepInput.txt` files in the `lib` folders 1. Copy the entire contents of the relevant `.txt` file and replace the contents of the associated variable in the [Custom Policy Definitions module](https://github.com/Azure/ALZ-Bicep/tree/main/infra-as-code/bicep/modules/policy/definitions) - Policy Definition = `_policyDefinitionsBicepInput.txt` placed into variable named `varCustomPolicyDefinitionsArray` (place copied contents inside of array `[]`) - - Policy Initiative (Set) = `_policySetDefinitionsBicepInput.txt` placed into variable named `varCustomPolicySetDefinitionsArray` (place copied contents inside of array `[]`) + - Policy Initiative (Set) & Parameter Variables = Copy the entire contents of `_policySetDefinitionsBicepInput.txt` and replace variable named `varCustomPolicySetDefinitionsArray` and parameter variables below it with copied contents 5. Redeploy the updated [Custom Policy Definitions module](https://github.com/Azure/ALZ-Bicep/tree/main/infra-as-code/bicep/modules/policy/definitions) via your configured method (locally via Azure CLI or PowerShell or via Azure DevOps pipeline or GitHub action) 6. New Policy Definitions now deployed to intermediate root Management Group (e.g. `Contoso`) @@ -48,9 +50,9 @@ To extend the [Custom Policy Definitions module](https://github.com/Azure/ALZ-Bi As Bicep is ultimately just compiling ARM templates behind the scenes, deployments of Bicep files/modules are still subject to the same limits as ARM Templates. The main limit to be aware of here is the `4 MB` total size limit for a single ARM Template. -Today the [Custom Policy Definitions module](https://github.com/Azure/ALZ-Bicep/tree/main/infra-as-code/bicep/modules/policy/definitions) from `ALZ-Bicep` results in a `2.56 MB` ARM Template file `JSON` file being created. +Today the [Custom Policy Definitions module](https://github.com/Azure/ALZ-Bicep/tree/main/infra-as-code/bicep/modules/policy/definitions) from `ALZ-Bicep` results in a `874 KB` ARM Template file `JSON` file being created. -This has plenty of room for expansion but it is worth keeping in mind as you may hit the 4MB limit and see the errors of `JobSizeExceededException` or `DeploymentJobSizeExceededException`. +This has plenty of room for expansion but it is worth keeping in mind as you may hit the `4 MB` limit and see the errors of `JobSizeExceededException` or `DeploymentJobSizeExceededException`. ### The fix diff --git a/infra-as-code/bicep/modules/policy/assignments/lib/china/policy_assignments/_mc_policyAssignmentsBicepInput.txt b/infra-as-code/bicep/modules/policy/assignments/lib/china/policy_assignments/_mc_policyAssignmentsBicepInput.txt index de0ba043a..ec23d8907 100644 --- a/infra-as-code/bicep/modules/policy/assignments/lib/china/policy_assignments/_mc_policyAssignmentsBicepInput.txt +++ b/infra-as-code/bicep/modules/policy/assignments/lib/china/policy_assignments/_mc_policyAssignmentsBicepInput.txt @@ -1,150 +1,150 @@ var varPolicyAssignmentDenyAppGWWithoutWAF = { - definitionID: '${modManagementGroups.outputs.outTopLevelMGId}/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGW-Without-WAF' + definitionId: '${modManagementGroups.outputs.outTopLevelMGId}/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGW-Without-WAF' libDefinition: json(loadTextContent('../../policy/assignments/lib/china/policy_assignments/policy_assignment_es_deny_appgw_without_waf.tmpl.json')) } - + var varPolicyAssignmentEnforceAKSHTTPS = { - definitionID: '/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d' libDefinition: json(loadTextContent('../../policy/assignments/lib/china/policy_assignments/policy_assignment_es_deny_http_ingress_aks.tmpl.json')) } - + var varPolicyAssignmentDenyIPForwarding = { - definitionID: '/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900' libDefinition: json(loadTextContent('../../policy/assignments/lib/china/policy_assignments/policy_assignment_es_deny_ip_forwarding.tmpl.json')) } - + var varPolicyAssignmentDenyPrivContainersAKS = { - definitionID: '/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4' libDefinition: json(loadTextContent('../../policy/assignments/lib/china/policy_assignments/policy_assignment_es_deny_priv_containers_aks.tmpl.json')) } - + var varPolicyAssignmentDenyPrivEscalationAKS = { - definitionID: '/providers/Microsoft.Authorization/policyDefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99' libDefinition: json(loadTextContent('../../policy/assignments/lib/china/policy_assignments/policy_assignment_es_deny_priv_escalation_aks.tmpl.json')) } - + var varPolicyAssignmentDenyPublicEndpoints = { - definitionID: '${modManagementGroups.outputs.outTopLevelMGId}/providers/Microsoft.Authorization/policySetDefinitions/Deny-PublicPaaSEndpoints' + definitionId: '${modManagementGroups.outputs.outTopLevelMGId}/providers/Microsoft.Authorization/policySetDefinitions/Deny-PublicPaaSEndpoints' libDefinition: json(loadTextContent('../../policy/assignments/lib/china/policy_assignments/policy_assignment_es_deny_public_endpoints.tmpl.json')) } - + var varPolicyAssignmentDenyPublicIP = { - definitionID: '${modManagementGroups.outputs.outTopLevelMGId}/providers/Microsoft.Authorization/policyDefinitions/Deny-PublicIP' + definitionId: '${modManagementGroups.outputs.outTopLevelMGId}/providers/Microsoft.Authorization/policyDefinitions/Deny-PublicIP' libDefinition: json(loadTextContent('../../policy/assignments/lib/china/policy_assignments/policy_assignment_es_deny_public_ip.tmpl.json')) } - + var varPolicyAssignmentDenyRDPFromInternet = { - definitionID: '${modManagementGroups.outputs.outTopLevelMGId}/providers/Microsoft.Authorization/policyDefinitions/Deny-RDP-From-Internet' + definitionId: '${modManagementGroups.outputs.outTopLevelMGId}/providers/Microsoft.Authorization/policyDefinitions/Deny-RDP-From-Internet' libDefinition: json(loadTextContent('../../policy/assignments/lib/china/policy_assignments/policy_assignment_es_deny_rdp_from_internet.tmpl.json')) } - + var varPolicyAssignmentDenyResourceLocations = { - definitionID: '/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/e56962a6-4747-49cd-b67b-bf8b01975c4c' libDefinition: json(loadTextContent('../../policy/assignments/lib/china/policy_assignments/policy_assignment_es_deny_resource_locations.tmpl.json')) } - + var varPolicyAssignmentDenyResourceTypes = { - definitionID: '/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749' libDefinition: json(loadTextContent('../../policy/assignments/lib/china/policy_assignments/policy_assignment_es_deny_resource_types.tmpl.json')) } - + var varPolicyAssignmentDenyRSGLocations = { - definitionID: '/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/e765b5de-1225-4ba3-bd56-1ac6695af988' libDefinition: json(loadTextContent('../../policy/assignments/lib/china/policy_assignments/policy_assignment_es_deny_rsg_locations.tmpl.json')) } - + var varPolicyAssignmentDenyStoragehttp = { - definitionID: '/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9' libDefinition: json(loadTextContent('../../policy/assignments/lib/china/policy_assignments/policy_assignment_es_deny_storage_http.tmpl.json')) } - + var varPolicyAssignmentDenySubnetWithoutNsg = { - definitionID: '${modManagementGroups.outputs.outTopLevelMGId}/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg' + definitionId: '${modManagementGroups.outputs.outTopLevelMGId}/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg' libDefinition: json(loadTextContent('../../policy/assignments/lib/china/policy_assignments/policy_assignment_es_deny_subnet_without_nsg.tmpl.json')) } - + var varPolicyAssignmentDenySubnetWithoutUdr = { - definitionID: '${modManagementGroups.outputs.outTopLevelMGId}/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr' + definitionId: '${modManagementGroups.outputs.outTopLevelMGId}/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr' libDefinition: json(loadTextContent('../../policy/assignments/lib/china/policy_assignments/policy_assignment_es_deny_subnet_without_udr.tmpl.json')) } - + var varPolicyAssignmentDeployAKSPolicy = { - definitionID: '/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/a8eff44f-8c92-45c3-a3fb-9880802d67a7' libDefinition: json(loadTextContent('../../policy/assignments/lib/china/policy_assignments/policy_assignment_es_deploy_aks_policy.tmpl.json')) } - + var varPolicyAssignmentDeployASCMonitoring = { - definitionID: '/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8' + definitionId: '/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8' libDefinition: json(loadTextContent('../../policy/assignments/lib/china/policy_assignments/policy_assignment_es_deploy_asc_monitoring.tmpl.json')) } - + var varPolicyAssignmentDeployLogAnalytics = { - definitionID: '/providers/Microsoft.Authorization/policyDefinitions/8e3e61b3-0b32-22d5-4edf-55f87fdb5955' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/8e3e61b3-0b32-22d5-4edf-55f87fdb5955' libDefinition: json(loadTextContent('../../policy/assignments/lib/china/policy_assignments/policy_assignment_es_deploy_log_analytics.tmpl.json')) } - + var varPolicyAssignmentDeployLXArcMonitoring = { - definitionID: '/providers/Microsoft.Authorization/policyDefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/9d2b61b4-1d14-4a63-be30-d4498e7ad2cf' libDefinition: json(loadTextContent('../../policy/assignments/lib/china/policy_assignments/policy_assignment_es_deploy_lx_arc_monitoring.tmpl.json')) } - + var varPolicyAssignmentDeployMDFCConfig = { - definitionID: '${modManagementGroups.outputs.outTopLevelMGId}/providers/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config' + definitionId: '${modManagementGroups.outputs.outTopLevelMGId}/providers/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config' libDefinition: json(loadTextContent('../../policy/assignments/lib/china/policy_assignments/policy_assignment_es_deploy_mdfc_config.tmpl.json')) } - + var varPolicyAssignmentDeployPrivateDNSZones = { - definitionID: '${modManagementGroups.outputs.outTopLevelMGId}/providers/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones' + definitionId: '${modManagementGroups.outputs.outTopLevelMGId}/providers/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones' libDefinition: json(loadTextContent('../../policy/assignments/lib/china/policy_assignments/policy_assignment_es_deploy_private_dns_zones.tmpl.json')) } - + var varPolicyAssignmentDeployResourceDiag = { - definitionID: '${modManagementGroups.outputs.outTopLevelMGId}/providers/Microsoft.Authorization/policySetDefinitions/Deploy-Diagnostics-LogAnalytics' + definitionId: '${modManagementGroups.outputs.outTopLevelMGId}/providers/Microsoft.Authorization/policySetDefinitions/Deploy-Diagnostics-LogAnalytics' libDefinition: json(loadTextContent('../../policy/assignments/lib/china/policy_assignments/policy_assignment_es_deploy_resource_diag.tmpl.json')) } - + var varPolicyAssignmentDeploySQLDBAuditing = { - definitionID: '/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9' libDefinition: json(loadTextContent('../../policy/assignments/lib/china/policy_assignments/policy_assignment_es_deploy_sql_db_auditing.tmpl.json')) } - + var varPolicyAssignmentDeploySQLSecurity = { - definitionID: '/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f' libDefinition: json(loadTextContent('../../policy/assignments/lib/china/policy_assignments/policy_assignment_es_deploy_sql_security.tmpl.json')) } - + var varPolicyAssignmentDeploySQLThreat = { - definitionID: '/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5' libDefinition: json(loadTextContent('../../policy/assignments/lib/china/policy_assignments/policy_assignment_es_deploy_sql_threat.tmpl.json')) } - + var varPolicyAssignmentDeployVMBackup = { - definitionID: '/providers/Microsoft.Authorization/policyDefinitions/98d0b9f8-fd90-49c9-88e2-d3baf3b0dd86' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/98d0b9f8-fd90-49c9-88e2-d3baf3b0dd86' libDefinition: json(loadTextContent('../../policy/assignments/lib/china/policy_assignments/policy_assignment_es_deploy_vm_backup.tmpl.json')) } - + var varPolicyAssignmentDeployVMMonitoring = { - definitionID: '/providers/Microsoft.Authorization/policySetDefinitions/55f3eceb-5573-4f18-9695-226972c6d74a' + definitionId: '/providers/Microsoft.Authorization/policySetDefinitions/55f3eceb-5573-4f18-9695-226972c6d74a' libDefinition: json(loadTextContent('../../policy/assignments/lib/china/policy_assignments/policy_assignment_es_deploy_vm_monitoring.tmpl.json')) } - + var varPolicyAssignmentDeployVMSSMonitoring = { - definitionID: '/providers/Microsoft.Authorization/policySetDefinitions/75714362-cae7-409e-9b99-a8e5075b7fad' + definitionId: '/providers/Microsoft.Authorization/policySetDefinitions/75714362-cae7-409e-9b99-a8e5075b7fad' libDefinition: json(loadTextContent('../../policy/assignments/lib/china/policy_assignments/policy_assignment_es_deploy_vmss_monitoring.tmpl.json')) } - + var varPolicyAssignmentDeployWSArcMonitoring = { - definitionID: '/providers/Microsoft.Authorization/policyDefinitions/69af7d4a-7b18-4044-93a9-2651498ef203' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/69af7d4a-7b18-4044-93a9-2651498ef203' libDefinition: json(loadTextContent('../../policy/assignments/lib/china/policy_assignments/policy_assignment_es_deploy_ws_arc_monitoring.tmpl.json')) } - + var varPolicyAssignmentEnableDDoSVNET = { - definitionID: '/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d' libDefinition: json(loadTextContent('../../policy/assignments/lib/china/policy_assignments/policy_assignment_es_enable_ddos_vnet.tmpl.json')) } - + var varPolicyAssignmentEnforceTLSSSL = { - definitionID: '${modManagementGroups.outputs.outTopLevelMGId}/providers/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit' + definitionId: '${modManagementGroups.outputs.outTopLevelMGId}/providers/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit' libDefinition: json(loadTextContent('../../policy/assignments/lib/china/policy_assignments/policy_assignment_es_enforce_tls_ssl.tmpl.json')) } - + diff --git a/infra-as-code/bicep/modules/policy/definitions/customPolicyDefinitions.bicep b/infra-as-code/bicep/modules/policy/definitions/customPolicyDefinitions.bicep index f27a2176d..72a0e241e 100644 --- a/infra-as-code/bicep/modules/policy/definitions/customPolicyDefinitions.bicep +++ b/infra-as-code/bicep/modules/policy/definitions/customPolicyDefinitions.bicep @@ -445,52 +445,52 @@ var varCustomPolicySetDefinitionsArray = [ { definitionReferenceId: 'ACRDenyPaasPublicIP' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deny_publicpaasendpoints.parameters.json')).ACRDenyPaasPublicIP.parameters + definitionParameters: varPolicySetDefinitionEsDenyPublicpaasendpointsParameters.ACRDenyPaasPublicIP.parameters } { definitionReferenceId: 'AFSDenyPaasPublicIP' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/21a8cd35-125e-4d13-b82d-2e19b7208bb7' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deny_publicpaasendpoints.parameters.json')).AFSDenyPaasPublicIP.parameters + definitionParameters: varPolicySetDefinitionEsDenyPublicpaasendpointsParameters.AFSDenyPaasPublicIP.parameters } { definitionReferenceId: 'AKSDenyPaasPublicIP' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deny_publicpaasendpoints.parameters.json')).AKSDenyPaasPublicIP.parameters + definitionParameters: varPolicySetDefinitionEsDenyPublicpaasendpointsParameters.AKSDenyPaasPublicIP.parameters } { definitionReferenceId: 'BatchDenyPublicIP' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deny_publicpaasendpoints.parameters.json')).BatchDenyPublicIP.parameters + definitionParameters: varPolicySetDefinitionEsDenyPublicpaasendpointsParameters.BatchDenyPublicIP.parameters } { definitionReferenceId: 'CosmosDenyPaasPublicIP' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deny_publicpaasendpoints.parameters.json')).CosmosDenyPaasPublicIP.parameters + definitionParameters: varPolicySetDefinitionEsDenyPublicpaasendpointsParameters.CosmosDenyPaasPublicIP.parameters } { definitionReferenceId: 'KeyVaultDenyPaasPublicIP' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deny_publicpaasendpoints.parameters.json')).KeyVaultDenyPaasPublicIP.parameters + definitionParameters: varPolicySetDefinitionEsDenyPublicpaasendpointsParameters.KeyVaultDenyPaasPublicIP.parameters } { definitionReferenceId: 'MySQLFlexDenyPublicIP' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/c9299215-ae47-4f50-9c54-8a392f68a052' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deny_publicpaasendpoints.parameters.json')).MySQLFlexDenyPublicIP.parameters + definitionParameters: varPolicySetDefinitionEsDenyPublicpaasendpointsParameters.MySQLFlexDenyPublicIP.parameters } { definitionReferenceId: 'PostgreSQLFlexDenyPublicIP' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/5e1de0e3-42cb-4ebc-a86d-61d0c619ca48' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deny_publicpaasendpoints.parameters.json')).PostgreSQLFlexDenyPublicIP.parameters + definitionParameters: varPolicySetDefinitionEsDenyPublicpaasendpointsParameters.PostgreSQLFlexDenyPublicIP.parameters } { definitionReferenceId: 'SqlServerDenyPaasPublicIP' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deny_publicpaasendpoints.parameters.json')).SqlServerDenyPaasPublicIP.parameters + definitionParameters: varPolicySetDefinitionEsDenyPublicpaasendpointsParameters.SqlServerDenyPaasPublicIP.parameters } { definitionReferenceId: 'StorageDenyPaasPublicIP' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deny_publicpaasendpoints.parameters.json')).StorageDenyPaasPublicIP.parameters + definitionParameters: varPolicySetDefinitionEsDenyPublicpaasendpointsParameters.StorageDenyPaasPublicIP.parameters } ] } @@ -501,322 +501,322 @@ var varCustomPolicySetDefinitionsArray = [ { definitionReferenceId: 'ACIDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).ACIDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.ACIDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'ACRDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).ACRDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.ACRDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'AKSDeployDiagnosticLogDeployLogAnalytics' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).AKSDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.AKSDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'AnalysisServiceDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).AnalysisServiceDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.AnalysisServiceDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'APIforFHIRDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).APIforFHIRDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.APIforFHIRDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'APIMgmtDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).APIMgmtDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.APIMgmtDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'AppServiceDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).AppServiceDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.AppServiceDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'AppServiceWebappDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).AppServiceWebappDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.AppServiceWebappDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'AutomationDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).AutomationDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.AutomationDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'AVDScalingPlansDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDScalingPlans' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).AVDScalingPlansDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.AVDScalingPlansDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'BastionDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).BastionDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.BastionDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'BatchDeployDiagnosticLogDeployLogAnalytics' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).BatchDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.BatchDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'CDNEndpointsDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).CDNEndpointsDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.CDNEndpointsDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'CognitiveServicesDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).CognitiveServicesDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.CognitiveServicesDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'CosmosDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).CosmosDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.CosmosDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'DatabricksDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).DatabricksDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.DatabricksDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'DataFactoryDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).DataFactoryDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.DataFactoryDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'DataLakeStoreDeployDiagnosticLogDeployLogAnalytics' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).DataLakeStoreDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.DataLakeStoreDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'EventGridSubDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).EventGridSubDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.EventGridSubDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'EventGridTopicDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).EventGridTopicDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.EventGridTopicDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'EventHubDeployDiagnosticLogDeployLogAnalytics' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).EventHubDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.EventHubDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'EventSystemTopicDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).EventSystemTopicDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.EventSystemTopicDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'ExpressRouteDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).ExpressRouteDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.ExpressRouteDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'FirewallDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).FirewallDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.FirewallDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'FrontDoorDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).FrontDoorDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.FrontDoorDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'FunctionAppDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).FunctionAppDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.FunctionAppDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'HDInsightDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).HDInsightDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.HDInsightDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'IotHubDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).IotHubDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.IotHubDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'KeyVaultDeployDiagnosticLogDeployLogAnalytics' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).KeyVaultDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.KeyVaultDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'LoadBalancerDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).LoadBalancerDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.LoadBalancerDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'LogicAppsISEDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).LogicAppsISEDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.LogicAppsISEDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'LogicAppsWFDeployDiagnosticLogDeployLogAnalytics' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).LogicAppsWFDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.LogicAppsWFDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'MariaDBDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).MariaDBDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.MariaDBDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'MediaServiceDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).MediaServiceDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.MediaServiceDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'MlWorkspaceDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).MlWorkspaceDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.MlWorkspaceDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'MySQLDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).MySQLDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.MySQLDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'NetworkNICDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).NetworkNICDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.NetworkNICDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'PostgreSQLDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).PostgreSQLDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.PostgreSQLDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'RecoveryVaultDeployDiagnosticLogDeployLogAnalytics' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).RecoveryVaultDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.RecoveryVaultDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'RedisCacheDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).RedisCacheDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.RedisCacheDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'RelayDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).RelayDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.RelayDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'SearchServicesDeployDiagnosticLogDeployLogAnalytics' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).SearchServicesDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.SearchServicesDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'ServiceBusDeployDiagnosticLogDeployLogAnalytics' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).ServiceBusDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.ServiceBusDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'SignalRDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).SignalRDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.SignalRDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'SQLDatabaseDeployDiagnosticLogDeployLogAnalytics' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).SQLDatabaseDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.SQLDatabaseDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'SQLMDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).SQLMDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.SQLMDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'StorageAccountDeployDiagnosticLogDeployLogAnalytics' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/6f8f98a4-f108-47cb-8e98-91a0d85cd474' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).StorageAccountDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.StorageAccountDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'TrafficManagerDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).TrafficManagerDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.TrafficManagerDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'VirtualMachinesDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).VirtualMachinesDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.VirtualMachinesDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'VirtualNetworkDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).VirtualNetworkDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.VirtualNetworkDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'VMSSDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).VMSSDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.VMSSDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'VNetGWDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).VNetGWDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.VNetGWDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'WVDAppGroupDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).WVDAppGroupDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.WVDAppGroupDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'WVDHostPoolsDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).WVDHostPoolsDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.WVDHostPoolsDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics.parameters } ] } @@ -827,62 +827,62 @@ var varCustomPolicySetDefinitionsArray = [ { definitionReferenceId: 