Update Policy Library (automated) (#584)

Co-authored-by: github-actions <[email protected]>
Co-authored-by: Jack Tracey <[email protected]>

infra-as-code/bicep/modules/policy/definitions/customPolicyDefinitions.bicep

@@ -33,6 +33,10 @@ var varCustomPolicyDefinitionsArray = [
     name: 'Append-Redis-sslEnforcement'
     libDefinition: loadJsonContent('lib/policy_definitions/policy_definition_es_Append-Redis-sslEnforcement.json')
   }
+  {
+    name: 'Audit-AzureHybridBenefit'
+    libDefinition: loadJsonContent('lib/policy_definitions/policy_definition_es_Audit-AzureHybridBenefit.json')
+  }
   {
     name: 'Audit-Disks-UnusedResourcesCostOptimization'
     libDefinition: loadJsonContent('lib/policy_definitions/policy_definition_es_Audit-Disks-UnusedResourcesCostOptimization.json')
@@ -513,6 +517,12 @@ var varCustomPolicySetDefinitionsArray = [
     name: 'Audit-UnusedResourcesCostOptimization'
     libSetDefinition: loadJsonContent('lib/policy_set_definitions/policy_set_definition_es_Audit-UnusedResourcesCostOptimization.json')
     libSetChildDefinitions: [
+      {
+        definitionReferenceId: 'AuditAzureHybridBenefitUnusedResourcesCostOptimization'
+        definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Audit-AzureHybridBenefit'
+        definitionParameters: varPolicySetDefinitionEsAuditUnusedResourcesCostOptimizationParameters.AuditAzureHybridBenefitUnusedResourcesCostOptimization.parameters
+        definitionGroups: []
+      