'ascExport' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_mdfc_config.parameters.json')).ascExport.parameters + definitionParameters: varPolicySetDefinitionEsDeployMdfcConfigParameters.ascExport.parameters } { definitionReferenceId: 'defenderForAppServices' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_mdfc_config.parameters.json')).defenderForAppServices.parameters + definitionParameters: varPolicySetDefinitionEsDeployMdfcConfigParameters.defenderForAppServices.parameters } { definitionReferenceId: 'defenderForArm' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_mdfc_config.parameters.json')).defenderForArm.parameters + definitionParameters: varPolicySetDefinitionEsDeployMdfcConfigParameters.defenderForArm.parameters } { definitionReferenceId: 'defenderforContainers' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_mdfc_config.parameters.json')).defenderforContainers.parameters + definitionParameters: varPolicySetDefinitionEsDeployMdfcConfigParameters.defenderforContainers.parameters } { definitionReferenceId: 'defenderForDns' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/2370a3c1-4a25-4283-a91a-c9c1a145fb2f' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_mdfc_config.parameters.json')).defenderForDns.parameters + definitionParameters: varPolicySetDefinitionEsDeployMdfcConfigParameters.defenderForDns.parameters } { definitionReferenceId: 'defenderForKeyVaults' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/1f725891-01c0-420a-9059-4fa46cb770b7' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_mdfc_config.parameters.json')).defenderForKeyVaults.parameters + definitionParameters: varPolicySetDefinitionEsDeployMdfcConfigParameters.defenderForKeyVaults.parameters } { definitionReferenceId: 'defenderForOssDb' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/44433aa3-7ec2-4002-93ea-65c65ff0310a' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_mdfc_config.parameters.json')).defenderForOssDb.parameters + definitionParameters: varPolicySetDefinitionEsDeployMdfcConfigParameters.defenderForOssDb.parameters } { definitionReferenceId: 'defenderForSqlPaas' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_mdfc_config.parameters.json')).defenderForSqlPaas.parameters + definitionParameters: varPolicySetDefinitionEsDeployMdfcConfigParameters.defenderForSqlPaas.parameters } { definitionReferenceId: 'defenderForSqlServerVirtualMachines' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/50ea7265-7d8c-429e-9a7d-ca1f410191c3' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_mdfc_config.parameters.json')).defenderForSqlServerVirtualMachines.parameters + definitionParameters: varPolicySetDefinitionEsDeployMdfcConfigParameters.defenderForSqlServerVirtualMachines.parameters } { definitionReferenceId: 'defenderForStorageAccounts' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/74c30959-af11-47b3-9ed2-a26e03f427a3' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_mdfc_config.parameters.json')).defenderForStorageAccounts.parameters + definitionParameters: varPolicySetDefinitionEsDeployMdfcConfigParameters.defenderForStorageAccounts.parameters } { definitionReferenceId: 'defenderForVM' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_mdfc_config.parameters.json')).defenderForVM.parameters + definitionParameters: varPolicySetDefinitionEsDeployMdfcConfigParameters.defenderForVM.parameters } { definitionReferenceId: 'securityEmailContact' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_mdfc_config.parameters.json')).securityEmailContact.parameters + definitionParameters: varPolicySetDefinitionEsDeployMdfcConfigParameters.securityEmailContact.parameters } ] } @@ -893,102 +893,102 @@ var varCustomPolicySetDefinitionsArray = [ { definitionReferenceId: 'DINE-Private-DNS-Azure-ACR' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.parameters.json'))['DINE-Private-DNS-Azure-ACR'].parameters + definitionParameters: varPolicySetDefinitionEsDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-ACR'].parameters } { definitionReferenceId: 'DINE-Private-DNS-Azure-App' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.parameters.json'))['DINE-Private-DNS-Azure-App'].parameters + definitionParameters: varPolicySetDefinitionEsDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-App'].parameters } { definitionReferenceId: 'DINE-Private-DNS-Azure-AppServices' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.parameters.json'))['DINE-Private-DNS-Azure-AppServices'].parameters + definitionParameters: varPolicySetDefinitionEsDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-AppServices'].parameters } { definitionReferenceId: 'DINE-Private-DNS-Azure-Batch' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.parameters.json'))['DINE-Private-DNS-Azure-Batch'].parameters + definitionParameters: varPolicySetDefinitionEsDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-Batch'].parameters } { definitionReferenceId: 'DINE-Private-DNS-Azure-CognitiveSearch' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.parameters.json'))['DINE-Private-DNS-Azure-CognitiveSearch'].parameters + definitionParameters: varPolicySetDefinitionEsDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-CognitiveSearch'].parameters } { definitionReferenceId: 'DINE-Private-DNS-Azure-CognitiveServices' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.parameters.json'))['DINE-Private-DNS-Azure-CognitiveServices'].parameters + definitionParameters: varPolicySetDefinitionEsDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-CognitiveServices'].parameters } { definitionReferenceId: 'DINE-Private-DNS-Azure-DiskAccess' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.parameters.json'))['DINE-Private-DNS-Azure-DiskAccess'].parameters + definitionParameters: varPolicySetDefinitionEsDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-DiskAccess'].parameters } { definitionReferenceId: 'DINE-Private-DNS-Azure-EventGridDomains' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.parameters.json'))['DINE-Private-DNS-Azure-EventGridDomains'].parameters + definitionParameters: varPolicySetDefinitionEsDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-EventGridDomains'].parameters } { definitionReferenceId: 'DINE-Private-DNS-Azure-EventGridTopics' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.parameters.json'))['DINE-Private-DNS-Azure-EventGridTopics'].parameters + definitionParameters: varPolicySetDefinitionEsDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-EventGridTopics'].parameters } { definitionReferenceId: 'DINE-Private-DNS-Azure-EventHubNamespace' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.parameters.json'))['DINE-Private-DNS-Azure-EventHubNamespace'].parameters + definitionParameters: varPolicySetDefinitionEsDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-EventHubNamespace'].parameters } { definitionReferenceId: 'DINE-Private-DNS-Azure-File-Sync' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.parameters.json'))['DINE-Private-DNS-Azure-File-Sync'].parameters + definitionParameters: varPolicySetDefinitionEsDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-File-Sync'].parameters } { definitionReferenceId: 'DINE-Private-DNS-Azure-IoT' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.parameters.json'))['DINE-Private-DNS-Azure-IoT'].parameters + definitionParameters: varPolicySetDefinitionEsDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-IoT'].parameters } { definitionReferenceId: 'DINE-Private-DNS-Azure-IoTHubs' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.parameters.json'))['DINE-Private-DNS-Azure-IoTHubs'].parameters + definitionParameters: varPolicySetDefinitionEsDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-IoTHubs'].parameters } { definitionReferenceId: 'DINE-Private-DNS-Azure-KeyVault' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.parameters.json'))['DINE-Private-DNS-Azure-KeyVault'].parameters + definitionParameters: varPolicySetDefinitionEsDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-KeyVault'].parameters } { definitionReferenceId: 'DINE-Private-DNS-Azure-MachineLearningWorkspace' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.parameters.json'))['DINE-Private-DNS-Azure-MachineLearningWorkspace'].parameters + definitionParameters: varPolicySetDefinitionEsDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-MachineLearningWorkspace'].parameters } { definitionReferenceId: 'DINE-Private-DNS-Azure-RedisCache' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.parameters.json'))['DINE-Private-DNS-Azure-RedisCache'].parameters + definitionParameters: varPolicySetDefinitionEsDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-RedisCache'].parameters } { definitionReferenceId: 'DINE-Private-DNS-Azure-ServiceBusNamespace' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.parameters.json'))['DINE-Private-DNS-Azure-ServiceBusNamespace'].parameters + definitionParameters: varPolicySetDefinitionEsDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-ServiceBusNamespace'].parameters } { definitionReferenceId: 'DINE-Private-DNS-Azure-SignalR' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.parameters.json'))['DINE-Private-DNS-Azure-SignalR'].parameters + definitionParameters: varPolicySetDefinitionEsDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-SignalR'].parameters } { definitionReferenceId: 'DINE-Private-DNS-Azure-Site-Recovery' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/942bd215-1a66-44be-af65-6a1c0318dbe2' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.parameters.json'))['DINE-Private-DNS-Azure-Site-Recovery'].parameters + definitionParameters: varPolicySetDefinitionEsDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-Site-Recovery'].parameters } { definitionReferenceId: 'DINE-Private-DNS-Azure-Web' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/0b026355-49cb-467b-8ac4-f777874e175a' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.parameters.json'))['DINE-Private-DNS-Azure-Web'].parameters + definitionParameters: varPolicySetDefinitionEsDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-Web'].parameters } ] } @@ -999,22 +999,22 @@ var varCustomPolicySetDefinitionsArray = [ { definitionReferenceId: 'SqlDbAuditingSettingsDeploySqlSecurity' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-AuditingSettings' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_sql_security.parameters.json')).SqlDbAuditingSettingsDeploySqlSecurity.parameters + definitionParameters: varPolicySetDefinitionEsDeploySqlSecurityParameters.SqlDbAuditingSettingsDeploySqlSecurity.parameters } { definitionReferenceId: 'SqlDbSecurityAlertPoliciesDeploySqlSecurity' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-SecurityAlertPolicies' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_sql_security.parameters.json')).SqlDbSecurityAlertPoliciesDeploySqlSecurity.parameters + definitionParameters: varPolicySetDefinitionEsDeploySqlSecurityParameters.SqlDbSecurityAlertPoliciesDeploySqlSecurity.parameters } { definitionReferenceId: 'SqlDbTdeDeploySqlSecurity' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-Tde' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_sql_security.parameters.json')).SqlDbTdeDeploySqlSecurity.parameters + definitionParameters: varPolicySetDefinitionEsDeploySqlSecurityParameters.SqlDbTdeDeploySqlSecurity.parameters } { definitionReferenceId: 'SqlDbVulnerabilityAssessmentsDeploySqlSecurity' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-vulnerabilityAssessments' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_sql_security.parameters.json')).SqlDbVulnerabilityAssessmentsDeploySqlSecurity.parameters + definitionParameters: varPolicySetDefinitionEsDeploySqlSecurityParameters.SqlDbVulnerabilityAssessmentsDeploySqlSecurity.parameters } ] } @@ -1025,77 +1025,77 @@ var varCustomPolicySetDefinitionsArray = [ { definitionReferenceId: 'ACRCmkDeny' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encryption_cmk.parameters.json')).ACRCmkDeny.parameters + definitionParameters: varPolicySetDefinitionEsEnforceEncryptionCmkParameters.ACRCmkDeny.parameters } { definitionReferenceId: 'AksCmkDeny' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encryption_cmk.parameters.json')).AksCmkDeny.parameters + definitionParameters: varPolicySetDefinitionEsEnforceEncryptionCmkParameters.AksCmkDeny.parameters } { definitionReferenceId: 'AzureBatchCMKEffect' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encryption_cmk.parameters.json')).AzureBatchCMKEffect.parameters + definitionParameters: varPolicySetDefinitionEsEnforceEncryptionCmkParameters.AzureBatchCMKEffect.parameters } { definitionReferenceId: 'CognitiveServicesCMK' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encryption_cmk.parameters.json')).CognitiveServicesCMK.parameters + definitionParameters: varPolicySetDefinitionEsEnforceEncryptionCmkParameters.CognitiveServicesCMK.parameters } { definitionReferenceId: 'CosmosCMKEffect' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encryption_cmk.parameters.json')).CosmosCMKEffect.parameters + definitionParameters: varPolicySetDefinitionEsEnforceEncryptionCmkParameters.CosmosCMKEffect.parameters } { definitionReferenceId: 'DataBoxCMKEffect' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encryption_cmk.parameters.json')).DataBoxCMKEffect.parameters + definitionParameters: varPolicySetDefinitionEsEnforceEncryptionCmkParameters.DataBoxCMKEffect.parameters } { definitionReferenceId: 'EncryptedVMDisksEffect' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encryption_cmk.parameters.json')).EncryptedVMDisksEffect.parameters + definitionParameters: varPolicySetDefinitionEsEnforceEncryptionCmkParameters.EncryptedVMDisksEffect.parameters } { definitionReferenceId: 'HealthcareAPIsCMKEffect' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/051cba44-2429-45b9-9649-46cec11c7119' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encryption_cmk.parameters.json')).HealthcareAPIsCMKEffect.parameters + definitionParameters: varPolicySetDefinitionEsEnforceEncryptionCmkParameters.HealthcareAPIsCMKEffect.parameters } { definitionReferenceId: 'MySQLCMKEffect' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/83cef61d-dbd1-4b20-a4fc-5fbc7da10833' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encryption_cmk.parameters.json')).MySQLCMKEffect.parameters + definitionParameters: varPolicySetDefinitionEsEnforceEncryptionCmkParameters.MySQLCMKEffect.parameters } { definitionReferenceId: 'PostgreSQLCMKEffect' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/18adea5e-f416-4d0f-8aa8-d24321e3e274' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encryption_cmk.parameters.json')).PostgreSQLCMKEffect.parameters + definitionParameters: varPolicySetDefinitionEsEnforceEncryptionCmkParameters.PostgreSQLCMKEffect.parameters } { definitionReferenceId: 'SqlServerTDECMKEffect' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encryption_cmk.parameters.json')).SqlServerTDECMKEffect.parameters + definitionParameters: varPolicySetDefinitionEsEnforceEncryptionCmkParameters.SqlServerTDECMKEffect.parameters } { definitionReferenceId: 'StorageCMKEffect' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encryption_cmk.parameters.json')).StorageCMKEffect.parameters + definitionParameters: varPolicySetDefinitionEsEnforceEncryptionCmkParameters.StorageCMKEffect.parameters } { definitionReferenceId: 'StreamAnalyticsCMKEffect' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encryption_cmk.parameters.json')).StreamAnalyticsCMKEffect.parameters + definitionParameters: varPolicySetDefinitionEsEnforceEncryptionCmkParameters.StreamAnalyticsCMKEffect.parameters } { definitionReferenceId: 'SynapseWorkspaceCMKEffect' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encryption_cmk.parameters.json')).SynapseWorkspaceCMKEffect.parameters + definitionParameters: varPolicySetDefinitionEsEnforceEncryptionCmkParameters.SynapseWorkspaceCMKEffect.parameters } { definitionReferenceId: 'WorkspaceCMK' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encryption_cmk.parameters.json')).WorkspaceCMK.parameters + definitionParameters: varPolicySetDefinitionEsEnforceEncryptionCmkParameters.WorkspaceCMK.parameters } ] } @@ -1106,117 +1106,133 @@ var varCustomPolicySetDefinitionsArray = [ { definitionReferenceId: 'AKSIngressHttpsOnlyEffect' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encrypttransit.parameters.json')).AKSIngressHttpsOnlyEffect.parameters + definitionParameters: varPolicySetDefinitionEsEnforceEncrypttransitParameters.AKSIngressHttpsOnlyEffect.parameters } { definitionReferenceId: 'APIAppServiceHttpsEffect' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encrypttransit.parameters.json')).APIAppServiceHttpsEffect.parameters + definitionParameters: varPolicySetDefinitionEsEnforceEncrypttransitParameters.APIAppServiceHttpsEffect.parameters } { definitionReferenceId: 'APIAppServiceLatestTlsEffect' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encrypttransit.parameters.json')).APIAppServiceLatestTlsEffect.parameters + definitionParameters: varPolicySetDefinitionEsEnforceEncrypttransitParameters.APIAppServiceLatestTlsEffect.parameters } { definitionReferenceId: 'AppServiceHttpEffect' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encrypttransit.parameters.json')).AppServiceHttpEffect.parameters + definitionParameters: varPolicySetDefinitionEsEnforceEncrypttransitParameters.AppServiceHttpEffect.parameters } { definitionReferenceId: 'AppServiceminTlsVersion' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encrypttransit.parameters.json')).AppServiceminTlsVersion.parameters + definitionParameters: varPolicySetDefinitionEsEnforceEncrypttransitParameters.AppServiceminTlsVersion.parameters } { definitionReferenceId: 'FunctionLatestTlsEffect' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encrypttransit.parameters.json')).FunctionLatestTlsEffect.parameters + definitionParameters: varPolicySetDefinitionEsEnforceEncrypttransitParameters.FunctionLatestTlsEffect.parameters } { definitionReferenceId: 'FunctionServiceHttpsEffect' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encrypttransit.parameters.json')).FunctionServiceHttpsEffect.parameters + definitionParameters: varPolicySetDefinitionEsEnforceEncrypttransitParameters.FunctionServiceHttpsEffect.parameters } { definitionReferenceId: 'MySQLEnableSSLDeployEffect' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encrypttransit.parameters.json')).MySQLEnableSSLDeployEffect.parameters + definitionParameters: varPolicySetDefinitionEsEnforceEncrypttransitParameters.MySQLEnableSSLDeployEffect.parameters } { definitionReferenceId: 'MySQLEnableSSLEffect' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encrypttransit.parameters.json')).MySQLEnableSSLEffect.parameters + definitionParameters: varPolicySetDefinitionEsEnforceEncrypttransitParameters.MySQLEnableSSLEffect.parameters } { definitionReferenceId: 'PostgreSQLEnableSSLDeployEffect' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encrypttransit.parameters.json')).PostgreSQLEnableSSLDeployEffect.parameters + definitionParameters: varPolicySetDefinitionEsEnforceEncrypttransitParameters.PostgreSQLEnableSSLDeployEffect.parameters } { definitionReferenceId: 'PostgreSQLEnableSSLEffect' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encrypttransit.parameters.json')).PostgreSQLEnableSSLEffect.parameters + definitionParameters: varPolicySetDefinitionEsEnforceEncrypttransitParameters.PostgreSQLEnableSSLEffect.parameters } { definitionReferenceId: 'RedisDenyhttps' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encrypttransit.parameters.json')).RedisDenyhttps.parameters + definitionParameters: varPolicySetDefinitionEsEnforceEncrypttransitParameters.RedisDenyhttps.parameters } { definitionReferenceId: 'RedisdisableNonSslPort' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encrypttransit.parameters.json')).RedisdisableNonSslPort.parameters + definitionParameters: varPolicySetDefinitionEsEnforceEncrypttransitParameters.RedisdisableNonSslPort.parameters } { definitionReferenceId: 'RedisTLSDeployEffect' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encrypttransit.parameters.json')).RedisTLSDeployEffect.parameters + definitionParameters: varPolicySetDefinitionEsEnforceEncrypttransitParameters.RedisTLSDeployEffect.parameters } { definitionReferenceId: 'SQLManagedInstanceTLSDeployEffect' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encrypttransit.parameters.json')).SQLManagedInstanceTLSDeployEffect.parameters + definitionParameters: varPolicySetDefinitionEsEnforceEncrypttransitParameters.SQLManagedInstanceTLSDeployEffect.parameters } { definitionReferenceId: 'SQLManagedInstanceTLSEffect' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encrypttransit.parameters.json')).SQLManagedInstanceTLSEffect.parameters + definitionParameters: varPolicySetDefinitionEsEnforceEncrypttransitParameters.SQLManagedInstanceTLSEffect.parameters } { definitionReferenceId: 'SQLServerTLSDeployEffect' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encrypttransit.parameters.json')).SQLServerTLSDeployEffect.parameters + definitionParameters: varPolicySetDefinitionEsEnforceEncrypttransitParameters.SQLServerTLSDeployEffect.parameters } { definitionReferenceId: 'SQLServerTLSEffect' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encrypttransit.parameters.json')).SQLServerTLSEffect.parameters + definitionParameters: varPolicySetDefinitionEsEnforceEncrypttransitParameters.SQLServerTLSEffect.parameters } { definitionReferenceId: 'StorageDeployHttpsEnabledEffect' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encrypttransit.parameters.json')).StorageDeployHttpsEnabledEffect.parameters + definitionParameters: varPolicySetDefinitionEsEnforceEncrypttransitParameters.StorageDeployHttpsEnabledEffect.parameters } { definitionReferenceId: 'StorageHttpsEnabledEffect' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-minTLS' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encrypttransit.parameters.json')).StorageHttpsEnabledEffect.parameters + definitionParameters: varPolicySetDefinitionEsEnforceEncrypttransitParameters.StorageHttpsEnabledEffect.parameters } { definitionReferenceId: 'WebAppServiceHttpsEffect' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encrypttransit.parameters.json')).WebAppServiceHttpsEffect.parameters + definitionParameters: varPolicySetDefinitionEsEnforceEncrypttransitParameters.WebAppServiceHttpsEffect.parameters } { definitionReferenceId: 'WebAppServiceLatestTlsEffect' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encrypttransit.parameters.json')).WebAppServiceLatestTlsEffect.parameters + definitionParameters: varPolicySetDefinitionEsEnforceEncrypttransitParameters.WebAppServiceLatestTlsEffect.parameters } ] } ] +// Policy Set/Initiative Definition Parameter Variables + +var varPolicySetDefinitionEsDenyPublicpaasendpointsParameters = loadJsonContent('lib/policy_set_definitions/policy_set_definition_es_deny_publicpaasendpoints.parameters.json') + +var varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters = loadJsonContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json') + +var varPolicySetDefinitionEsDeployMdfcConfigParameters = loadJsonContent('lib/policy_set_definitions/policy_set_definition_es_deploy_mdfc_config.parameters.json') + +var varPolicySetDefinitionEsDeployPrivateDnsZonesParameters = loadJsonContent('lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.parameters.json') + +var varPolicySetDefinitionEsDeploySqlSecurityParameters = loadJsonContent('lib/policy_set_definitions/policy_set_definition_es_deploy_sql_security.parameters.json') + +var varPolicySetDefinitionEsEnforceEncryptionCmkParameters = loadJsonContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encryption_cmk.parameters.json') + +var varPolicySetDefinitionEsEnforceEncrypttransitParameters = loadJsonContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encrypttransit.parameters.json') + // Customer Usage Attribution Id var varCuaid = '2b136786-9881-412e-84ba-f4c2822e1ac9' diff --git a/infra-as-code/bicep/modules/policy/definitions/lib/china/policy_definitions/_mc_policyDefinitionsBicepInput.txt b/infra-as-code/bicep/modules/policy/definitions/lib/china/policy_definitions/_mc_policyDefinitionsBicepInput.txt index c0a411068..7ffa96d14 100644 --- a/infra-as-code/bicep/modules/policy/definitions/lib/china/policy_definitions/_mc_policyDefinitionsBicepInput.txt +++ b/infra-as-code/bicep/modules/policy/definitions/lib/china/policy_definitions/_mc_policyDefinitionsBicepInput.txt @@ -1,396 +1,396 @@ { name: 'Append-AppService-httpsonly' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_append_appservice_httpsonly.json')) -} +} { name: 'Append-AppService-latestTLS' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_append_appservice_latesttls.json')) -} +} { name: 'Append-KV-SoftDelete' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_append_kv_softdelete.json')) -} +} { name: 'Append-Redis-disableNonSslPort' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_append_redis_disablenonsslport.json')) -} +} { name: 'Append-Redis-sslEnforcement' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_append_redis_sslenforcement.json')) -} +} { name: 'Deny-AFSPaasPublicIP' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deny_afspaaspublicip.json')) -} +} { name: 'Deny-AppGW-Without-WAF' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deny_appgw_without_waf.json')) -} +} { name: 'Deny-AppServiceApiApp-http' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deny_appserviceapiapp_http.json')) -} +} { name: 'Deny-AppServiceFunctionApp-http' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deny_appservicefunctionapp_http.json')) -} +} { name: 'Deny-AppServiceWebApp-http' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deny_appservicewebapp_http.json')) -} +} { name: 'Deny-KeyVaultPaasPublicIP' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deny_keyvaultpaaspublicip.json')) -} +} { name: 'Deny-MySql-http' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deny_mysql_http.json')) -} +} { name: 'Deny-PostgreSql-http' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deny_postgresql_http.json')) -} +} { name: 'Deny-Private-DNS-Zones' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deny_private_dns_zones.json')) -} +} { name: 'Deny-PublicEndpoint-MariaDB' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deny_publicendpoint_mariadb.json')) -} +} { name: 'Deny-PublicIP' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deny_publicip.json')) -} +} { name: 'Deny-RDP-From-Internet' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deny_rdp_from_internet.json')) -} +} { name: 'Deny-Redis-http' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deny_redis_http.json')) -} +} { name: 'Deny-Sql-minTLS' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deny_sql_mintls.json')) -} +} { name: 'Deny-SqlMi-minTLS' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deny_sqlmi_mintls.json')) -} +} { name: 'Deny-Storage-minTLS' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deny_storage_mintls.json')) -} +} { name: 'Deny-Subnet-Without-Nsg' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deny_subnet_without_nsg.json')) -} +} { name: 'Deny-Subnet-Without-Udr' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deny_subnet_without_udr.json')) -} +} { name: 'Deny-VNET-Peer-Cross-Sub' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deny_vnet_peer_cross_sub.json')) -} +} { name: 'Deny-VNET-Peering-To-Non-Approved-VNETs' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deny_vnet_peering_to_non_approved_vnets.json')) -} +} { name: 'Deny-VNet-Peering' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deny_vnet_peering.json')) -} +} { name: 'Deploy-ActivityLogs-to-LA-workspace' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_activitylogs_to_la_workspace.json')) -} +} { name: 'Deploy-ASC-SecurityContacts' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_asc_securitycontacts.json')) -} +} { name: 'Deploy-DDoSProtection' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_ddosprotection.json')) -} +} { name: 'Deploy-Default-Udr' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_default_udr.json')) -} +} { name: 'Deploy-Diagnostics-AA' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_diagnostics_aa.json')) -} +} { name: 'Deploy-Diagnostics-ACI' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_diagnostics_aci.json')) -} +} { name: 'Deploy-Diagnostics-ACR' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_diagnostics_acr.json')) -} +} { name: 'Deploy-Diagnostics-AnalysisService' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_diagnostics_analysisservice.json')) -} +} { name: 'Deploy-Diagnostics-ApiForFHIR' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_diagnostics_apiforfhir.json')) -} +} { name: 'Deploy-Diagnostics-APIMgmt' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_diagnostics_apimgmt.json')) -} +} { name: 'Deploy-Diagnostics-ApplicationGateway' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_diagnostics_applicationgateway.json')) -} +} { name: 'Deploy-Diagnostics-Bastion' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_diagnostics_bastion.json')) -} +} { name: 'Deploy-Diagnostics-CDNEndpoints' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_diagnostics_cdnendpoints.json')) -} +} { name: 'Deploy-Diagnostics-CognitiveServices' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_diagnostics_cognitiveservices.json')) -} +} { name: 'Deploy-Diagnostics-CosmosDB' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_diagnostics_cosmosdb.json')) -} +} { name: 'Deploy-Diagnostics-Databricks' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_diagnostics_databricks.json')) -} +} { name: 'Deploy-Diagnostics-DataExplorerCluster' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_diagnostics_dataexplorercluster.json')) -} +} { name: 'Deploy-Diagnostics-DataFactory' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_diagnostics_datafactory.json')) -} +} { name: 'Deploy-Diagnostics-DLAnalytics' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_diagnostics_dlanalytics.json')) -} +} { name: 'Deploy-Diagnostics-EventGridSub' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_diagnostics_eventgridsub.json')) -} +} { name: 'Deploy-Diagnostics-EventGridSystemTopic' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_diagnostics_eventgridsystemtopic.json')) -} +} { name: 'Deploy-Diagnostics-EventGridTopic' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_diagnostics_eventgridtopic.json')) -} +} { name: 'Deploy-Diagnostics-ExpressRoute' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_diagnostics_expressroute.json')) -} +} { name: 'Deploy-Diagnostics-Firewall' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_diagnostics_firewall.json')) -} +} { name: 'Deploy-Diagnostics-FrontDoor' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_diagnostics_frontdoor.json')) -} +} { name: 'Deploy-Diagnostics-Function' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_diagnostics_function.json')) -} +} { name: 'Deploy-Diagnostics-HDInsight' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_diagnostics_hdinsight.json')) -} +} { name: 'Deploy-Diagnostics-iotHub' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_diagnostics_iothub.json')) -} +} { name: 'Deploy-Diagnostics-LoadBalancer' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_diagnostics_loadbalancer.json')) -} +} { name: 'Deploy-Diagnostics-LogicAppsISE' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_diagnostics_logicappsise.json')) -} +} { name: 'Deploy-Diagnostics-MariaDB' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_diagnostics_mariadb.json')) -} +} { name: 'Deploy-Diagnostics-MediaService' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_diagnostics_mediaservice.json')) -} +} { name: 'Deploy-Diagnostics-MlWorkspace' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_diagnostics_mlworkspace.json')) -} +} { name: 'Deploy-Diagnostics-MySQL' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_diagnostics_mysql.json')) -} +} { name: 'Deploy-Diagnostics-NetworkSecurityGroups' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_diagnostics_networksecuritygroups.json')) -} +} { name: 'Deploy-Diagnostics-NIC' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_diagnostics_nic.json')) -} +} { name: 'Deploy-Diagnostics-PostgreSQL' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_diagnostics_postgresql.json')) -} +} { name: 'Deploy-Diagnostics-PowerBIEmbedded' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_diagnostics_powerbiembedded.json')) -} +} { name: 'Deploy-Diagnostics-RedisCache' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_diagnostics_rediscache.json')) -} +} { name: 'Deploy-Diagnostics-Relay' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_diagnostics_relay.json')) -} +} { name: 'Deploy-Diagnostics-SignalR' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_diagnostics_signalr.json')) -} +} { name: 'Deploy-Diagnostics-SQLElasticPools' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_diagnostics_sqlelasticpools.json')) -} +} { name: 'Deploy-Diagnostics-SQLMI' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_diagnostics_sqlmi.json')) -} +} { name: 'Deploy-Diagnostics-TimeSeriesInsights' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_diagnostics_timeseriesinsights.json')) -} +} { name: 'Deploy-Diagnostics-TrafficManager' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_diagnostics_trafficmanager.json')) -} +} { name: 'Deploy-Diagnostics-VirtualNetwork' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_diagnostics_virtualnetwork.json')) -} +} { name: 'Deploy-Diagnostics-VM' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_diagnostics_vm.json')) -} +} { name: 'Deploy-Diagnostics-VMSS' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_diagnostics_vmss.json')) -} +} { name: 'Deploy-Diagnostics-VNetGW' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_diagnostics_vnetgw.json')) -} +} { name: 'Deploy-Diagnostics-WebServerFarm' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_diagnostics_webserverfarm.json')) -} +} { name: 'Deploy-Diagnostics-Website' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_diagnostics_website.json')) -} +} { name: 'Deploy-Diagnostics-WVDAppGroup' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_diagnostics_wvdappgroup.json')) -} +} { name: 'Deploy-Diagnostics-WVDHostPools' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_diagnostics_wvdhostpools.json')) -} +} { name: 'Deploy-Diagnostics-WVDWorkspace' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_diagnostics_wvdworkspace.json')) -} +} { name: 'Deploy-FirewallPolicy' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_firewallpolicy.json')) -} +} { name: 'Deploy-MySQL-sslEnforcement' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_mysql_sslenforcement.json')) -} +} { name: 'Deploy-MySQLCMKEffect' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_mysqlcmkeffect.json')) -} +} { name: 'Deploy-Nsg-FlowLogs-to-LA' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_nsg_flowlogs_to_la.json')) -} +} { name: 'Deploy-Nsg-FlowLogs' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_nsg_flowlogs.json')) -} +} { name: 'Deploy-PostgreSQL-sslEnforcement' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_postgresql_sslenforcement.json')) -} +} { name: 'Deploy-PostgreSQLCMKEffect' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_postgresqlcmkeffect.json')) -} +} { name: 'Deploy-Private-DNS-Azure-File-Sync' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_private_dns_azure_file_sync.json')) -} +} { name: 'Deploy-Private-DNS-Azure-KeyVault' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_private_dns_azure_keyvault.json')) -} +} { name: 'Deploy-Private-DNS-Azure-Web' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_private_dns_azure_web.json')) -} +} { name: 'Deploy-Sql-AuditingSettings' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_sql_auditingsettings.json')) -} +} { name: 'Deploy-SQL-minTLS' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_sql_mintls.json')) -} +} { name: 'Deploy-Sql-SecurityAlertPolicies' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_sql_securityalertpolicies.json')) -} +} { name: 'Deploy-Sql-Tde' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_sql_tde.json')) -} +} { name: 'Deploy-Sql-vulnerabilityAssessments' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_sql_vulnerabilityassessments.json')) -} +} { name: 'Deploy-SqlMi-minTLS' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_sqlmi_mintls.json')) -} +} { name: 'Deploy-Storage-sslEnforcement' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_storage_sslenforcement.json')) -} +} { name: 'Deploy-VNET-HubSpoke' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_vnet_hubspoke.json')) -} +} { name: 'Deploy-Windows-DomainJoin' libDefinition: json(loadTextContent('lib/china/policy_definitions/policy_definition_es_mc_deploy_windows_domainjoin.json')) -} +} diff --git a/infra-as-code/bicep/modules/policy/definitions/lib/china/policy_set_definitions/_mc_policySetDefinitionsBicepInput.txt b/infra-as-code/bicep/modules/policy/definitions/lib/china/policy_set_definitions/_mc_policySetDefinitionsBicepInput.txt index 8a7b20415..d6e981aeb 100644 --- a/infra-as-code/bicep/modules/policy/definitions/lib/china/policy_set_definitions/_mc_policySetDefinitionsBicepInput.txt +++ b/infra-as-code/bicep/modules/policy/definitions/lib/china/policy_set_definitions/_mc_policySetDefinitionsBicepInput.txt @@ -1,722 +1,742 @@ -{ - name: 'Deny-PublicPaaSEndpoints' - libSetDefinition: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deny_publicpaasendpoints.json')) - libSetChildDefinitions: [ - { - definitionReferenceId: 'ACRDenyPaasPublicIP' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deny_publicpaasendpoints.parameters.json')).ACRDenyPaasPublicIP.parameters - } - { - definitionReferenceId: 'AFSDenyPaasPublicIP' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-AFSPaasPublicIP' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deny_publicpaasendpoints.parameters.json')).AFSDenyPaasPublicIP.parameters - } - { - definitionReferenceId: 'AKSDenyPaasPublicIP' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deny_publicpaasendpoints.parameters.json')).AKSDenyPaasPublicIP.parameters - } - { - definitionReferenceId: 'BatchDenyPublicIP' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deny_publicpaasendpoints.parameters.json')).BatchDenyPublicIP.parameters - } - { - definitionReferenceId: 'CosmosDenyPaasPublicIP' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deny_publicpaasendpoints.parameters.json')).CosmosDenyPaasPublicIP.parameters - } - { - definitionReferenceId: 'KeyVaultDenyPaasPublicIP' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-KeyVaultPaasPublicIP' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deny_publicpaasendpoints.parameters.json')).KeyVaultDenyPaasPublicIP.parameters - } - { - definitionReferenceId: 'SqlServerDenyPaasPublicIP' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deny_publicpaasendpoints.parameters.json')).SqlServerDenyPaasPublicIP.parameters - } - { - definitionReferenceId: 'StorageDenyPaasPublicIP' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deny_publicpaasendpoints.parameters.json')).StorageDenyPaasPublicIP.parameters - } - ] -} -{ - name: 'Deploy-Diagnostics-LogAnalytics' - libSetDefinition: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.json')) - libSetChildDefinitions: [ - { - definitionReferenceId: 'ACIDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).ACIDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'ACRDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).ACRDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'AKSDeployDiagnosticLogDeployLogAnalytics' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).AKSDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'AnalysisServiceDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).AnalysisServiceDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'APIforFHIRDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).APIforFHIRDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'APIMgmtDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).APIMgmtDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'AppServiceDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).AppServiceDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'AppServiceWebappDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).AppServiceWebappDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'AutomationDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).AutomationDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'AVDHostPoolsDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).AVDHostPoolsDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'BastionDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).BastionDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'BatchDeployDiagnosticLogDeployLogAnalytics' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).BatchDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'CDNEndpointsDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).CDNEndpointsDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'CognitiveServicesDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).CognitiveServicesDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'CosmosDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).CosmosDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'DatabricksDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).DatabricksDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'DataFactoryDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).DataFactoryDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'DataLakeStoreDeployDiagnosticLogDeployLogAnalytics' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).DataLakeStoreDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'EventGridSubDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).EventGridSubDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'EventGridTopicDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).EventGridTopicDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'EventHubDeployDiagnosticLogDeployLogAnalytics' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).EventHubDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'EventSystemTopicDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).EventSystemTopicDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'ExpressRouteDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).ExpressRouteDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'FirewallDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).FirewallDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'FrontDoorDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).FrontDoorDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'FunctionAppDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).FunctionAppDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'HDInsightDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).HDInsightDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'IotHubDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).IotHubDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'KeyVaultDeployDiagnosticLogDeployLogAnalytics' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).KeyVaultDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'LoadBalancerDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).LoadBalancerDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'LogicAppsISEDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).LogicAppsISEDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'LogicAppsWFDeployDiagnosticLogDeployLogAnalytics' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).LogicAppsWFDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'MariaDBDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).MariaDBDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'MediaServiceDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).MediaServiceDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'MlWorkspaceDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).MlWorkspaceDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'MySQLDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).MySQLDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'NetworkNICDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).NetworkNICDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'PostgreSQLDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).PostgreSQLDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'RecoveryVaultDeployDiagnosticLogDeployLogAnalytics' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).RecoveryVaultDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'RedisCacheDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).RedisCacheDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'RelayDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).RelayDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'SearchServicesDeployDiagnosticLogDeployLogAnalytics' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).SearchServicesDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'ServiceBusDeployDiagnosticLogDeployLogAnalytics' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).ServiceBusDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'SignalRDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).SignalRDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'SQLDatabaseDeployDiagnosticLogDeployLogAnalytics' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).SQLDatabaseDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'SQLMDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).SQLMDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'StorageAccountDeployDiagnosticLogDeployLogAnalytics' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/6f8f98a4-f108-47cb-8e98-91a0d85cd474' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).StorageAccountDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'TrafficManagerDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).TrafficManagerDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'VirtualMachinesDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).VirtualMachinesDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'VirtualNetworkDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).VirtualNetworkDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'VMSSDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).VMSSDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'VNetGWDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).VNetGWDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'WVDAppGroupDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).WVDAppGroupDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics.parameters - } - ] -} -{ - name: 'Deploy-MDFC-Config' - libSetDefinition: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_mdfc_config.json')) - libSetChildDefinitions: [ - { - definitionReferenceId: 'ascExport' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_mdfc_config.parameters.json')).ascExport.parameters - } - { - definitionReferenceId: 'defenderForContainers' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_mdfc_config.parameters.json')).defenderForContainers.parameters - } - { - definitionReferenceId: 'defenderForSqlPaas' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_mdfc_config.parameters.json')).defenderForSqlPaas.parameters - } - { - definitionReferenceId: 'defenderForVM' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_mdfc_config.parameters.json')).defenderForVM.parameters - } - { - definitionReferenceId: 'securityEmailContact' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_mdfc_config.parameters.json')).securityEmailContact.parameters - } - ] -} -{ - name: 'Deploy-Private-DNS-Zones' - libSetDefinition: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_private_dns_zones.json')) - libSetChildDefinitions: [ - { - definitionReferenceId: 'Deploy-Private-DNS-Azure-File-Sync' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Private-DNS-Azure-File-Sync' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_private_dns_zones.parameters.json')).Deploy-Private-DNS-Azure-File-Sync.parameters - } - { - definitionReferenceId: 'Deploy-Private-DNS-Azure-KeyVault' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Private-DNS-Azure-KeyVault' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_private_dns_zones.parameters.json')).Deploy-Private-DNS-Azure-KeyVault.parameters - } - { - definitionReferenceId: 'Deploy-Private-DNS-Azure-Web' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Private-DNS-Azure-Web' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_private_dns_zones.parameters.json')).Deploy-Private-DNS-Azure-Web.parameters - } - { - definitionReferenceId: 'DINE-Private-DNS-Azure-ACR' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_private_dns_zones.parameters.json')).DINE-Private-DNS-Azure-ACR.parameters - } - { - definitionReferenceId: 'DINE-Private-DNS-Azure-App' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_private_dns_zones.parameters.json')).DINE-Private-DNS-Azure-App.parameters - } - { - definitionReferenceId: 'DINE-Private-DNS-Azure-AppServices' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_private_dns_zones.parameters.json')).DINE-Private-DNS-Azure-AppServices.parameters - } - { - definitionReferenceId: 'DINE-Private-DNS-Azure-Batch' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_private_dns_zones.parameters.json')).DINE-Private-DNS-Azure-Batch.parameters - } - { - definitionReferenceId: 'DINE-Private-DNS-Azure-CognitiveSearch' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_private_dns_zones.parameters.json')).DINE-Private-DNS-Azure-CognitiveSearch.parameters - } - { - definitionReferenceId: 'DINE-Private-DNS-Azure-CognitiveServices' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_private_dns_zones.parameters.json')).DINE-Private-DNS-Azure-CognitiveServices.parameters - } - { - definitionReferenceId: 'DINE-Private-DNS-Azure-DiskAccess' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_private_dns_zones.parameters.json')).DINE-Private-DNS-Azure-DiskAccess.parameters - } - { - definitionReferenceId: 'DINE-Private-DNS-Azure-EventGridDomains' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_private_dns_zones.parameters.json')).DINE-Private-DNS-Azure-EventGridDomains.parameters - } - { - definitionReferenceId: 'DINE-Private-DNS-Azure-EventGridTopics' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_private_dns_zones.parameters.json')).DINE-Private-DNS-Azure-EventGridTopics.parameters - } - { - definitionReferenceId: 'DINE-Private-DNS-Azure-EventHubNamespace' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_private_dns_zones.parameters.json')).DINE-Private-DNS-Azure-EventHubNamespace.parameters - } - { - definitionReferenceId: 'DINE-Private-DNS-Azure-IoT' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_private_dns_zones.parameters.json')).DINE-Private-DNS-Azure-IoT.parameters - } - { - definitionReferenceId: 'DINE-Private-DNS-Azure-IoTHubs' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_private_dns_zones.parameters.json')).DINE-Private-DNS-Azure-IoTHubs.parameters - } - { - definitionReferenceId: 'DINE-Private-DNS-Azure-MachineLearningWorkspace' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_private_dns_zones.parameters.json')).DINE-Private-DNS-Azure-MachineLearningWorkspace.parameters - } - { - definitionReferenceId: 'DINE-Private-DNS-Azure-RedisCache' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_private_dns_zones.parameters.json')).DINE-Private-DNS-Azure-RedisCache.parameters - } - { - definitionReferenceId: 'DINE-Private-DNS-Azure-ServiceBusNamespace' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_private_dns_zones.parameters.json')).DINE-Private-DNS-Azure-ServiceBusNamespace.parameters - } - { - definitionReferenceId: 'DINE-Private-DNS-Azure-SignalR' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_private_dns_zones.parameters.json')).DINE-Private-DNS-Azure-SignalR.parameters - } - { - definitionReferenceId: 'DINE-Private-DNS-Azure-Site-Recovery' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/942bd215-1a66-44be-af65-6a1c0318dbe2' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_private_dns_zones.parameters.json')).DINE-Private-DNS-Azure-Site-Recovery.parameters - } - ] -} -{ - name: 'Deploy-Sql-Security' - libSetDefinition: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_sql_security.json')) - libSetChildDefinitions: [ - { - definitionReferenceId: 'SqlDbAuditingSettingsDeploySqlSecurity' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-AuditingSettings' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_sql_security.parameters.json')).SqlDbAuditingSettingsDeploySqlSecurity.parameters - } - { - definitionReferenceId: 'SqlDbSecurityAlertPoliciesDeploySqlSecurity' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-SecurityAlertPolicies' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_sql_security.parameters.json')).SqlDbSecurityAlertPoliciesDeploySqlSecurity.parameters - } - { - definitionReferenceId: 'SqlDbTdeDeploySqlSecurity' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-Tde' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_sql_security.parameters.json')).SqlDbTdeDeploySqlSecurity.parameters - } - { - definitionReferenceId: 'SqlDbVulnerabilityAssessmentsDeploySqlSecurity' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-vulnerabilityAssessments' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_sql_security.parameters.json')).SqlDbVulnerabilityAssessmentsDeploySqlSecurity.parameters - } - ] -} -{ - name: 'Enforce-Encryption-CMK' - libSetDefinition: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encryption_cmk.json')) - libSetChildDefinitions: [ - { - definitionReferenceId: 'ACRCmkDeny' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encryption_cmk.parameters.json')).ACRCmkDeny.parameters - } - { - definitionReferenceId: 'AksCmkDeny' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encryption_cmk.parameters.json')).AksCmkDeny.parameters - } - { - definitionReferenceId: 'AzureBatchCMKEffect' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encryption_cmk.parameters.json')).AzureBatchCMKEffect.parameters - } - { - definitionReferenceId: 'CognitiveServicesCMK' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encryption_cmk.parameters.json')).CognitiveServicesCMK.parameters - } - { - definitionReferenceId: 'CosmosCMKEffect' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encryption_cmk.parameters.json')).CosmosCMKEffect.parameters - } - { - definitionReferenceId: 'DataBoxCMKEffect' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encryption_cmk.parameters.json')).DataBoxCMKEffect.parameters - } - { - definitionReferenceId: 'EncryptedVMDisksEffect' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encryption_cmk.parameters.json')).EncryptedVMDisksEffect.parameters - } - { - definitionReferenceId: 'MySQLCMKEffect' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQLCMKEffect' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encryption_cmk.parameters.json')).MySQLCMKEffect.parameters - } - { - definitionReferenceId: 'PostgreSQLCMKEffect' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQLCMKEffect' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encryption_cmk.parameters.json')).PostgreSQLCMKEffect.parameters - } - { - definitionReferenceId: 'SqlServerTDECMKEffect' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encryption_cmk.parameters.json')).SqlServerTDECMKEffect.parameters - } - { - definitionReferenceId: 'StorageCMKEffect' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encryption_cmk.parameters.json')).StorageCMKEffect.parameters - } - { - definitionReferenceId: 'StreamAnalyticsCMKEffect' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encryption_cmk.parameters.json')).StreamAnalyticsCMKEffect.parameters - } - { - definitionReferenceId: 'SynapseWorkspaceCMKEffect' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encryption_cmk.parameters.json')).SynapseWorkspaceCMKEffect.parameters - } - { - definitionReferenceId: 'WorkspaceCMK' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encryption_cmk.parameters.json')).WorkspaceCMK.parameters - } - ] -} -{ - name: 'Enforce-EncryptTransit' - libSetDefinition: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encrypttransit.json')) - libSetChildDefinitions: [ - { - definitionReferenceId: 'AKSIngressHttpsOnlyEffect' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encrypttransit.parameters.json')).AKSIngressHttpsOnlyEffect.parameters - } - { - definitionReferenceId: 'APIAppServiceHttpsEffect' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encrypttransit.parameters.json')).APIAppServiceHttpsEffect.parameters - } - { - definitionReferenceId: 'APIAppServiceLatestTlsEffect' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encrypttransit.parameters.json')).APIAppServiceLatestTlsEffect.parameters - } - { - definitionReferenceId: 'AppServiceHttpEffect' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encrypttransit.parameters.json')).AppServiceHttpEffect.parameters - } - { - definitionReferenceId: 'AppServiceminTlsVersion' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encrypttransit.parameters.json')).AppServiceminTlsVersion.parameters - } - { - definitionReferenceId: 'FunctionLatestTlsEffect' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encrypttransit.parameters.json')).FunctionLatestTlsEffect.parameters - } - { - definitionReferenceId: 'FunctionServiceHttpsEffect' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encrypttransit.parameters.json')).FunctionServiceHttpsEffect.parameters - } - { - definitionReferenceId: 'MySQLEnableSSLDeployEffect' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encrypttransit.parameters.json')).MySQLEnableSSLDeployEffect.parameters - } - { - definitionReferenceId: 'MySQLEnableSSLEffect' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encrypttransit.parameters.json')).MySQLEnableSSLEffect.parameters - } - { - definitionReferenceId: 'PostgreSQLEnableSSLDeployEffect' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encrypttransit.parameters.json')).PostgreSQLEnableSSLDeployEffect.parameters - } - { - definitionReferenceId: 'PostgreSQLEnableSSLEffect' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encrypttransit.parameters.json')).PostgreSQLEnableSSLEffect.parameters - } - { - definitionReferenceId: 'RedisDenyhttps' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encrypttransit.parameters.json')).RedisDenyhttps.parameters - } - { - definitionReferenceId: 'RedisdisableNonSslPort' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encrypttransit.parameters.json')).RedisdisableNonSslPort.parameters - } - { - definitionReferenceId: 'RedisTLSDeployEffect' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encrypttransit.parameters.json')).RedisTLSDeployEffect.parameters - } - { - definitionReferenceId: 'SQLManagedInstanceTLSDeployEffect' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encrypttransit.parameters.json')).SQLManagedInstanceTLSDeployEffect.parameters - } - { - definitionReferenceId: 'SQLManagedInstanceTLSEffect' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encrypttransit.parameters.json')).SQLManagedInstanceTLSEffect.parameters - } - { - definitionReferenceId: 'SQLServerTLSDeployEffect' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encrypttransit.parameters.json')).SQLServerTLSDeployEffect.parameters - } - { - definitionReferenceId: 'SQLServerTLSEffect' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encrypttransit.parameters.json')).SQLServerTLSEffect.parameters - } - { - definitionReferenceId: 'StorageDeployHttpsEnabledEffect' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encrypttransit.parameters.json')).StorageDeployHttpsEnabledEffect.parameters - } - { - definitionReferenceId: 'StorageHttpsEnabledEffect' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-minTLS' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encrypttransit.parameters.json')).StorageHttpsEnabledEffect.parameters - } - { - definitionReferenceId: 'WebAppServiceHttpsEffect' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encrypttransit.parameters.json')).WebAppServiceHttpsEffect.parameters - } - { - definitionReferenceId: 'WebAppServiceLatestTlsEffect' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encrypttransit.parameters.json')).WebAppServiceLatestTlsEffect.parameters - } - ] -} +var varCustomPolicySetDefinitionsArray = [ + { + name: 'Deny-PublicPaaSEndpoints' + libSetDefinition: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deny_publicpaasendpoints.json')) + libSetChildDefinitions: [ + { + definitionReferenceId: 'ACRDenyPaasPublicIP' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f' + definitionParameters: varPolicySetDefinitionEsMcDenyPublicpaasendpointsParameters.ACRDenyPaasPublicIP.parameters + } + { + definitionReferenceId: 'AFSDenyPaasPublicIP' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-AFSPaasPublicIP' + definitionParameters: varPolicySetDefinitionEsMcDenyPublicpaasendpointsParameters.AFSDenyPaasPublicIP.parameters + } + { + definitionReferenceId: 'AKSDenyPaasPublicIP' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8' + definitionParameters: varPolicySetDefinitionEsMcDenyPublicpaasendpointsParameters.AKSDenyPaasPublicIP.parameters + } + { + definitionReferenceId: 'BatchDenyPublicIP' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488' + definitionParameters: varPolicySetDefinitionEsMcDenyPublicpaasendpointsParameters.BatchDenyPublicIP.parameters + } + { + definitionReferenceId: 'CosmosDenyPaasPublicIP' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a' + definitionParameters: varPolicySetDefinitionEsMcDenyPublicpaasendpointsParameters.CosmosDenyPaasPublicIP.parameters + } + { + definitionReferenceId: 'KeyVaultDenyPaasPublicIP' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-KeyVaultPaasPublicIP' + definitionParameters: varPolicySetDefinitionEsMcDenyPublicpaasendpointsParameters.KeyVaultDenyPaasPublicIP.parameters + } + { + definitionReferenceId: 'SqlServerDenyPaasPublicIP' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780' + definitionParameters: varPolicySetDefinitionEsMcDenyPublicpaasendpointsParameters.SqlServerDenyPaasPublicIP.parameters + } + { + definitionReferenceId: 'StorageDenyPaasPublicIP' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c' + definitionParameters: varPolicySetDefinitionEsMcDenyPublicpaasendpointsParameters.StorageDenyPaasPublicIP.parameters + } + ] + } + { + name: 'Deploy-Diagnostics-LogAnalytics' + libSetDefinition: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.json')) + libSetChildDefinitions: [ + { + definitionReferenceId: 'ACIDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.ACIDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'ACRDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.ACRDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'AKSDeployDiagnosticLogDeployLogAnalytics' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.AKSDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'AnalysisServiceDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.AnalysisServiceDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'APIforFHIRDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.APIforFHIRDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'APIMgmtDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.APIMgmtDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'AppServiceDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.AppServiceDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'AppServiceWebappDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.AppServiceWebappDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'AutomationDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.AutomationDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'AVDHostPoolsDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.AVDHostPoolsDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'BastionDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.BastionDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'BatchDeployDiagnosticLogDeployLogAnalytics' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.BatchDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'CDNEndpointsDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.CDNEndpointsDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'CognitiveServicesDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.CognitiveServicesDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'CosmosDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.CosmosDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'DatabricksDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.DatabricksDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'DataFactoryDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.DataFactoryDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'DataLakeStoreDeployDiagnosticLogDeployLogAnalytics' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.DataLakeStoreDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'EventGridSubDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.EventGridSubDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'EventGridTopicDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.EventGridTopicDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'EventHubDeployDiagnosticLogDeployLogAnalytics' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.EventHubDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'EventSystemTopicDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.EventSystemTopicDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'ExpressRouteDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.ExpressRouteDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'FirewallDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.FirewallDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'FrontDoorDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.FrontDoorDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'FunctionAppDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.FunctionAppDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'HDInsightDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.HDInsightDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'IotHubDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.IotHubDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'KeyVaultDeployDiagnosticLogDeployLogAnalytics' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.KeyVaultDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'LoadBalancerDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.LoadBalancerDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'LogicAppsISEDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.LogicAppsISEDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'LogicAppsWFDeployDiagnosticLogDeployLogAnalytics' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.LogicAppsWFDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'MariaDBDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.MariaDBDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'MediaServiceDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.MediaServiceDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'MlWorkspaceDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.MlWorkspaceDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'MySQLDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.MySQLDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'NetworkNICDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.NetworkNICDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'PostgreSQLDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.PostgreSQLDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'RecoveryVaultDeployDiagnosticLogDeployLogAnalytics' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.RecoveryVaultDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'RedisCacheDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.RedisCacheDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'RelayDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.RelayDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'SearchServicesDeployDiagnosticLogDeployLogAnalytics' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.SearchServicesDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'ServiceBusDeployDiagnosticLogDeployLogAnalytics' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.ServiceBusDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'SignalRDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.SignalRDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'SQLDatabaseDeployDiagnosticLogDeployLogAnalytics' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.SQLDatabaseDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'SQLMDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.SQLMDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'StorageAccountDeployDiagnosticLogDeployLogAnalytics' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/6f8f98a4-f108-47cb-8e98-91a0d85cd474' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.StorageAccountDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'TrafficManagerDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.TrafficManagerDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'VirtualMachinesDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.VirtualMachinesDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'VirtualNetworkDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.VirtualNetworkDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'VMSSDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.VMSSDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'VNetGWDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.VNetGWDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'WVDAppGroupDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.WVDAppGroupDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace' + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics.parameters + } + ] + } + { + name: 'Deploy-MDFC-Config' + libSetDefinition: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_mdfc_config.json')) + libSetChildDefinitions: [ + { + definitionReferenceId: 'ascExport' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9' + definitionParameters: varPolicySetDefinitionEsMcDeployMdfcConfigParameters.ascExport.parameters + } + { + definitionReferenceId: 'defenderForContainers' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f' + definitionParameters: varPolicySetDefinitionEsMcDeployMdfcConfigParameters.defenderForContainers.parameters + } + { + definitionReferenceId: 'defenderForSqlPaas' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491' + definitionParameters: varPolicySetDefinitionEsMcDeployMdfcConfigParameters.defenderForSqlPaas.parameters + } + { + definitionReferenceId: 'defenderForVM' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222' + definitionParameters: varPolicySetDefinitionEsMcDeployMdfcConfigParameters.defenderForVM.parameters + } + { + definitionReferenceId: 'securityEmailContact' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts' + definitionParameters: varPolicySetDefinitionEsMcDeployMdfcConfigParameters.securityEmailContact.parameters + } + ] + } + { + name: 'Deploy-Private-DNS-Zones' + libSetDefinition: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_private_dns_zones.json')) + libSetChildDefinitions: [ + { + definitionReferenceId: 'Deploy-Private-DNS-Azure-File-Sync' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Private-DNS-Azure-File-Sync' + definitionParameters: varPolicySetDefinitionEsMcDeployPrivateDnsZonesParameters['Deploy-Private-DNS-Azure-File-Sync'].parameters + } + { + definitionReferenceId: 'Deploy-Private-DNS-Azure-KeyVault' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Private-DNS-Azure-KeyVault' + definitionParameters: varPolicySetDefinitionEsMcDeployPrivateDnsZonesParameters['Deploy-Private-DNS-Azure-KeyVault'].parameters + } + { + definitionReferenceId: 'Deploy-Private-DNS-Azure-Web' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Private-DNS-Azure-Web' + definitionParameters: varPolicySetDefinitionEsMcDeployPrivateDnsZonesParameters['Deploy-Private-DNS-Azure-Web'].parameters + } + { + definitionReferenceId: 'DINE-Private-DNS-Azure-ACR' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32' + definitionParameters: varPolicySetDefinitionEsMcDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-ACR'].parameters + } + { + definitionReferenceId: 'DINE-Private-DNS-Azure-App' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df' + definitionParameters: varPolicySetDefinitionEsMcDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-App'].parameters + } + { + definitionReferenceId: 'DINE-Private-DNS-Azure-AppServices' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452' + definitionParameters: varPolicySetDefinitionEsMcDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-AppServices'].parameters + } + { + definitionReferenceId: 'DINE-Private-DNS-Azure-Batch' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8' + definitionParameters: varPolicySetDefinitionEsMcDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-Batch'].parameters + } + { + definitionReferenceId: 'DINE-Private-DNS-Azure-CognitiveSearch' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009' + definitionParameters: varPolicySetDefinitionEsMcDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-CognitiveSearch'].parameters + } + { + definitionReferenceId: 'DINE-Private-DNS-Azure-CognitiveServices' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091' + definitionParameters: varPolicySetDefinitionEsMcDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-CognitiveServices'].parameters + } + { + definitionReferenceId: 'DINE-Private-DNS-Azure-DiskAccess' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a' + definitionParameters: varPolicySetDefinitionEsMcDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-DiskAccess'].parameters + } + { + definitionReferenceId: 'DINE-Private-DNS-Azure-EventGridDomains' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d' + definitionParameters: varPolicySetDefinitionEsMcDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-EventGridDomains'].parameters + } + { + definitionReferenceId: 'DINE-Private-DNS-Azure-EventGridTopics' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483' + definitionParameters: varPolicySetDefinitionEsMcDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-EventGridTopics'].parameters + } + { + definitionReferenceId: 'DINE-Private-DNS-Azure-EventHubNamespace' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6' + definitionParameters: varPolicySetDefinitionEsMcDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-EventHubNamespace'].parameters + } + { + definitionReferenceId: 'DINE-Private-DNS-Azure-IoT' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8' + definitionParameters: varPolicySetDefinitionEsMcDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-IoT'].parameters + } + { + definitionReferenceId: 'DINE-Private-DNS-Azure-IoTHubs' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02' + definitionParameters: varPolicySetDefinitionEsMcDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-IoTHubs'].parameters + } + { + definitionReferenceId: 'DINE-Private-DNS-Azure-MachineLearningWorkspace' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb' + definitionParameters: varPolicySetDefinitionEsMcDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-MachineLearningWorkspace'].parameters + } + { + definitionReferenceId: 'DINE-Private-DNS-Azure-RedisCache' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2' + definitionParameters: varPolicySetDefinitionEsMcDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-RedisCache'].parameters + } + { + definitionReferenceId: 'DINE-Private-DNS-Azure-ServiceBusNamespace' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564' + definitionParameters: varPolicySetDefinitionEsMcDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-ServiceBusNamespace'].parameters + } + { + definitionReferenceId: 'DINE-Private-DNS-Azure-SignalR' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e' + definitionParameters: varPolicySetDefinitionEsMcDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-SignalR'].parameters + } + { + definitionReferenceId: 'DINE-Private-DNS-Azure-Site-Recovery' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/942bd215-1a66-44be-af65-6a1c0318dbe2' + definitionParameters: varPolicySetDefinitionEsMcDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-Site-Recovery'].parameters + } + ] + } + { + name: 'Deploy-Sql-Security' + libSetDefinition: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_sql_security.json')) + libSetChildDefinitions: [ + { + definitionReferenceId: 'SqlDbAuditingSettingsDeploySqlSecurity' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-AuditingSettings' + definitionParameters: varPolicySetDefinitionEsMcDeploySqlSecurityParameters.SqlDbAuditingSettingsDeploySqlSecurity.parameters + } + { + definitionReferenceId: 'SqlDbSecurityAlertPoliciesDeploySqlSecurity' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-SecurityAlertPolicies' + definitionParameters: varPolicySetDefinitionEsMcDeploySqlSecurityParameters.SqlDbSecurityAlertPoliciesDeploySqlSecurity.parameters + } + { + definitionReferenceId: 'SqlDbTdeDeploySqlSecurity' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-Tde' + definitionParameters: varPolicySetDefinitionEsMcDeploySqlSecurityParameters.SqlDbTdeDeploySqlSecurity.parameters + } + { + definitionReferenceId: 'SqlDbVulnerabilityAssessmentsDeploySqlSecurity' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-vulnerabilityAssessments' + definitionParameters: varPolicySetDefinitionEsMcDeploySqlSecurityParameters.SqlDbVulnerabilityAssessmentsDeploySqlSecurity.parameters + } + ] + } + { + name: 'Enforce-Encryption-CMK' + libSetDefinition: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encryption_cmk.json')) + libSetChildDefinitions: [ + { + definitionReferenceId: 'ACRCmkDeny' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580' + definitionParameters: varPolicySetDefinitionEsMcEnforceEncryptionCmkParameters.ACRCmkDeny.parameters + } + { + definitionReferenceId: 'AksCmkDeny' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67' + definitionParameters: varPolicySetDefinitionEsMcEnforceEncryptionCmkParameters.AksCmkDeny.parameters + } + { + definitionReferenceId: 'AzureBatchCMKEffect' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a' + definitionParameters: varPolicySetDefinitionEsMcEnforceEncryptionCmkParameters.AzureBatchCMKEffect.parameters + } + { + definitionReferenceId: 'CognitiveServicesCMK' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d' + definitionParameters: varPolicySetDefinitionEsMcEnforceEncryptionCmkParameters.CognitiveServicesCMK.parameters + } + { + definitionReferenceId: 'CosmosCMKEffect' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f' + definitionParameters: varPolicySetDefinitionEsMcEnforceEncryptionCmkParameters.CosmosCMKEffect.parameters + } + { + definitionReferenceId: 'DataBoxCMKEffect' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae' + definitionParameters: varPolicySetDefinitionEsMcEnforceEncryptionCmkParameters.DataBoxCMKEffect.parameters + } + { + definitionReferenceId: 'EncryptedVMDisksEffect' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d' + definitionParameters: varPolicySetDefinitionEsMcEnforceEncryptionCmkParameters.EncryptedVMDisksEffect.parameters + } + { + definitionReferenceId: 'MySQLCMKEffect' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQLCMKEffect' + definitionParameters: varPolicySetDefinitionEsMcEnforceEncryptionCmkParameters.MySQLCMKEffect.parameters + } + { + definitionReferenceId: 'PostgreSQLCMKEffect' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQLCMKEffect' + definitionParameters: varPolicySetDefinitionEsMcEnforceEncryptionCmkParameters.PostgreSQLCMKEffect.parameters + } + { + definitionReferenceId: 'SqlServerTDECMKEffect' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd' + definitionParameters: varPolicySetDefinitionEsMcEnforceEncryptionCmkParameters.SqlServerTDECMKEffect.parameters + } + { + definitionReferenceId: 'StorageCMKEffect' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25' + definitionParameters: varPolicySetDefinitionEsMcEnforceEncryptionCmkParameters.StorageCMKEffect.parameters + } + { + definitionReferenceId: 'StreamAnalyticsCMKEffect' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7' + definitionParameters: varPolicySetDefinitionEsMcEnforceEncryptionCmkParameters.StreamAnalyticsCMKEffect.parameters + } + { + definitionReferenceId: 'SynapseWorkspaceCMKEffect' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385' + definitionParameters: varPolicySetDefinitionEsMcEnforceEncryptionCmkParameters.SynapseWorkspaceCMKEffect.parameters + } + { + definitionReferenceId: 'WorkspaceCMK' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8' + definitionParameters: varPolicySetDefinitionEsMcEnforceEncryptionCmkParameters.WorkspaceCMK.parameters + } + ] + } + { + name: 'Enforce-EncryptTransit' + libSetDefinition: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encrypttransit.json')) + libSetChildDefinitions: [ + { + definitionReferenceId: 'AKSIngressHttpsOnlyEffect' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d' + definitionParameters: varPolicySetDefinitionEsMcEnforceEncrypttransitParameters.AKSIngressHttpsOnlyEffect.parameters + } + { + definitionReferenceId: 'APIAppServiceHttpsEffect' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http' + definitionParameters: varPolicySetDefinitionEsMcEnforceEncrypttransitParameters.APIAppServiceHttpsEffect.parameters + } + { + definitionReferenceId: 'APIAppServiceLatestTlsEffect' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e' + definitionParameters: varPolicySetDefinitionEsMcEnforceEncrypttransitParameters.APIAppServiceLatestTlsEffect.parameters + } + { + definitionReferenceId: 'AppServiceHttpEffect' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly' + definitionParameters: varPolicySetDefinitionEsMcEnforceEncrypttransitParameters.AppServiceHttpEffect.parameters + } + { + definitionReferenceId: 'AppServiceminTlsVersion' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS' + definitionParameters: varPolicySetDefinitionEsMcEnforceEncrypttransitParameters.AppServiceminTlsVersion.parameters + } + { + definitionReferenceId: 'FunctionLatestTlsEffect' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193' + definitionParameters: varPolicySetDefinitionEsMcEnforceEncrypttransitParameters.FunctionLatestTlsEffect.parameters + } + { + definitionReferenceId: 'FunctionServiceHttpsEffect' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http' + definitionParameters: varPolicySetDefinitionEsMcEnforceEncrypttransitParameters.FunctionServiceHttpsEffect.parameters + } + { + definitionReferenceId: 'MySQLEnableSSLDeployEffect' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement' + definitionParameters: varPolicySetDefinitionEsMcEnforceEncrypttransitParameters.MySQLEnableSSLDeployEffect.parameters + } + { + definitionReferenceId: 'MySQLEnableSSLEffect' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http' + definitionParameters: varPolicySetDefinitionEsMcEnforceEncrypttransitParameters.MySQLEnableSSLEffect.parameters + } + { + definitionReferenceId: 'PostgreSQLEnableSSLDeployEffect' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement' + definitionParameters: varPolicySetDefinitionEsMcEnforceEncrypttransitParameters.PostgreSQLEnableSSLDeployEffect.parameters + } + { + definitionReferenceId: 'PostgreSQLEnableSSLEffect' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http' + definitionParameters: varPolicySetDefinitionEsMcEnforceEncrypttransitParameters.PostgreSQLEnableSSLEffect.parameters + } + { + definitionReferenceId: 'RedisDenyhttps' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http' + definitionParameters: varPolicySetDefinitionEsMcEnforceEncrypttransitParameters.RedisDenyhttps.parameters + } + { + definitionReferenceId: 'RedisdisableNonSslPort' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort' + definitionParameters: varPolicySetDefinitionEsMcEnforceEncrypttransitParameters.RedisdisableNonSslPort.parameters + } + { + definitionReferenceId: 'RedisTLSDeployEffect' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement' + definitionParameters: varPolicySetDefinitionEsMcEnforceEncrypttransitParameters.RedisTLSDeployEffect.parameters + } + { + definitionReferenceId: 'SQLManagedInstanceTLSDeployEffect' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS' + definitionParameters: varPolicySetDefinitionEsMcEnforceEncrypttransitParameters.SQLManagedInstanceTLSDeployEffect.parameters + } + { + definitionReferenceId: 'SQLManagedInstanceTLSEffect' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS' + definitionParameters: varPolicySetDefinitionEsMcEnforceEncrypttransitParameters.SQLManagedInstanceTLSEffect.parameters + } + { + definitionReferenceId: 'SQLServerTLSDeployEffect' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS' + definitionParameters: varPolicySetDefinitionEsMcEnforceEncrypttransitParameters.SQLServerTLSDeployEffect.parameters + } + { + definitionReferenceId: 'SQLServerTLSEffect' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS' + definitionParameters: varPolicySetDefinitionEsMcEnforceEncrypttransitParameters.SQLServerTLSEffect.parameters + } + { + definitionReferenceId: 'StorageDeployHttpsEnabledEffect' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement' + definitionParameters: varPolicySetDefinitionEsMcEnforceEncrypttransitParameters.StorageDeployHttpsEnabledEffect.parameters + } + { + definitionReferenceId: 'StorageHttpsEnabledEffect' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-minTLS' + definitionParameters: varPolicySetDefinitionEsMcEnforceEncrypttransitParameters.StorageHttpsEnabledEffect.parameters + } + { + definitionReferenceId: 'WebAppServiceHttpsEffect' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http' + definitionParameters: varPolicySetDefinitionEsMcEnforceEncrypttransitParameters.WebAppServiceHttpsEffect.parameters + } + { + definitionReferenceId: 'WebAppServiceLatestTlsEffect' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b' + definitionParameters: varPolicySetDefinitionEsMcEnforceEncrypttransitParameters.WebAppServiceLatestTlsEffect.parameters + } + ] + } +] + + +// Policy Set/Initiative Definition Parameter Variables + +var varPolicySetDefinitionEsMcDenyPublicpaasendpointsParameters = loadJsonContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deny_publicpaasendpoints.parameters.json') + +var varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters = loadJsonContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json') + +var varPolicySetDefinitionEsMcDeployMdfcConfigParameters = loadJsonContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_mdfc_config.parameters.json') + +var varPolicySetDefinitionEsMcDeployPrivateDnsZonesParameters = loadJsonContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_private_dns_zones.parameters.json') + +var varPolicySetDefinitionEsMcDeploySqlSecurityParameters = loadJsonContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_sql_security.parameters.json') + +var varPolicySetDefinitionEsMcEnforceEncryptionCmkParameters = loadJsonContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encryption_cmk.parameters.json') + +var varPolicySetDefinitionEsMcEnforceEncrypttransitParameters = loadJsonContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encrypttransit.parameters.json') + diff --git a/infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/_policyDefinitionsBicepInput.txt b/infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/_policyDefinitionsBicepInput.txt index f5e7e1653..53e0fedf5 100644 --- a/infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/_policyDefinitionsBicepInput.txt +++ b/infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/_policyDefinitionsBicepInput.txt @@ -1,424 +1,424 @@ { name: 'Append-AppService-httpsonly' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_append_appservice_httpsonly.json')) -} +} { name: 'Append-AppService-latestTLS' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_append_appservice_latesttls.json')) -} +} { name: 'Append-KV-SoftDelete' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_append_kv_softdelete.json')) -} +} { name: 'Append-Redis-disableNonSslPort' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_append_redis_disablenonsslport.json')) -} +} { name: 'Append-Redis-sslEnforcement' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_append_redis_sslenforcement.json')) -} +} { name: 'Audit-MachineLearning-PrivateEndpointId' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_audit_machinelearning_privateendpointid.json')) -} +} { name: 'Deny-AA-child-resources' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deny_aa_child_resources.json')) -} +} { name: 'Deny-AppGW-Without-WAF' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deny_appgw_without_waf.json')) -} +} { name: 'Deny-AppServiceApiApp-http' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deny_appserviceapiapp_http.json')) -} +} { name: 'Deny-AppServiceFunctionApp-http' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deny_appservicefunctionapp_http.json')) -} +} { name: 'Deny-AppServiceWebApp-http' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deny_appservicewebapp_http.json')) -} +} { name: 'Deny-Databricks-NoPublicIp' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deny_databricks_nopublicip.json')) -} +} { name: 'Deny-Databricks-Sku' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deny_databricks_sku.json')) -} +} { name: 'Deny-Databricks-VirtualNetwork' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deny_databricks_virtualnetwork.json')) -} +} { name: 'Deny-MachineLearning-Aks' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deny_machinelearning_aks.json')) -} +} { name: 'Deny-MachineLearning-Compute-SubnetId' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deny_machinelearning_compute_subnetid.json')) -} +} { name: 'Deny-MachineLearning-Compute-VmSize' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deny_machinelearning_compute_vmsize.json')) -} +} { name: 'Deny-MachineLearning-ComputeCluster-RemoteLoginPortPublicAccess' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deny_machinelearning_computecluster_remoteloginportpublicaccess.json')) -} +} { name: 'Deny-MachineLearning-ComputeCluster-Scale' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deny_machinelearning_computecluster_scale.json')) -} +} { name: 'Deny-MachineLearning-HbiWorkspace' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deny_machinelearning_hbiworkspace.json')) -} +} { name: 'Deny-MachineLearning-PublicAccessWhenBehindVnet' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deny_machinelearning_publicaccesswhenbehindvnet.json')) -} +} { name: 'Deny-MachineLearning-PublicNetworkAccess' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deny_machinelearning_publicnetworkaccess.json')) -} +} { name: 'Deny-MySql-http' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deny_mysql_http.json')) -} +} { name: 'Deny-PostgreSql-http' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deny_postgresql_http.json')) -} +} { name: 'Deny-Private-DNS-Zones' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deny_private_dns_zones.json')) -} +} { name: 'Deny-PublicEndpoint-MariaDB' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deny_publicendpoint_mariadb.json')) -} +} { name: 'Deny-PublicIP' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deny_publicip.json')) -} +} { name: 'Deny-RDP-From-Internet' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deny_rdp_from_internet.json')) -} +} { name: 'Deny-Redis-http' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deny_redis_http.json')) -} +} { name: 'Deny-Sql-minTLS' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deny_sql_mintls.json')) -} +} { name: 'Deny-SqlMi-minTLS' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deny_sqlmi_mintls.json')) -} +} { name: 'Deny-Storage-minTLS' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deny_storage_mintls.json')) -} +} { name: 'Deny-Subnet-Without-Nsg' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deny_subnet_without_nsg.json')) -} +} { name: 'Deny-Subnet-Without-Udr' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deny_subnet_without_udr.json')) -} +} { name: 'Deny-VNET-Peer-Cross-Sub' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deny_vnet_peer_cross_sub.json')) -} +} { name: 'Deny-VNET-Peering-To-Non-Approved-VNETs' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deny_vnet_peering_to_non_approved_vnets.json')) -} +} { name: 'Deny-VNet-Peering' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deny_vnet_peering.json')) -} +} { name: 'Deploy-ASC-SecurityContacts' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_asc_securitycontacts.json')) -} +} { name: 'Deploy-Budget' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_budget.json')) -} +} { name: 'Deploy-Custom-Route-Table' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_custom_route_table.json')) -} +} { name: 'Deploy-DDoSProtection' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_ddosprotection.json')) -} +} { name: 'Deploy-Diagnostics-AA' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_diagnostics_aa.json')) -} +} { name: 'Deploy-Diagnostics-ACI' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_diagnostics_aci.json')) -} +} { name: 'Deploy-Diagnostics-ACR' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_diagnostics_acr.json')) -} +} { name: 'Deploy-Diagnostics-AnalysisService' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_diagnostics_analysisservice.json')) -} +} { name: 'Deploy-Diagnostics-ApiForFHIR' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_diagnostics_apiforfhir.json')) -} +} { name: 'Deploy-Diagnostics-APIMgmt' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_diagnostics_apimgmt.json')) -} +} { name: 'Deploy-Diagnostics-ApplicationGateway' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_diagnostics_applicationgateway.json')) -} +} { name: 'Deploy-Diagnostics-AVDScalingPlans' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_diagnostics_avdscalingplans.json')) -} +} { name: 'Deploy-Diagnostics-Bastion' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_diagnostics_bastion.json')) -} +} { name: 'Deploy-Diagnostics-CDNEndpoints' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_diagnostics_cdnendpoints.json')) -} +} { name: 'Deploy-Diagnostics-CognitiveServices' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_diagnostics_cognitiveservices.json')) -} +} { name: 'Deploy-Diagnostics-CosmosDB' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_diagnostics_cosmosdb.json')) -} +} { name: 'Deploy-Diagnostics-Databricks' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_diagnostics_databricks.json')) -} +} { name: 'Deploy-Diagnostics-DataExplorerCluster' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_diagnostics_dataexplorercluster.json')) -} +} { name: 'Deploy-Diagnostics-DataFactory' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_diagnostics_datafactory.json')) -} +} { name: 'Deploy-Diagnostics-DLAnalytics' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_diagnostics_dlanalytics.json')) -} +} { name: 'Deploy-Diagnostics-EventGridSub' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_diagnostics_eventgridsub.json')) -} +} { name: 'Deploy-Diagnostics-EventGridSystemTopic' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_diagnostics_eventgridsystemtopic.json')) -} +} { name: 'Deploy-Diagnostics-EventGridTopic' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_diagnostics_eventgridtopic.json')) -} +} { name: 'Deploy-Diagnostics-ExpressRoute' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_diagnostics_expressroute.json')) -} +} { name: 'Deploy-Diagnostics-Firewall' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_diagnostics_firewall.json')) -} +} { name: 'Deploy-Diagnostics-FrontDoor' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_diagnostics_frontdoor.json')) -} +} { name: 'Deploy-Diagnostics-Function' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_diagnostics_function.json')) -} +} { name: 'Deploy-Diagnostics-HDInsight' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_diagnostics_hdinsight.json')) -} +} { name: 'Deploy-Diagnostics-iotHub' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_diagnostics_iothub.json')) -} +} { name: 'Deploy-Diagnostics-LoadBalancer' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_diagnostics_loadbalancer.json')) -} +} { name: 'Deploy-Diagnostics-LogicAppsISE' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_diagnostics_logicappsise.json')) -} +} { name: 'Deploy-Diagnostics-MariaDB' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_diagnostics_mariadb.json')) -} +} { name: 'Deploy-Diagnostics-MediaService' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_diagnostics_mediaservice.json')) -} +} { name: 'Deploy-Diagnostics-MlWorkspace' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_diagnostics_mlworkspace.json')) -} +} { name: 'Deploy-Diagnostics-MySQL' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_diagnostics_mysql.json')) -} +} { name: 'Deploy-Diagnostics-NetworkSecurityGroups' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_diagnostics_networksecuritygroups.json')) -} +} { name: 'Deploy-Diagnostics-NIC' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_diagnostics_nic.json')) -} +} { name: 'Deploy-Diagnostics-PostgreSQL' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_diagnostics_postgresql.json')) -} +} { name: 'Deploy-Diagnostics-PowerBIEmbedded' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_diagnostics_powerbiembedded.json')) -} +} { name: 'Deploy-Diagnostics-RedisCache' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_diagnostics_rediscache.json')) -} +} { name: 'Deploy-Diagnostics-Relay' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_diagnostics_relay.json')) -} +} { name: 'Deploy-Diagnostics-SignalR' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_diagnostics_signalr.json')) -} +} { name: 'Deploy-Diagnostics-SQLElasticPools' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_diagnostics_sqlelasticpools.json')) -} +} { name: 'Deploy-Diagnostics-SQLMI' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_diagnostics_sqlmi.json')) -} +} { name: 'Deploy-Diagnostics-TimeSeriesInsights' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_diagnostics_timeseriesinsights.json')) -} +} { name: 'Deploy-Diagnostics-TrafficManager' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_diagnostics_trafficmanager.json')) -} +} { name: 'Deploy-Diagnostics-VirtualNetwork' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_diagnostics_virtualnetwork.json')) -} +} { name: 'Deploy-Diagnostics-VM' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_diagnostics_vm.json')) -} +} { name: 'Deploy-Diagnostics-VMSS' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_diagnostics_vmss.json')) -} +} { name: 'Deploy-Diagnostics-VNetGW' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_diagnostics_vnetgw.json')) -} +} { name: 'Deploy-Diagnostics-WebServerFarm' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_diagnostics_webserverfarm.json')) -} +} { name: 'Deploy-Diagnostics-Website' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_diagnostics_website.json')) -} +} { name: 'Deploy-Diagnostics-WVDAppGroup' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_diagnostics_wvdappgroup.json')) -} +} { name: 'Deploy-Diagnostics-WVDHostPools' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_diagnostics_wvdhostpools.json')) -} +} { name: 'Deploy-Diagnostics-WVDWorkspace' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_diagnostics_wvdworkspace.json')) -} +} { name: 'Deploy-FirewallPolicy' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_firewallpolicy.json')) -} +} { name: 'Deploy-MySQL-sslEnforcement' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_mysql_sslenforcement.json')) -} +} { name: 'Deploy-Nsg-FlowLogs-to-LA' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_nsg_flowlogs_to_la.json')) -} +} { name: 'Deploy-Nsg-FlowLogs' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_nsg_flowlogs.json')) -} +} { name: 'Deploy-PostgreSQL-sslEnforcement' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_postgresql_sslenforcement.json')) -} +} { name: 'Deploy-Sql-AuditingSettings' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_sql_auditingsettings.json')) -} +} { name: 'Deploy-SQL-minTLS' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_sql_mintls.json')) -} +} { name: 'Deploy-Sql-SecurityAlertPolicies' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_sql_securityalertpolicies.json')) -} +} { name: 'Deploy-Sql-Tde' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_sql_tde.json')) -} +} { name: 'Deploy-Sql-vulnerabilityAssessments' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_sql_vulnerabilityassessments.json')) -} +} { name: 'Deploy-SqlMi-minTLS' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_sqlmi_mintls.json')) -} +} { name: 'Deploy-Storage-sslEnforcement' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_storage_sslenforcement.json')) -} +} { name: 'Deploy-VNET-HubSpoke' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_vnet_hubspoke.json')) -} +} { name: 'Deploy-Windows-DomainJoin' libDefinition: json(loadTextContent('lib/policy_definitions/policy_definition_es_deploy_windows_domainjoin.json')) -} +} diff --git a/infra-as-code/bicep/modules/policy/definitions/lib/policy_set_definitions/_policySetDefinitionsBicepInput.txt b/infra-as-code/bicep/modules/policy/definitions/lib/policy_set_definitions/_policySetDefinitionsBicepInput.txt index ba146bc98..294713850 100644 --- a/infra-as-code/bicep/modules/policy/definitions/lib/policy_set_definitions/_policySetDefinitionsBicepInput.txt +++ b/infra-as-code/bicep/modules/policy/definitions/lib/policy_set_definitions/_policySetDefinitionsBicepInput.txt @@ -1,777 +1,797 @@ -{ - name: 'Deny-PublicPaaSEndpoints' - libSetDefinition: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deny_publicpaasendpoints.json')) - libSetChildDefinitions: [ - { - definitionReferenceId: 'ACRDenyPaasPublicIP' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deny_publicpaasendpoints.parameters.json')).ACRDenyPaasPublicIP.parameters - } - { - definitionReferenceId: 'AFSDenyPaasPublicIP' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/21a8cd35-125e-4d13-b82d-2e19b7208bb7' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deny_publicpaasendpoints.parameters.json')).AFSDenyPaasPublicIP.parameters - } - { - definitionReferenceId: 'AKSDenyPaasPublicIP' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deny_publicpaasendpoints.parameters.json')).AKSDenyPaasPublicIP.parameters - } - { - definitionReferenceId: 'BatchDenyPublicIP' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deny_publicpaasendpoints.parameters.json')).BatchDenyPublicIP.parameters - } - { - definitionReferenceId: 'CosmosDenyPaasPublicIP' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deny_publicpaasendpoints.parameters.json')).CosmosDenyPaasPublicIP.parameters - } - { - definitionReferenceId: 'KeyVaultDenyPaasPublicIP' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deny_publicpaasendpoints.parameters.json')).KeyVaultDenyPaasPublicIP.parameters - } - { - definitionReferenceId: 'MySQLFlexDenyPublicIP' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/c9299215-ae47-4f50-9c54-8a392f68a052' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deny_publicpaasendpoints.parameters.json')).MySQLFlexDenyPublicIP.parameters - } - { - definitionReferenceId: 'PostgreSQLFlexDenyPublicIP' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/5e1de0e3-42cb-4ebc-a86d-61d0c619ca48' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deny_publicpaasendpoints.parameters.json')).PostgreSQLFlexDenyPublicIP.parameters - } - { - definitionReferenceId: 'SqlServerDenyPaasPublicIP' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deny_publicpaasendpoints.parameters.json')).SqlServerDenyPaasPublicIP.parameters - } - { - definitionReferenceId: 'StorageDenyPaasPublicIP' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deny_publicpaasendpoints.parameters.json')).StorageDenyPaasPublicIP.parameters - } - ] -} -{ - name: 'Deploy-Diagnostics-LogAnalytics' - libSetDefinition: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.json')) - libSetChildDefinitions: [ - { - definitionReferenceId: 'ACIDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).ACIDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'ACRDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).ACRDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'AKSDeployDiagnosticLogDeployLogAnalytics' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).AKSDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'AnalysisServiceDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).AnalysisServiceDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'APIforFHIRDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).APIforFHIRDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'APIMgmtDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).APIMgmtDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'AppServiceDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).AppServiceDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'AppServiceWebappDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).AppServiceWebappDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'AutomationDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).AutomationDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'AVDScalingPlansDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDScalingPlans' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).AVDScalingPlansDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'BastionDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).BastionDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'BatchDeployDiagnosticLogDeployLogAnalytics' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).BatchDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'CDNEndpointsDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).CDNEndpointsDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'CognitiveServicesDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).CognitiveServicesDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'CosmosDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).CosmosDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'DatabricksDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).DatabricksDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'DataFactoryDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).DataFactoryDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'DataLakeStoreDeployDiagnosticLogDeployLogAnalytics' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).DataLakeStoreDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'EventGridSubDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).EventGridSubDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'EventGridTopicDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).EventGridTopicDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'EventHubDeployDiagnosticLogDeployLogAnalytics' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).EventHubDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'EventSystemTopicDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).EventSystemTopicDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'ExpressRouteDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).ExpressRouteDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'FirewallDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).FirewallDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'FrontDoorDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).FrontDoorDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'FunctionAppDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).FunctionAppDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'HDInsightDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).HDInsightDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'IotHubDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).IotHubDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'KeyVaultDeployDiagnosticLogDeployLogAnalytics' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).KeyVaultDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'LoadBalancerDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).LoadBalancerDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'LogicAppsISEDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).LogicAppsISEDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'LogicAppsWFDeployDiagnosticLogDeployLogAnalytics' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).LogicAppsWFDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'MariaDBDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).MariaDBDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'MediaServiceDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).MediaServiceDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'MlWorkspaceDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).MlWorkspaceDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'MySQLDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).MySQLDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'NetworkNICDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).NetworkNICDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'PostgreSQLDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).PostgreSQLDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'RecoveryVaultDeployDiagnosticLogDeployLogAnalytics' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).RecoveryVaultDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'RedisCacheDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).RedisCacheDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'RelayDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).RelayDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'SearchServicesDeployDiagnosticLogDeployLogAnalytics' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).SearchServicesDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'ServiceBusDeployDiagnosticLogDeployLogAnalytics' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).ServiceBusDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'SignalRDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).SignalRDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'SQLDatabaseDeployDiagnosticLogDeployLogAnalytics' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).SQLDatabaseDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'SQLMDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).SQLMDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'StorageAccountDeployDiagnosticLogDeployLogAnalytics' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/6f8f98a4-f108-47cb-8e98-91a0d85cd474' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).StorageAccountDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'TrafficManagerDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).TrafficManagerDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'VirtualMachinesDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).VirtualMachinesDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'VirtualNetworkDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).VirtualNetworkDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'VMSSDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).VMSSDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'VNetGWDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).VNetGWDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'WVDAppGroupDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).WVDAppGroupDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'WVDHostPoolsDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).WVDHostPoolsDeployDiagnosticLogDeployLogAnalytics.parameters - } - { - definitionReferenceId: 'WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json')).WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics.parameters - } - ] -} -{ - name: 'Deploy-MDFC-Config' - libSetDefinition: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_mdfc_config.json')) - libSetChildDefinitions: [ - { - definitionReferenceId: 'ascExport' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_mdfc_config.parameters.json')).ascExport.parameters - } - { - definitionReferenceId: 'defenderForAppServices' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_mdfc_config.parameters.json')).defenderForAppServices.parameters - } - { - definitionReferenceId: 'defenderForArm' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_mdfc_config.parameters.json')).defenderForArm.parameters - } - { - definitionReferenceId: 'defenderforContainers' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_mdfc_config.parameters.json')).defenderforContainers.parameters - } - { - definitionReferenceId: 'defenderForDns' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/2370a3c1-4a25-4283-a91a-c9c1a145fb2f' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_mdfc_config.parameters.json')).defenderForDns.parameters - } - { - definitionReferenceId: 'defenderForKeyVaults' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/1f725891-01c0-420a-9059-4fa46cb770b7' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_mdfc_config.parameters.json')).defenderForKeyVaults.parameters - } - { - definitionReferenceId: 'defenderForOssDb' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/44433aa3-7ec2-4002-93ea-65c65ff0310a' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_mdfc_config.parameters.json')).defenderForOssDb.parameters - } - { - definitionReferenceId: 'defenderForSqlPaas' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_mdfc_config.parameters.json')).defenderForSqlPaas.parameters - } - { - definitionReferenceId: 'defenderForSqlServerVirtualMachines' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/50ea7265-7d8c-429e-9a7d-ca1f410191c3' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_mdfc_config.parameters.json')).defenderForSqlServerVirtualMachines.parameters - } - { - definitionReferenceId: 'defenderForStorageAccounts' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/74c30959-af11-47b3-9ed2-a26e03f427a3' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_mdfc_config.parameters.json')).defenderForStorageAccounts.parameters - } - { - definitionReferenceId: 'defenderForVM' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_mdfc_config.parameters.json')).defenderForVM.parameters - } - { - definitionReferenceId: 'securityEmailContact' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_mdfc_config.parameters.json')).securityEmailContact.parameters - } - ] -} -{ - name: 'Deploy-Private-DNS-Zones' - libSetDefinition: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.json')) - libSetChildDefinitions: [ - { - definitionReferenceId: 'DINE-Private-DNS-Azure-ACR' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.parameters.json')).DINE-Private-DNS-Azure-ACR.parameters - } - { - definitionReferenceId: 'DINE-Private-DNS-Azure-App' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.parameters.json')).DINE-Private-DNS-Azure-App.parameters - } - { - definitionReferenceId: 'DINE-Private-DNS-Azure-AppServices' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.parameters.json')).DINE-Private-DNS-Azure-AppServices.parameters - } - { - definitionReferenceId: 'DINE-Private-DNS-Azure-Batch' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.parameters.json')).DINE-Private-DNS-Azure-Batch.parameters - } - { - definitionReferenceId: 'DINE-Private-DNS-Azure-CognitiveSearch' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.parameters.json')).DINE-Private-DNS-Azure-CognitiveSearch.parameters - } - { - definitionReferenceId: 'DINE-Private-DNS-Azure-CognitiveServices' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.parameters.json')).DINE-Private-DNS-Azure-CognitiveServices.parameters - } - { - definitionReferenceId: 'DINE-Private-DNS-Azure-DiskAccess' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.parameters.json')).DINE-Private-DNS-Azure-DiskAccess.parameters - } - { - definitionReferenceId: 'DINE-Private-DNS-Azure-EventGridDomains' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.parameters.json')).DINE-Private-DNS-Azure-EventGridDomains.parameters - } - { - definitionReferenceId: 'DINE-Private-DNS-Azure-EventGridTopics' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.parameters.json')).DINE-Private-DNS-Azure-EventGridTopics.parameters - } - { - definitionReferenceId: 'DINE-Private-DNS-Azure-EventHubNamespace' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.parameters.json')).DINE-Private-DNS-Azure-EventHubNamespace.parameters - } - { - definitionReferenceId: 'DINE-Private-DNS-Azure-File-Sync' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.parameters.json')).DINE-Private-DNS-Azure-File-Sync.parameters - } - { - definitionReferenceId: 'DINE-Private-DNS-Azure-IoT' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.parameters.json')).DINE-Private-DNS-Azure-IoT.parameters - } - { - definitionReferenceId: 'DINE-Private-DNS-Azure-IoTHubs' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.parameters.json')).DINE-Private-DNS-Azure-IoTHubs.parameters - } - { - definitionReferenceId: 'DINE-Private-DNS-Azure-KeyVault' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.parameters.json')).DINE-Private-DNS-Azure-KeyVault.parameters - } - { - definitionReferenceId: 'DINE-Private-DNS-Azure-MachineLearningWorkspace' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.parameters.json')).DINE-Private-DNS-Azure-MachineLearningWorkspace.parameters - } - { - definitionReferenceId: 'DINE-Private-DNS-Azure-RedisCache' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.parameters.json')).DINE-Private-DNS-Azure-RedisCache.parameters - } - { - definitionReferenceId: 'DINE-Private-DNS-Azure-ServiceBusNamespace' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.parameters.json')).DINE-Private-DNS-Azure-ServiceBusNamespace.parameters - } - { - definitionReferenceId: 'DINE-Private-DNS-Azure-SignalR' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.parameters.json')).DINE-Private-DNS-Azure-SignalR.parameters - } - { - definitionReferenceId: 'DINE-Private-DNS-Azure-Site-Recovery' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/942bd215-1a66-44be-af65-6a1c0318dbe2' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.parameters.json')).DINE-Private-DNS-Azure-Site-Recovery.parameters - } - { - definitionReferenceId: 'DINE-Private-DNS-Azure-Web' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/0b026355-49cb-467b-8ac4-f777874e175a' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.parameters.json')).DINE-Private-DNS-Azure-Web.parameters - } - ] -} -{ - name: 'Deploy-Sql-Security' - libSetDefinition: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_sql_security.json')) - libSetChildDefinitions: [ - { - definitionReferenceId: 'SqlDbAuditingSettingsDeploySqlSecurity' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-AuditingSettings' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_sql_security.parameters.json')).SqlDbAuditingSettingsDeploySqlSecurity.parameters - } - { - definitionReferenceId: 'SqlDbSecurityAlertPoliciesDeploySqlSecurity' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-SecurityAlertPolicies' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_sql_security.parameters.json')).SqlDbSecurityAlertPoliciesDeploySqlSecurity.parameters - } - { - definitionReferenceId: 'SqlDbTdeDeploySqlSecurity' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-Tde' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_sql_security.parameters.json')).SqlDbTdeDeploySqlSecurity.parameters - } - { - definitionReferenceId: 'SqlDbVulnerabilityAssessmentsDeploySqlSecurity' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-vulnerabilityAssessments' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_sql_security.parameters.json')).SqlDbVulnerabilityAssessmentsDeploySqlSecurity.parameters - } - ] -} -{ - name: 'Enforce-Encryption-CMK' - libSetDefinition: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encryption_cmk.json')) - libSetChildDefinitions: [ - { - definitionReferenceId: 'ACRCmkDeny' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encryption_cmk.parameters.json')).ACRCmkDeny.parameters - } - { - definitionReferenceId: 'AksCmkDeny' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encryption_cmk.parameters.json')).AksCmkDeny.parameters - } - { - definitionReferenceId: 'AzureBatchCMKEffect' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encryption_cmk.parameters.json')).AzureBatchCMKEffect.parameters - } - { - definitionReferenceId: 'CognitiveServicesCMK' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encryption_cmk.parameters.json')).CognitiveServicesCMK.parameters - } - { - definitionReferenceId: 'CosmosCMKEffect' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encryption_cmk.parameters.json')).CosmosCMKEffect.parameters - } - { - definitionReferenceId: 'DataBoxCMKEffect' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encryption_cmk.parameters.json')).DataBoxCMKEffect.parameters - } - { - definitionReferenceId: 'EncryptedVMDisksEffect' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encryption_cmk.parameters.json')).EncryptedVMDisksEffect.parameters - } - { - definitionReferenceId: 'HealthcareAPIsCMKEffect' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/051cba44-2429-45b9-9649-46cec11c7119' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encryption_cmk.parameters.json')).HealthcareAPIsCMKEffect.parameters - } - { - definitionReferenceId: 'MySQLCMKEffect' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/83cef61d-dbd1-4b20-a4fc-5fbc7da10833' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encryption_cmk.parameters.json')).MySQLCMKEffect.parameters - } - { - definitionReferenceId: 'PostgreSQLCMKEffect' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/18adea5e-f416-4d0f-8aa8-d24321e3e274' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encryption_cmk.parameters.json')).PostgreSQLCMKEffect.parameters - } - { - definitionReferenceId: 'SqlServerTDECMKEffect' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encryption_cmk.parameters.json')).SqlServerTDECMKEffect.parameters - } - { - definitionReferenceId: 'StorageCMKEffect' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encryption_cmk.parameters.json')).StorageCMKEffect.parameters - } - { - definitionReferenceId: 'StreamAnalyticsCMKEffect' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encryption_cmk.parameters.json')).StreamAnalyticsCMKEffect.parameters - } - { - definitionReferenceId: 'SynapseWorkspaceCMKEffect' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encryption_cmk.parameters.json')).SynapseWorkspaceCMKEffect.parameters - } - { - definitionReferenceId: 'WorkspaceCMK' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encryption_cmk.parameters.json')).WorkspaceCMK.parameters - } - ] -} -{ - name: 'Enforce-EncryptTransit' - libSetDefinition: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encrypttransit.json')) - libSetChildDefinitions: [ - { - definitionReferenceId: 'AKSIngressHttpsOnlyEffect' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encrypttransit.parameters.json')).AKSIngressHttpsOnlyEffect.parameters - } - { - definitionReferenceId: 'APIAppServiceHttpsEffect' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encrypttransit.parameters.json')).APIAppServiceHttpsEffect.parameters - } - { - definitionReferenceId: 'APIAppServiceLatestTlsEffect' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encrypttransit.parameters.json')).APIAppServiceLatestTlsEffect.parameters - } - { - definitionReferenceId: 'AppServiceHttpEffect' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encrypttransit.parameters.json')).AppServiceHttpEffect.parameters - } - { - definitionReferenceId: 'AppServiceminTlsVersion' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encrypttransit.parameters.json')).AppServiceminTlsVersion.parameters - } - { - definitionReferenceId: 'FunctionLatestTlsEffect' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encrypttransit.parameters.json')).FunctionLatestTlsEffect.parameters - } - { - definitionReferenceId: 'FunctionServiceHttpsEffect' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encrypttransit.parameters.json')).FunctionServiceHttpsEffect.parameters - } - { - definitionReferenceId: 'MySQLEnableSSLDeployEffect' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encrypttransit.parameters.json')).MySQLEnableSSLDeployEffect.parameters - } - { - definitionReferenceId: 'MySQLEnableSSLEffect' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encrypttransit.parameters.json')).MySQLEnableSSLEffect.parameters - } - { - definitionReferenceId: 'PostgreSQLEnableSSLDeployEffect' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encrypttransit.parameters.json')).PostgreSQLEnableSSLDeployEffect.parameters - } - { - definitionReferenceId: 'PostgreSQLEnableSSLEffect' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encrypttransit.parameters.json')).PostgreSQLEnableSSLEffect.parameters - } - { - definitionReferenceId: 'RedisDenyhttps' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encrypttransit.parameters.json')).RedisDenyhttps.parameters - } - { - definitionReferenceId: 'RedisdisableNonSslPort' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encrypttransit.parameters.json')).RedisdisableNonSslPort.parameters - } - { - definitionReferenceId: 'RedisTLSDeployEffect' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encrypttransit.parameters.json')).RedisTLSDeployEffect.parameters - } - { - definitionReferenceId: 'SQLManagedInstanceTLSDeployEffect' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encrypttransit.parameters.json')).SQLManagedInstanceTLSDeployEffect.parameters - } - { - definitionReferenceId: 'SQLManagedInstanceTLSEffect' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encrypttransit.parameters.json')).SQLManagedInstanceTLSEffect.parameters - } - { - definitionReferenceId: 'SQLServerTLSDeployEffect' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encrypttransit.parameters.json')).SQLServerTLSDeployEffect.parameters - } - { - definitionReferenceId: 'SQLServerTLSEffect' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encrypttransit.parameters.json')).SQLServerTLSEffect.parameters - } - { - definitionReferenceId: 'StorageDeployHttpsEnabledEffect' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encrypttransit.parameters.json')).StorageDeployHttpsEnabledEffect.parameters - } - { - definitionReferenceId: 'StorageHttpsEnabledEffect' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-minTLS' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encrypttransit.parameters.json')).StorageHttpsEnabledEffect.parameters - } - { - definitionReferenceId: 'WebAppServiceHttpsEffect' - definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encrypttransit.parameters.json')).WebAppServiceHttpsEffect.parameters - } - { - definitionReferenceId: 'WebAppServiceLatestTlsEffect' - definitionId: '/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b' - definitionParameters: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encrypttransit.parameters.json')).WebAppServiceLatestTlsEffect.parameters - } - ] -} +var varCustomPolicySetDefinitionsArray = [ + { + name: 'Deny-PublicPaaSEndpoints' + libSetDefinition: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deny_publicpaasendpoints.json')) + libSetChildDefinitions: [ + { + definitionReferenceId: 'ACRDenyPaasPublicIP' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f' + definitionParameters: varPolicySetDefinitionEsDenyPublicpaasendpointsParameters.ACRDenyPaasPublicIP.parameters + } + { + definitionReferenceId: 'AFSDenyPaasPublicIP' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/21a8cd35-125e-4d13-b82d-2e19b7208bb7' + definitionParameters: varPolicySetDefinitionEsDenyPublicpaasendpointsParameters.AFSDenyPaasPublicIP.parameters + } + { + definitionReferenceId: 'AKSDenyPaasPublicIP' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8' + definitionParameters: varPolicySetDefinitionEsDenyPublicpaasendpointsParameters.AKSDenyPaasPublicIP.parameters + } + { + definitionReferenceId: 'BatchDenyPublicIP' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488' + definitionParameters: varPolicySetDefinitionEsDenyPublicpaasendpointsParameters.BatchDenyPublicIP.parameters + } + { + definitionReferenceId: 'CosmosDenyPaasPublicIP' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a' + definitionParameters: varPolicySetDefinitionEsDenyPublicpaasendpointsParameters.CosmosDenyPaasPublicIP.parameters + } + { + definitionReferenceId: 'KeyVaultDenyPaasPublicIP' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490' + definitionParameters: varPolicySetDefinitionEsDenyPublicpaasendpointsParameters.KeyVaultDenyPaasPublicIP.parameters + } + { + definitionReferenceId: 'MySQLFlexDenyPublicIP' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/c9299215-ae47-4f50-9c54-8a392f68a052' + definitionParameters: varPolicySetDefinitionEsDenyPublicpaasendpointsParameters.MySQLFlexDenyPublicIP.parameters + } + { + definitionReferenceId: 'PostgreSQLFlexDenyPublicIP' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/5e1de0e3-42cb-4ebc-a86d-61d0c619ca48' + definitionParameters: varPolicySetDefinitionEsDenyPublicpaasendpointsParameters.PostgreSQLFlexDenyPublicIP.parameters + } + { + definitionReferenceId: 'SqlServerDenyPaasPublicIP' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780' + definitionParameters: varPolicySetDefinitionEsDenyPublicpaasendpointsParameters.SqlServerDenyPaasPublicIP.parameters + } + { + definitionReferenceId: 'StorageDenyPaasPublicIP' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c' + definitionParameters: varPolicySetDefinitionEsDenyPublicpaasendpointsParameters.StorageDenyPaasPublicIP.parameters + } + ] + } + { + name: 'Deploy-Diagnostics-LogAnalytics' + libSetDefinition: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.json')) + libSetChildDefinitions: [ + { + definitionReferenceId: 'ACIDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.ACIDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'ACRDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.ACRDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'AKSDeployDiagnosticLogDeployLogAnalytics' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.AKSDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'AnalysisServiceDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.AnalysisServiceDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'APIforFHIRDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.APIforFHIRDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'APIMgmtDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.APIMgmtDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'AppServiceDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.AppServiceDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'AppServiceWebappDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.AppServiceWebappDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'AutomationDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.AutomationDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'AVDScalingPlansDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDScalingPlans' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.AVDScalingPlansDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'BastionDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.BastionDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'BatchDeployDiagnosticLogDeployLogAnalytics' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.BatchDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'CDNEndpointsDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.CDNEndpointsDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'CognitiveServicesDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.CognitiveServicesDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'CosmosDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.CosmosDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'DatabricksDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.DatabricksDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'DataFactoryDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.DataFactoryDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'DataLakeStoreDeployDiagnosticLogDeployLogAnalytics' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.DataLakeStoreDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'EventGridSubDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.EventGridSubDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'EventGridTopicDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.EventGridTopicDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'EventHubDeployDiagnosticLogDeployLogAnalytics' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.EventHubDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'EventSystemTopicDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.EventSystemTopicDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'ExpressRouteDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.ExpressRouteDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'FirewallDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.FirewallDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'FrontDoorDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.FrontDoorDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'FunctionAppDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.FunctionAppDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'HDInsightDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.HDInsightDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'IotHubDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.IotHubDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'KeyVaultDeployDiagnosticLogDeployLogAnalytics' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.KeyVaultDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'LoadBalancerDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.LoadBalancerDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'LogicAppsISEDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.LogicAppsISEDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'LogicAppsWFDeployDiagnosticLogDeployLogAnalytics' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.LogicAppsWFDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'MariaDBDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.MariaDBDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'MediaServiceDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.MediaServiceDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'MlWorkspaceDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.MlWorkspaceDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'MySQLDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.MySQLDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'NetworkNICDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.NetworkNICDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'PostgreSQLDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.PostgreSQLDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'RecoveryVaultDeployDiagnosticLogDeployLogAnalytics' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.RecoveryVaultDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'RedisCacheDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.RedisCacheDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'RelayDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.RelayDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'SearchServicesDeployDiagnosticLogDeployLogAnalytics' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.SearchServicesDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'ServiceBusDeployDiagnosticLogDeployLogAnalytics' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.ServiceBusDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'SignalRDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.SignalRDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'SQLDatabaseDeployDiagnosticLogDeployLogAnalytics' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.SQLDatabaseDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'SQLMDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.SQLMDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'StorageAccountDeployDiagnosticLogDeployLogAnalytics' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/6f8f98a4-f108-47cb-8e98-91a0d85cd474' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.StorageAccountDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'TrafficManagerDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.TrafficManagerDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'VirtualMachinesDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.VirtualMachinesDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'VirtualNetworkDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.VirtualNetworkDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'VMSSDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.VMSSDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'VNetGWDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.VNetGWDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'WVDAppGroupDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.WVDAppGroupDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'WVDHostPoolsDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.WVDHostPoolsDeployDiagnosticLogDeployLogAnalytics.parameters + } + { + definitionReferenceId: 'WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace' + definitionParameters: varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters.WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics.parameters + } + ] + } + { + name: 'Deploy-MDFC-Config' + libSetDefinition: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_mdfc_config.json')) + libSetChildDefinitions: [ + { + definitionReferenceId: 'ascExport' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9' + definitionParameters: varPolicySetDefinitionEsDeployMdfcConfigParameters.ascExport.parameters + } + { + definitionReferenceId: 'defenderForAppServices' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d' + definitionParameters: varPolicySetDefinitionEsDeployMdfcConfigParameters.defenderForAppServices.parameters + } + { + definitionReferenceId: 'defenderForArm' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/b7021b2b-08fd-4dc0-9de7-3c6ece09faf9' + definitionParameters: varPolicySetDefinitionEsDeployMdfcConfigParameters.defenderForArm.parameters + } + { + definitionReferenceId: 'defenderforContainers' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f' + definitionParameters: varPolicySetDefinitionEsDeployMdfcConfigParameters.defenderforContainers.parameters + } + { + definitionReferenceId: 'defenderForDns' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/2370a3c1-4a25-4283-a91a-c9c1a145fb2f' + definitionParameters: varPolicySetDefinitionEsDeployMdfcConfigParameters.defenderForDns.parameters + } + { + definitionReferenceId: 'defenderForKeyVaults' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/1f725891-01c0-420a-9059-4fa46cb770b7' + definitionParameters: varPolicySetDefinitionEsDeployMdfcConfigParameters.defenderForKeyVaults.parameters + } + { + definitionReferenceId: 'defenderForOssDb' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/44433aa3-7ec2-4002-93ea-65c65ff0310a' + definitionParameters: varPolicySetDefinitionEsDeployMdfcConfigParameters.defenderForOssDb.parameters + } + { + definitionReferenceId: 'defenderForSqlPaas' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491' + definitionParameters: varPolicySetDefinitionEsDeployMdfcConfigParameters.defenderForSqlPaas.parameters + } + { + definitionReferenceId: 'defenderForSqlServerVirtualMachines' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/50ea7265-7d8c-429e-9a7d-ca1f410191c3' + definitionParameters: varPolicySetDefinitionEsDeployMdfcConfigParameters.defenderForSqlServerVirtualMachines.parameters + } + { + definitionReferenceId: 'defenderForStorageAccounts' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/74c30959-af11-47b3-9ed2-a26e03f427a3' + definitionParameters: varPolicySetDefinitionEsDeployMdfcConfigParameters.defenderForStorageAccounts.parameters + } + { + definitionReferenceId: 'defenderForVM' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222' + definitionParameters: varPolicySetDefinitionEsDeployMdfcConfigParameters.defenderForVM.parameters + } + { + definitionReferenceId: 'securityEmailContact' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts' + definitionParameters: varPolicySetDefinitionEsDeployMdfcConfigParameters.securityEmailContact.parameters + } + ] + } + { + name: 'Deploy-Private-DNS-Zones' + libSetDefinition: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.json')) + libSetChildDefinitions: [ + { + definitionReferenceId: 'DINE-Private-DNS-Azure-ACR' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32' + definitionParameters: varPolicySetDefinitionEsDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-ACR'].parameters + } + { + definitionReferenceId: 'DINE-Private-DNS-Azure-App' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df' + definitionParameters: varPolicySetDefinitionEsDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-App'].parameters + } + { + definitionReferenceId: 'DINE-Private-DNS-Azure-AppServices' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452' + definitionParameters: varPolicySetDefinitionEsDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-AppServices'].parameters + } + { + definitionReferenceId: 'DINE-Private-DNS-Azure-Batch' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8' + definitionParameters: varPolicySetDefinitionEsDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-Batch'].parameters + } + { + definitionReferenceId: 'DINE-Private-DNS-Azure-CognitiveSearch' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009' + definitionParameters: varPolicySetDefinitionEsDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-CognitiveSearch'].parameters + } + { + definitionReferenceId: 'DINE-Private-DNS-Azure-CognitiveServices' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091' + definitionParameters: varPolicySetDefinitionEsDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-CognitiveServices'].parameters + } + { + definitionReferenceId: 'DINE-Private-DNS-Azure-DiskAccess' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a' + definitionParameters: varPolicySetDefinitionEsDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-DiskAccess'].parameters + } + { + definitionReferenceId: 'DINE-Private-DNS-Azure-EventGridDomains' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d' + definitionParameters: varPolicySetDefinitionEsDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-EventGridDomains'].parameters + } + { + definitionReferenceId: 'DINE-Private-DNS-Azure-EventGridTopics' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483' + definitionParameters: varPolicySetDefinitionEsDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-EventGridTopics'].parameters + } + { + definitionReferenceId: 'DINE-Private-DNS-Azure-EventHubNamespace' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6' + definitionParameters: varPolicySetDefinitionEsDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-EventHubNamespace'].parameters + } + { + definitionReferenceId: 'DINE-Private-DNS-Azure-File-Sync' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475' + definitionParameters: varPolicySetDefinitionEsDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-File-Sync'].parameters + } + { + definitionReferenceId: 'DINE-Private-DNS-Azure-IoT' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8' + definitionParameters: varPolicySetDefinitionEsDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-IoT'].parameters + } + { + definitionReferenceId: 'DINE-Private-DNS-Azure-IoTHubs' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02' + definitionParameters: varPolicySetDefinitionEsDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-IoTHubs'].parameters + } + { + definitionReferenceId: 'DINE-Private-DNS-Azure-KeyVault' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4' + definitionParameters: varPolicySetDefinitionEsDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-KeyVault'].parameters + } + { + definitionReferenceId: 'DINE-Private-DNS-Azure-MachineLearningWorkspace' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb' + definitionParameters: varPolicySetDefinitionEsDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-MachineLearningWorkspace'].parameters + } + { + definitionReferenceId: 'DINE-Private-DNS-Azure-RedisCache' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2' + definitionParameters: varPolicySetDefinitionEsDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-RedisCache'].parameters + } + { + definitionReferenceId: 'DINE-Private-DNS-Azure-ServiceBusNamespace' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564' + definitionParameters: varPolicySetDefinitionEsDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-ServiceBusNamespace'].parameters + } + { + definitionReferenceId: 'DINE-Private-DNS-Azure-SignalR' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e' + definitionParameters: varPolicySetDefinitionEsDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-SignalR'].parameters + } + { + definitionReferenceId: 'DINE-Private-DNS-Azure-Site-Recovery' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/942bd215-1a66-44be-af65-6a1c0318dbe2' + definitionParameters: varPolicySetDefinitionEsDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-Site-Recovery'].parameters + } + { + definitionReferenceId: 'DINE-Private-DNS-Azure-Web' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/0b026355-49cb-467b-8ac4-f777874e175a' + definitionParameters: varPolicySetDefinitionEsDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-Web'].parameters + } + ] + } + { + name: 'Deploy-Sql-Security' + libSetDefinition: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_deploy_sql_security.json')) + libSetChildDefinitions: [ + { + definitionReferenceId: 'SqlDbAuditingSettingsDeploySqlSecurity' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-AuditingSettings' + definitionParameters: varPolicySetDefinitionEsDeploySqlSecurityParameters.SqlDbAuditingSettingsDeploySqlSecurity.parameters + } + { + definitionReferenceId: 'SqlDbSecurityAlertPoliciesDeploySqlSecurity' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-SecurityAlertPolicies' + definitionParameters: varPolicySetDefinitionEsDeploySqlSecurityParameters.SqlDbSecurityAlertPoliciesDeploySqlSecurity.parameters + } + { + definitionReferenceId: 'SqlDbTdeDeploySqlSecurity' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-Tde' + definitionParameters: varPolicySetDefinitionEsDeploySqlSecurityParameters.SqlDbTdeDeploySqlSecurity.parameters + } + { + definitionReferenceId: 'SqlDbVulnerabilityAssessmentsDeploySqlSecurity' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-vulnerabilityAssessments' + definitionParameters: varPolicySetDefinitionEsDeploySqlSecurityParameters.SqlDbVulnerabilityAssessmentsDeploySqlSecurity.parameters + } + ] + } + { + name: 'Enforce-Encryption-CMK' + libSetDefinition: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encryption_cmk.json')) + libSetChildDefinitions: [ + { + definitionReferenceId: 'ACRCmkDeny' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580' + definitionParameters: varPolicySetDefinitionEsEnforceEncryptionCmkParameters.ACRCmkDeny.parameters + } + { + definitionReferenceId: 'AksCmkDeny' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67' + definitionParameters: varPolicySetDefinitionEsEnforceEncryptionCmkParameters.AksCmkDeny.parameters + } + { + definitionReferenceId: 'AzureBatchCMKEffect' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a' + definitionParameters: varPolicySetDefinitionEsEnforceEncryptionCmkParameters.AzureBatchCMKEffect.parameters + } + { + definitionReferenceId: 'CognitiveServicesCMK' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d' + definitionParameters: varPolicySetDefinitionEsEnforceEncryptionCmkParameters.CognitiveServicesCMK.parameters + } + { + definitionReferenceId: 'CosmosCMKEffect' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f' + definitionParameters: varPolicySetDefinitionEsEnforceEncryptionCmkParameters.CosmosCMKEffect.parameters + } + { + definitionReferenceId: 'DataBoxCMKEffect' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae' + definitionParameters: varPolicySetDefinitionEsEnforceEncryptionCmkParameters.DataBoxCMKEffect.parameters + } + { + definitionReferenceId: 'EncryptedVMDisksEffect' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d' + definitionParameters: varPolicySetDefinitionEsEnforceEncryptionCmkParameters.EncryptedVMDisksEffect.parameters + } + { + definitionReferenceId: 'HealthcareAPIsCMKEffect' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/051cba44-2429-45b9-9649-46cec11c7119' + definitionParameters: varPolicySetDefinitionEsEnforceEncryptionCmkParameters.HealthcareAPIsCMKEffect.parameters + } + { + definitionReferenceId: 'MySQLCMKEffect' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/83cef61d-dbd1-4b20-a4fc-5fbc7da10833' + definitionParameters: varPolicySetDefinitionEsEnforceEncryptionCmkParameters.MySQLCMKEffect.parameters + } + { + definitionReferenceId: 'PostgreSQLCMKEffect' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/18adea5e-f416-4d0f-8aa8-d24321e3e274' + definitionParameters: varPolicySetDefinitionEsEnforceEncryptionCmkParameters.PostgreSQLCMKEffect.parameters + } + { + definitionReferenceId: 'SqlServerTDECMKEffect' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd' + definitionParameters: varPolicySetDefinitionEsEnforceEncryptionCmkParameters.SqlServerTDECMKEffect.parameters + } + { + definitionReferenceId: 'StorageCMKEffect' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25' + definitionParameters: varPolicySetDefinitionEsEnforceEncryptionCmkParameters.StorageCMKEffect.parameters + } + { + definitionReferenceId: 'StreamAnalyticsCMKEffect' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7' + definitionParameters: varPolicySetDefinitionEsEnforceEncryptionCmkParameters.StreamAnalyticsCMKEffect.parameters + } + { + definitionReferenceId: 'SynapseWorkspaceCMKEffect' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385' + definitionParameters: varPolicySetDefinitionEsEnforceEncryptionCmkParameters.SynapseWorkspaceCMKEffect.parameters + } + { + definitionReferenceId: 'WorkspaceCMK' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8' + definitionParameters: varPolicySetDefinitionEsEnforceEncryptionCmkParameters.WorkspaceCMK.parameters + } + ] + } + { + name: 'Enforce-EncryptTransit' + libSetDefinition: json(loadTextContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encrypttransit.json')) + libSetChildDefinitions: [ + { + definitionReferenceId: 'AKSIngressHttpsOnlyEffect' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d' + definitionParameters: varPolicySetDefinitionEsEnforceEncrypttransitParameters.AKSIngressHttpsOnlyEffect.parameters + } + { + definitionReferenceId: 'APIAppServiceHttpsEffect' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http' + definitionParameters: varPolicySetDefinitionEsEnforceEncrypttransitParameters.APIAppServiceHttpsEffect.parameters + } + { + definitionReferenceId: 'APIAppServiceLatestTlsEffect' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e' + definitionParameters: varPolicySetDefinitionEsEnforceEncrypttransitParameters.APIAppServiceLatestTlsEffect.parameters + } + { + definitionReferenceId: 'AppServiceHttpEffect' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly' + definitionParameters: varPolicySetDefinitionEsEnforceEncrypttransitParameters.AppServiceHttpEffect.parameters + } + { + definitionReferenceId: 'AppServiceminTlsVersion' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS' + definitionParameters: varPolicySetDefinitionEsEnforceEncrypttransitParameters.AppServiceminTlsVersion.parameters + } + { + definitionReferenceId: 'FunctionLatestTlsEffect' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193' + definitionParameters: varPolicySetDefinitionEsEnforceEncrypttransitParameters.FunctionLatestTlsEffect.parameters + } + { + definitionReferenceId: 'FunctionServiceHttpsEffect' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http' + definitionParameters: varPolicySetDefinitionEsEnforceEncrypttransitParameters.FunctionServiceHttpsEffect.parameters + } + { + definitionReferenceId: 'MySQLEnableSSLDeployEffect' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement' + definitionParameters: varPolicySetDefinitionEsEnforceEncrypttransitParameters.MySQLEnableSSLDeployEffect.parameters + } + { + definitionReferenceId: 'MySQLEnableSSLEffect' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http' + definitionParameters: varPolicySetDefinitionEsEnforceEncrypttransitParameters.MySQLEnableSSLEffect.parameters + } + { + definitionReferenceId: 'PostgreSQLEnableSSLDeployEffect' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement' + definitionParameters: varPolicySetDefinitionEsEnforceEncrypttransitParameters.PostgreSQLEnableSSLDeployEffect.parameters + } + { + definitionReferenceId: 'PostgreSQLEnableSSLEffect' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http' + definitionParameters: varPolicySetDefinitionEsEnforceEncrypttransitParameters.PostgreSQLEnableSSLEffect.parameters + } + { + definitionReferenceId: 'RedisDenyhttps' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http' + definitionParameters: varPolicySetDefinitionEsEnforceEncrypttransitParameters.RedisDenyhttps.parameters + } + { + definitionReferenceId: 'RedisdisableNonSslPort' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort' + definitionParameters: varPolicySetDefinitionEsEnforceEncrypttransitParameters.RedisdisableNonSslPort.parameters + } + { + definitionReferenceId: 'RedisTLSDeployEffect' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement' + definitionParameters: varPolicySetDefinitionEsEnforceEncrypttransitParameters.RedisTLSDeployEffect.parameters + } + { + definitionReferenceId: 'SQLManagedInstanceTLSDeployEffect' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS' + definitionParameters: varPolicySetDefinitionEsEnforceEncrypttransitParameters.SQLManagedInstanceTLSDeployEffect.parameters + } + { + definitionReferenceId: 'SQLManagedInstanceTLSEffect' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS' + definitionParameters: varPolicySetDefinitionEsEnforceEncrypttransitParameters.SQLManagedInstanceTLSEffect.parameters + } + { + definitionReferenceId: 'SQLServerTLSDeployEffect' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS' + definitionParameters: varPolicySetDefinitionEsEnforceEncrypttransitParameters.SQLServerTLSDeployEffect.parameters + } + { + definitionReferenceId: 'SQLServerTLSEffect' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS' + definitionParameters: varPolicySetDefinitionEsEnforceEncrypttransitParameters.SQLServerTLSEffect.parameters + } + { + definitionReferenceId: 'StorageDeployHttpsEnabledEffect' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement' + definitionParameters: varPolicySetDefinitionEsEnforceEncrypttransitParameters.StorageDeployHttpsEnabledEffect.parameters + } + { + definitionReferenceId: 'StorageHttpsEnabledEffect' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-minTLS' + definitionParameters: varPolicySetDefinitionEsEnforceEncrypttransitParameters.StorageHttpsEnabledEffect.parameters + } + { + definitionReferenceId: 'WebAppServiceHttpsEffect' + definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http' + definitionParameters: varPolicySetDefinitionEsEnforceEncrypttransitParameters.WebAppServiceHttpsEffect.parameters + } + { + definitionReferenceId: 'WebAppServiceLatestTlsEffect' + definitionId: '/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b' + definitionParameters: varPolicySetDefinitionEsEnforceEncrypttransitParameters.WebAppServiceLatestTlsEffect.parameters + } + ] + } +] + + +// Policy Set/Initiative Definition Parameter Variables + +var varPolicySetDefinitionEsDenyPublicpaasendpointsParameters = loadJsonContent('lib/policy_set_definitions/policy_set_definition_es_deny_publicpaasendpoints.parameters.json') + +var varPolicySetDefinitionEsDeployDiagnosticsLoganalyticsParameters = loadJsonContent('lib/policy_set_definitions/policy_set_definition_es_deploy_diagnostics_loganalytics.parameters.json') + +var varPolicySetDefinitionEsDeployMdfcConfigParameters = loadJsonContent('lib/policy_set_definitions/policy_set_definition_es_deploy_mdfc_config.parameters.json') + +var varPolicySetDefinitionEsDeployPrivateDnsZonesParameters = loadJsonContent('lib/policy_set_definitions/policy_set_definition_es_deploy_private_dns_zones.parameters.json') + +var varPolicySetDefinitionEsDeploySqlSecurityParameters = loadJsonContent('lib/policy_set_definitions/policy_set_definition_es_deploy_sql_security.parameters.json') + +var varPolicySetDefinitionEsEnforceEncryptionCmkParameters = loadJsonContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encryption_cmk.parameters.json') + +var varPolicySetDefinitionEsEnforceEncrypttransitParameters = loadJsonContent('lib/policy_set_definitions/policy_set_definition_es_enforce_encrypttransit.parameters.json') + diff --git a/infra-as-code/bicep/modules/policy/definitions/mc-customPolicyDefinitions.bicep b/infra-as-code/bicep/modules/policy/definitions/mc-customPolicyDefinitions.bicep index a1b877335..d9601f9c5 100644 --- a/infra-as-code/bicep/modules/policy/definitions/mc-customPolicyDefinitions.bicep +++ b/infra-as-code/bicep/modules/policy/definitions/mc-customPolicyDefinitions.bicep @@ -417,42 +417,42 @@ var varCustomPolicySetDefinitionsArray = [ { definitionReferenceId: 'ACRDenyPaasPublicIP' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/0fdf0491-d080-4575-b627-ad0e843cba0f' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deny_publicpaasendpoints.parameters.json')).ACRDenyPaasPublicIP.parameters + definitionParameters: varPolicySetDefinitionEsMcDenyPublicpaasendpointsParameters.ACRDenyPaasPublicIP.parameters } { definitionReferenceId: 'AFSDenyPaasPublicIP' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-AFSPaasPublicIP' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deny_publicpaasendpoints.parameters.json')).AFSDenyPaasPublicIP.parameters + definitionParameters: varPolicySetDefinitionEsMcDenyPublicpaasendpointsParameters.AFSDenyPaasPublicIP.parameters } { definitionReferenceId: 'AKSDenyPaasPublicIP' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/040732e8-d947-40b8-95d6-854c95024bf8' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deny_publicpaasendpoints.parameters.json')).AKSDenyPaasPublicIP.parameters + definitionParameters: varPolicySetDefinitionEsMcDenyPublicpaasendpointsParameters.AKSDenyPaasPublicIP.parameters } { definitionReferenceId: 'BatchDenyPublicIP' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/74c5a0ae-5e48-4738-b093-65e23a060488' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deny_publicpaasendpoints.parameters.json')).BatchDenyPublicIP.parameters + definitionParameters: varPolicySetDefinitionEsMcDenyPublicpaasendpointsParameters.BatchDenyPublicIP.parameters } { definitionReferenceId: 'CosmosDenyPaasPublicIP' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/797b37f7-06b8-444c-b1ad-fc62867f335a' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deny_publicpaasendpoints.parameters.json')).CosmosDenyPaasPublicIP.parameters + definitionParameters: varPolicySetDefinitionEsMcDenyPublicpaasendpointsParameters.CosmosDenyPaasPublicIP.parameters } { definitionReferenceId: 'KeyVaultDenyPaasPublicIP' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-KeyVaultPaasPublicIP' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deny_publicpaasendpoints.parameters.json')).KeyVaultDenyPaasPublicIP.parameters + definitionParameters: varPolicySetDefinitionEsMcDenyPublicpaasendpointsParameters.KeyVaultDenyPaasPublicIP.parameters } { definitionReferenceId: 'SqlServerDenyPaasPublicIP' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/1b8ca024-1d5c-4dec-8995-b1a932b41780' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deny_publicpaasendpoints.parameters.json')).SqlServerDenyPaasPublicIP.parameters + definitionParameters: varPolicySetDefinitionEsMcDenyPublicpaasendpointsParameters.SqlServerDenyPaasPublicIP.parameters } { definitionReferenceId: 'StorageDenyPaasPublicIP' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deny_publicpaasendpoints.parameters.json')).StorageDenyPaasPublicIP.parameters + definitionParameters: varPolicySetDefinitionEsMcDenyPublicpaasendpointsParameters.StorageDenyPaasPublicIP.parameters } ] } @@ -463,317 +463,317 @@ var varCustomPolicySetDefinitionsArray = [ { definitionReferenceId: 'ACIDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACI' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).ACIDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.ACIDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'ACRDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ACR' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).ACRDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.ACRDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'AKSDeployDiagnosticLogDeployLogAnalytics' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/6c66c325-74c8-42fd-a286-a74b0e2939d8' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).AKSDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.AKSDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'AnalysisServiceDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AnalysisService' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).AnalysisServiceDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.AnalysisServiceDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'APIforFHIRDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApiForFHIR' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).APIforFHIRDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.APIforFHIRDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'APIMgmtDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-APIMgmt' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).APIMgmtDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.APIMgmtDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ApplicationGateway' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.ApplicationGatewayDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'AppServiceDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WebServerFarm' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).AppServiceDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.AppServiceDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'AppServiceWebappDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Website' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).AppServiceWebappDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.AppServiceWebappDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'AutomationDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AA' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).AutomationDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.AutomationDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'AVDHostPoolsDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDHostPools' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).AVDHostPoolsDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.AVDHostPoolsDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'BastionDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Bastion' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).BastionDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.BastionDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'BatchDeployDiagnosticLogDeployLogAnalytics' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/c84e5349-db6d-4769-805e-e14037dab9b5' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).BatchDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.BatchDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'CDNEndpointsDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CDNEndpoints' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).CDNEndpointsDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.CDNEndpointsDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'CognitiveServicesDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CognitiveServices' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).CognitiveServicesDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.CognitiveServicesDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'CosmosDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-CosmosDB' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).CosmosDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.CosmosDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'DatabricksDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Databricks' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).DatabricksDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.DatabricksDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataExplorerCluster' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.DataExplorerClusterDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'DataFactoryDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DataFactory' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).DataFactoryDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.DataFactoryDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-DLAnalytics' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.DataLakeAnalyticsDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'DataLakeStoreDeployDiagnosticLogDeployLogAnalytics' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/d56a5a7c-72d7-42bc-8ceb-3baf4c0eae03' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).DataLakeStoreDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.DataLakeStoreDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'EventGridSubDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSub' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).EventGridSubDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.EventGridSubDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'EventGridTopicDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridTopic' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).EventGridTopicDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.EventGridTopicDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'EventHubDeployDiagnosticLogDeployLogAnalytics' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/1f6e93e8-6b31-41b1-83f6-36e449a42579' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).EventHubDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.EventHubDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'EventSystemTopicDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-EventGridSystemTopic' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).EventSystemTopicDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.EventSystemTopicDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'ExpressRouteDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-ExpressRoute' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).ExpressRouteDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.ExpressRouteDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'FirewallDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Firewall' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).FirewallDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.FirewallDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'FrontDoorDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-FrontDoor' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).FrontDoorDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.FrontDoorDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'FunctionAppDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Function' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).FunctionAppDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.FunctionAppDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'HDInsightDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-HDInsight' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).HDInsightDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.HDInsightDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'IotHubDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-iotHub' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).IotHubDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.IotHubDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'KeyVaultDeployDiagnosticLogDeployLogAnalytics' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/bef3f64c-5290-43b7-85b0-9b254eef4c47' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).KeyVaultDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.KeyVaultDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'LoadBalancerDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LoadBalancer' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).LoadBalancerDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.LoadBalancerDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'LogicAppsISEDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-LogicAppsISE' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).LogicAppsISEDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.LogicAppsISEDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'LogicAppsWFDeployDiagnosticLogDeployLogAnalytics' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/b889a06c-ec72-4b03-910a-cb169ee18721' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).LogicAppsWFDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.LogicAppsWFDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'MariaDBDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MariaDB' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).MariaDBDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.MariaDBDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'MediaServiceDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MediaService' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).MediaServiceDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.MediaServiceDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'MlWorkspaceDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MlWorkspace' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).MlWorkspaceDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.MlWorkspaceDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'MySQLDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-MySQL' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).MySQLDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.MySQLDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'NetworkNICDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NIC' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).NetworkNICDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.NetworkNICDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/752154a7-1e0f-45c6-a880-ac75a7e4f648' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.NetworkPublicIPNicDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-NetworkSecurityGroups' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.NetworkSecurityGroupsDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'PostgreSQLDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PostgreSQL' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).PostgreSQLDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.PostgreSQLDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-PowerBIEmbedded' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.PowerBIEmbeddedDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'RecoveryVaultDeployDiagnosticLogDeployLogAnalytics' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/c717fb0c-d118-4c43-ab3d-ece30ac81fb3' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).RecoveryVaultDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.RecoveryVaultDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'RedisCacheDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-RedisCache' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).RedisCacheDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.RedisCacheDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'RelayDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-Relay' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).RelayDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.RelayDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'SearchServicesDeployDiagnosticLogDeployLogAnalytics' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/08ba64b8-738f-4918-9686-730d2ed79c7d' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).SearchServicesDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.SearchServicesDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'ServiceBusDeployDiagnosticLogDeployLogAnalytics' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/04d53d87-841c-4f23-8a5b-21564380b55e' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).ServiceBusDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.ServiceBusDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'SignalRDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SignalR' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).SignalRDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.SignalRDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'SQLDatabaseDeployDiagnosticLogDeployLogAnalytics' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/b79fa14e-238a-4c2d-b376-442ce508fc84' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).SQLDatabaseDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.SQLDatabaseDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLElasticPools' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.SQLElasticPoolsDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'SQLMDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-SQLMI' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).SQLMDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.SQLMDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'StorageAccountDeployDiagnosticLogDeployLogAnalytics' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/6f8f98a4-f108-47cb-8e98-91a0d85cd474' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).StorageAccountDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.StorageAccountDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/237e0f7e-b0e8-4ec4-ad46-8c12cb66d673' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.StreamAnalyticsDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TimeSeriesInsights' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.TimeSeriesInsightsDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'TrafficManagerDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-TrafficManager' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).TrafficManagerDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.TrafficManagerDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'VirtualMachinesDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VM' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).VirtualMachinesDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.VirtualMachinesDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'VirtualNetworkDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VirtualNetwork' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).VirtualNetworkDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.VirtualNetworkDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'VMSSDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VMSS' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).VMSSDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.VMSSDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'VNetGWDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VNetGW' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).VNetGWDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.VNetGWDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'WVDAppGroupDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDAppGroup' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).WVDAppGroupDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.WVDAppGroupDeployDiagnosticLogDeployLogAnalytics.parameters } { definitionReferenceId: 'WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-WVDWorkspace' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json')).WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters.WVDWorkspaceDeployDiagnosticLogDeployLogAnalytics.parameters } ] } @@ -784,27 +784,27 @@ var varCustomPolicySetDefinitionsArray = [ { definitionReferenceId: 'ascExport' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/ffb6f416-7bd2-4488-8828-56585fef2be9' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_mdfc_config.parameters.json')).ascExport.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployMdfcConfigParameters.ascExport.parameters } { definitionReferenceId: 'defenderForContainers' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/c9ddb292-b203-4738-aead-18e2716e858f' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_mdfc_config.parameters.json')).defenderForContainers.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployMdfcConfigParameters.defenderForContainers.parameters } { definitionReferenceId: 'defenderForSqlPaas' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/b99b73e7-074b-4089-9395-b7236f094491' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_mdfc_config.parameters.json')).defenderForSqlPaas.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployMdfcConfigParameters.defenderForSqlPaas.parameters } { definitionReferenceId: 'defenderForVM' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/8e86a5b6-b9bd-49d1-8e21-4bb8a0862222' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_mdfc_config.parameters.json')).defenderForVM.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployMdfcConfigParameters.defenderForVM.parameters } { definitionReferenceId: 'securityEmailContact' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-ASC-SecurityContacts' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_mdfc_config.parameters.json')).securityEmailContact.parameters + definitionParameters: varPolicySetDefinitionEsMcDeployMdfcConfigParameters.securityEmailContact.parameters } ] } @@ -815,102 +815,102 @@ var varCustomPolicySetDefinitionsArray = [ { definitionReferenceId: 'Deploy-Private-DNS-Azure-File-Sync' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Private-DNS-Azure-File-Sync' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_private_dns_zones.parameters.json'))['Deploy-Private-DNS-Azure-File-Sync'].parameters + definitionParameters: varPolicySetDefinitionEsMcDeployPrivateDnsZonesParameters['Deploy-Private-DNS-Azure-File-Sync'].parameters } { definitionReferenceId: 'Deploy-Private-DNS-Azure-KeyVault' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Private-DNS-Azure-KeyVault' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_private_dns_zones.parameters.json'))['Deploy-Private-DNS-Azure-KeyVault'].parameters + definitionParameters: varPolicySetDefinitionEsMcDeployPrivateDnsZonesParameters['Deploy-Private-DNS-Azure-KeyVault'].parameters } { definitionReferenceId: 'Deploy-Private-DNS-Azure-Web' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Private-DNS-Azure-Web' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_private_dns_zones.parameters.json'))['Deploy-Private-DNS-Azure-Web'].parameters + definitionParameters: varPolicySetDefinitionEsMcDeployPrivateDnsZonesParameters['Deploy-Private-DNS-Azure-Web'].parameters } { definitionReferenceId: 'DINE-Private-DNS-Azure-ACR' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/e9585a95-5b8c-4d03-b193-dc7eb5ac4c32' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_private_dns_zones.parameters.json'))['DINE-Private-DNS-Azure-ACR'].parameters + definitionParameters: varPolicySetDefinitionEsMcDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-ACR'].parameters } { definitionReferenceId: 'DINE-Private-DNS-Azure-App' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_private_dns_zones.parameters.json'))['DINE-Private-DNS-Azure-App'].parameters + definitionParameters: varPolicySetDefinitionEsMcDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-App'].parameters } { definitionReferenceId: 'DINE-Private-DNS-Azure-AppServices' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/b318f84a-b872-429b-ac6d-a01b96814452' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_private_dns_zones.parameters.json'))['DINE-Private-DNS-Azure-AppServices'].parameters + definitionParameters: varPolicySetDefinitionEsMcDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-AppServices'].parameters } { definitionReferenceId: 'DINE-Private-DNS-Azure-Batch' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_private_dns_zones.parameters.json'))['DINE-Private-DNS-Azure-Batch'].parameters + definitionParameters: varPolicySetDefinitionEsMcDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-Batch'].parameters } { definitionReferenceId: 'DINE-Private-DNS-Azure-CognitiveSearch' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/fbc14a67-53e4-4932-abcc-2049c6706009' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_private_dns_zones.parameters.json'))['DINE-Private-DNS-Azure-CognitiveSearch'].parameters + definitionParameters: varPolicySetDefinitionEsMcDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-CognitiveSearch'].parameters } { definitionReferenceId: 'DINE-Private-DNS-Azure-CognitiveServices' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/c4bc6f10-cb41-49eb-b000-d5ab82e2a091' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_private_dns_zones.parameters.json'))['DINE-Private-DNS-Azure-CognitiveServices'].parameters + definitionParameters: varPolicySetDefinitionEsMcDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-CognitiveServices'].parameters } { definitionReferenceId: 'DINE-Private-DNS-Azure-DiskAccess' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/bc05b96c-0b36-4ca9-82f0-5c53f96ce05a' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_private_dns_zones.parameters.json'))['DINE-Private-DNS-Azure-DiskAccess'].parameters + definitionParameters: varPolicySetDefinitionEsMcDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-DiskAccess'].parameters } { definitionReferenceId: 'DINE-Private-DNS-Azure-EventGridDomains' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/d389df0a-e0d7-4607-833c-75a6fdac2c2d' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_private_dns_zones.parameters.json'))['DINE-Private-DNS-Azure-EventGridDomains'].parameters + definitionParameters: varPolicySetDefinitionEsMcDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-EventGridDomains'].parameters } { definitionReferenceId: 'DINE-Private-DNS-Azure-EventGridTopics' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/baf19753-7502-405f-8745-370519b20483' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_private_dns_zones.parameters.json'))['DINE-Private-DNS-Azure-EventGridTopics'].parameters + definitionParameters: varPolicySetDefinitionEsMcDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-EventGridTopics'].parameters } { definitionReferenceId: 'DINE-Private-DNS-Azure-EventHubNamespace' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/ed66d4f5-8220-45dc-ab4a-20d1749c74e6' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_private_dns_zones.parameters.json'))['DINE-Private-DNS-Azure-EventHubNamespace'].parameters + definitionParameters: varPolicySetDefinitionEsMcDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-EventHubNamespace'].parameters } { definitionReferenceId: 'DINE-Private-DNS-Azure-IoT' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_private_dns_zones.parameters.json'))['DINE-Private-DNS-Azure-IoT'].parameters + definitionParameters: varPolicySetDefinitionEsMcDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-IoT'].parameters } { definitionReferenceId: 'DINE-Private-DNS-Azure-IoTHubs' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/c99ce9c1-ced7-4c3e-aca0-10e69ce0cb02' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_private_dns_zones.parameters.json'))['DINE-Private-DNS-Azure-IoTHubs'].parameters + definitionParameters: varPolicySetDefinitionEsMcDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-IoTHubs'].parameters } { definitionReferenceId: 'DINE-Private-DNS-Azure-MachineLearningWorkspace' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/ee40564d-486e-4f68-a5ca-7a621edae0fb' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_private_dns_zones.parameters.json'))['DINE-Private-DNS-Azure-MachineLearningWorkspace'].parameters + definitionParameters: varPolicySetDefinitionEsMcDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-MachineLearningWorkspace'].parameters } { definitionReferenceId: 'DINE-Private-DNS-Azure-RedisCache' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/e016b22b-e0eb-436d-8fd7-160c4eaed6e2' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_private_dns_zones.parameters.json'))['DINE-Private-DNS-Azure-RedisCache'].parameters + definitionParameters: varPolicySetDefinitionEsMcDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-RedisCache'].parameters } { definitionReferenceId: 'DINE-Private-DNS-Azure-ServiceBusNamespace' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/f0fcf93c-c063-4071-9668-c47474bd3564' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_private_dns_zones.parameters.json'))['DINE-Private-DNS-Azure-ServiceBusNamespace'].parameters + definitionParameters: varPolicySetDefinitionEsMcDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-ServiceBusNamespace'].parameters } { definitionReferenceId: 'DINE-Private-DNS-Azure-SignalR' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/b0e86710-7fb7-4a6c-a064-32e9b829509e' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_private_dns_zones.parameters.json'))['DINE-Private-DNS-Azure-SignalR'].parameters + definitionParameters: varPolicySetDefinitionEsMcDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-SignalR'].parameters } { definitionReferenceId: 'DINE-Private-DNS-Azure-Site-Recovery' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/942bd215-1a66-44be-af65-6a1c0318dbe2' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_private_dns_zones.parameters.json'))['DINE-Private-DNS-Azure-Site-Recovery'].parameters + definitionParameters: varPolicySetDefinitionEsMcDeployPrivateDnsZonesParameters['DINE-Private-DNS-Azure-Site-Recovery'].parameters } ] } @@ -921,22 +921,22 @@ var varCustomPolicySetDefinitionsArray = [ { definitionReferenceId: 'SqlDbAuditingSettingsDeploySqlSecurity' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-AuditingSettings' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_sql_security.parameters.json')).SqlDbAuditingSettingsDeploySqlSecurity.parameters + definitionParameters: varPolicySetDefinitionEsMcDeploySqlSecurityParameters.SqlDbAuditingSettingsDeploySqlSecurity.parameters } { definitionReferenceId: 'SqlDbSecurityAlertPoliciesDeploySqlSecurity' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-SecurityAlertPolicies' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_sql_security.parameters.json')).SqlDbSecurityAlertPoliciesDeploySqlSecurity.parameters + definitionParameters: varPolicySetDefinitionEsMcDeploySqlSecurityParameters.SqlDbSecurityAlertPoliciesDeploySqlSecurity.parameters } { definitionReferenceId: 'SqlDbTdeDeploySqlSecurity' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-Tde' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_sql_security.parameters.json')).SqlDbTdeDeploySqlSecurity.parameters + definitionParameters: varPolicySetDefinitionEsMcDeploySqlSecurityParameters.SqlDbTdeDeploySqlSecurity.parameters } { definitionReferenceId: 'SqlDbVulnerabilityAssessmentsDeploySqlSecurity' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Sql-vulnerabilityAssessments' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_sql_security.parameters.json')).SqlDbVulnerabilityAssessmentsDeploySqlSecurity.parameters + definitionParameters: varPolicySetDefinitionEsMcDeploySqlSecurityParameters.SqlDbVulnerabilityAssessmentsDeploySqlSecurity.parameters } ] } @@ -947,72 +947,72 @@ var varCustomPolicySetDefinitionsArray = [ { definitionReferenceId: 'ACRCmkDeny' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encryption_cmk.parameters.json')).ACRCmkDeny.parameters + definitionParameters: varPolicySetDefinitionEsMcEnforceEncryptionCmkParameters.ACRCmkDeny.parameters } { definitionReferenceId: 'AksCmkDeny' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/7d7be79c-23ba-4033-84dd-45e2a5ccdd67' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encryption_cmk.parameters.json')).AksCmkDeny.parameters + definitionParameters: varPolicySetDefinitionEsMcEnforceEncryptionCmkParameters.AksCmkDeny.parameters } { definitionReferenceId: 'AzureBatchCMKEffect' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/99e9ccd8-3db9-4592-b0d1-14b1715a4d8a' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encryption_cmk.parameters.json')).AzureBatchCMKEffect.parameters + definitionParameters: varPolicySetDefinitionEsMcEnforceEncryptionCmkParameters.AzureBatchCMKEffect.parameters } { definitionReferenceId: 'CognitiveServicesCMK' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/67121cc7-ff39-4ab8-b7e3-95b84dab487d' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encryption_cmk.parameters.json')).CognitiveServicesCMK.parameters + definitionParameters: varPolicySetDefinitionEsMcEnforceEncryptionCmkParameters.CognitiveServicesCMK.parameters } { definitionReferenceId: 'CosmosCMKEffect' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/1f905d99-2ab7-462c-a6b0-f709acca6c8f' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encryption_cmk.parameters.json')).CosmosCMKEffect.parameters + definitionParameters: varPolicySetDefinitionEsMcEnforceEncryptionCmkParameters.CosmosCMKEffect.parameters } { definitionReferenceId: 'DataBoxCMKEffect' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/86efb160-8de7-451d-bc08-5d475b0aadae' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encryption_cmk.parameters.json')).DataBoxCMKEffect.parameters + definitionParameters: varPolicySetDefinitionEsMcEnforceEncryptionCmkParameters.DataBoxCMKEffect.parameters } { definitionReferenceId: 'EncryptedVMDisksEffect' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/0961003e-5a0a-4549-abde-af6a37f2724d' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encryption_cmk.parameters.json')).EncryptedVMDisksEffect.parameters + definitionParameters: varPolicySetDefinitionEsMcEnforceEncryptionCmkParameters.EncryptedVMDisksEffect.parameters } { definitionReferenceId: 'MySQLCMKEffect' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQLCMKEffect' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encryption_cmk.parameters.json')).MySQLCMKEffect.parameters + definitionParameters: varPolicySetDefinitionEsMcEnforceEncryptionCmkParameters.MySQLCMKEffect.parameters } { definitionReferenceId: 'PostgreSQLCMKEffect' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQLCMKEffect' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encryption_cmk.parameters.json')).PostgreSQLCMKEffect.parameters + definitionParameters: varPolicySetDefinitionEsMcEnforceEncryptionCmkParameters.PostgreSQLCMKEffect.parameters } { definitionReferenceId: 'SqlServerTDECMKEffect' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/0d134df8-db83-46fb-ad72-fe0c9428c8dd' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encryption_cmk.parameters.json')).SqlServerTDECMKEffect.parameters + definitionParameters: varPolicySetDefinitionEsMcEnforceEncryptionCmkParameters.SqlServerTDECMKEffect.parameters } { definitionReferenceId: 'StorageCMKEffect' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/6fac406b-40ca-413b-bf8e-0bf964659c25' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encryption_cmk.parameters.json')).StorageCMKEffect.parameters + definitionParameters: varPolicySetDefinitionEsMcEnforceEncryptionCmkParameters.StorageCMKEffect.parameters } { definitionReferenceId: 'StreamAnalyticsCMKEffect' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/87ba29ef-1ab3-4d82-b763-87fcd4f531f7' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encryption_cmk.parameters.json')).StreamAnalyticsCMKEffect.parameters + definitionParameters: varPolicySetDefinitionEsMcEnforceEncryptionCmkParameters.StreamAnalyticsCMKEffect.parameters } { definitionReferenceId: 'SynapseWorkspaceCMKEffect' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/f7d52b2d-e161-4dfa-a82b-55e564167385' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encryption_cmk.parameters.json')).SynapseWorkspaceCMKEffect.parameters + definitionParameters: varPolicySetDefinitionEsMcEnforceEncryptionCmkParameters.SynapseWorkspaceCMKEffect.parameters } { definitionReferenceId: 'WorkspaceCMK' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/ba769a63-b8cc-4b2d-abf6-ac33c7204be8' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encryption_cmk.parameters.json')).WorkspaceCMK.parameters + definitionParameters: varPolicySetDefinitionEsMcEnforceEncryptionCmkParameters.WorkspaceCMK.parameters } ] } @@ -1023,117 +1023,133 @@ var varCustomPolicySetDefinitionsArray = [ { definitionReferenceId: 'AKSIngressHttpsOnlyEffect' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encrypttransit.parameters.json')).AKSIngressHttpsOnlyEffect.parameters + definitionParameters: varPolicySetDefinitionEsMcEnforceEncrypttransitParameters.AKSIngressHttpsOnlyEffect.parameters } { definitionReferenceId: 'APIAppServiceHttpsEffect' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encrypttransit.parameters.json')).APIAppServiceHttpsEffect.parameters + definitionParameters: varPolicySetDefinitionEsMcEnforceEncrypttransitParameters.APIAppServiceHttpsEffect.parameters } { definitionReferenceId: 'APIAppServiceLatestTlsEffect' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encrypttransit.parameters.json')).APIAppServiceLatestTlsEffect.parameters + definitionParameters: varPolicySetDefinitionEsMcEnforceEncrypttransitParameters.APIAppServiceLatestTlsEffect.parameters } { definitionReferenceId: 'AppServiceHttpEffect' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encrypttransit.parameters.json')).AppServiceHttpEffect.parameters + definitionParameters: varPolicySetDefinitionEsMcEnforceEncrypttransitParameters.AppServiceHttpEffect.parameters } { definitionReferenceId: 'AppServiceminTlsVersion' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encrypttransit.parameters.json')).AppServiceminTlsVersion.parameters + definitionParameters: varPolicySetDefinitionEsMcEnforceEncrypttransitParameters.AppServiceminTlsVersion.parameters } { definitionReferenceId: 'FunctionLatestTlsEffect' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encrypttransit.parameters.json')).FunctionLatestTlsEffect.parameters + definitionParameters: varPolicySetDefinitionEsMcEnforceEncrypttransitParameters.FunctionLatestTlsEffect.parameters } { definitionReferenceId: 'FunctionServiceHttpsEffect' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encrypttransit.parameters.json')).FunctionServiceHttpsEffect.parameters + definitionParameters: varPolicySetDefinitionEsMcEnforceEncrypttransitParameters.FunctionServiceHttpsEffect.parameters } { definitionReferenceId: 'MySQLEnableSSLDeployEffect' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encrypttransit.parameters.json')).MySQLEnableSSLDeployEffect.parameters + definitionParameters: varPolicySetDefinitionEsMcEnforceEncrypttransitParameters.MySQLEnableSSLDeployEffect.parameters } { definitionReferenceId: 'MySQLEnableSSLEffect' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encrypttransit.parameters.json')).MySQLEnableSSLEffect.parameters + definitionParameters: varPolicySetDefinitionEsMcEnforceEncrypttransitParameters.MySQLEnableSSLEffect.parameters } { definitionReferenceId: 'PostgreSQLEnableSSLDeployEffect' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encrypttransit.parameters.json')).PostgreSQLEnableSSLDeployEffect.parameters + definitionParameters: varPolicySetDefinitionEsMcEnforceEncrypttransitParameters.PostgreSQLEnableSSLDeployEffect.parameters } { definitionReferenceId: 'PostgreSQLEnableSSLEffect' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encrypttransit.parameters.json')).PostgreSQLEnableSSLEffect.parameters + definitionParameters: varPolicySetDefinitionEsMcEnforceEncrypttransitParameters.PostgreSQLEnableSSLEffect.parameters } { definitionReferenceId: 'RedisDenyhttps' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encrypttransit.parameters.json')).RedisDenyhttps.parameters + definitionParameters: varPolicySetDefinitionEsMcEnforceEncrypttransitParameters.RedisDenyhttps.parameters } { definitionReferenceId: 'RedisdisableNonSslPort' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encrypttransit.parameters.json')).RedisdisableNonSslPort.parameters + definitionParameters: varPolicySetDefinitionEsMcEnforceEncrypttransitParameters.RedisdisableNonSslPort.parameters } { definitionReferenceId: 'RedisTLSDeployEffect' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encrypttransit.parameters.json')).RedisTLSDeployEffect.parameters + definitionParameters: varPolicySetDefinitionEsMcEnforceEncrypttransitParameters.RedisTLSDeployEffect.parameters } { definitionReferenceId: 'SQLManagedInstanceTLSDeployEffect' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encrypttransit.parameters.json')).SQLManagedInstanceTLSDeployEffect.parameters + definitionParameters: varPolicySetDefinitionEsMcEnforceEncrypttransitParameters.SQLManagedInstanceTLSDeployEffect.parameters } { definitionReferenceId: 'SQLManagedInstanceTLSEffect' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encrypttransit.parameters.json')).SQLManagedInstanceTLSEffect.parameters + definitionParameters: varPolicySetDefinitionEsMcEnforceEncrypttransitParameters.SQLManagedInstanceTLSEffect.parameters } { definitionReferenceId: 'SQLServerTLSDeployEffect' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encrypttransit.parameters.json')).SQLServerTLSDeployEffect.parameters + definitionParameters: varPolicySetDefinitionEsMcEnforceEncrypttransitParameters.SQLServerTLSDeployEffect.parameters } { definitionReferenceId: 'SQLServerTLSEffect' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encrypttransit.parameters.json')).SQLServerTLSEffect.parameters + definitionParameters: varPolicySetDefinitionEsMcEnforceEncrypttransitParameters.SQLServerTLSEffect.parameters } { definitionReferenceId: 'StorageDeployHttpsEnabledEffect' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encrypttransit.parameters.json')).StorageDeployHttpsEnabledEffect.parameters + definitionParameters: varPolicySetDefinitionEsMcEnforceEncrypttransitParameters.StorageDeployHttpsEnabledEffect.parameters } { definitionReferenceId: 'StorageHttpsEnabledEffect' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-minTLS' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encrypttransit.parameters.json')).StorageHttpsEnabledEffect.parameters + definitionParameters: varPolicySetDefinitionEsMcEnforceEncrypttransitParameters.StorageHttpsEnabledEffect.parameters } { definitionReferenceId: 'WebAppServiceHttpsEffect' definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encrypttransit.parameters.json')).WebAppServiceHttpsEffect.parameters + definitionParameters: varPolicySetDefinitionEsMcEnforceEncrypttransitParameters.WebAppServiceHttpsEffect.parameters } { definitionReferenceId: 'WebAppServiceLatestTlsEffect' definitionId: '/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b' - definitionParameters: json(loadTextContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encrypttransit.parameters.json')).WebAppServiceLatestTlsEffect.parameters + definitionParameters: varPolicySetDefinitionEsMcEnforceEncrypttransitParameters.WebAppServiceLatestTlsEffect.parameters } ] } ] +// Policy Set/Initiative Definition Parameter Variables + +var varPolicySetDefinitionEsMcDenyPublicpaasendpointsParameters = loadJsonContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deny_publicpaasendpoints.parameters.json') + +var varPolicySetDefinitionEsMcDeployDiagnosticsLoganalyticsParameters = loadJsonContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_diagnostics_loganalytics.parameters.json') + +var varPolicySetDefinitionEsMcDeployMdfcConfigParameters = loadJsonContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_mdfc_config.parameters.json') + +var varPolicySetDefinitionEsMcDeployPrivateDnsZonesParameters = loadJsonContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_private_dns_zones.parameters.json') + +var varPolicySetDefinitionEsMcDeploySqlSecurityParameters = loadJsonContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_deploy_sql_security.parameters.json') + +var varPolicySetDefinitionEsMcEnforceEncryptionCmkParameters = loadJsonContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encryption_cmk.parameters.json') + +var varPolicySetDefinitionEsMcEnforceEncrypttransitParameters = loadJsonContent('lib/china/policy_set_definitions/policy_set_definition_es_mc_enforce_encrypttransit.parameters.json') + // Customer Usage Attribution Id var varCuaid = '2b136786-9881-412e-84ba-f4c2822e1ac9'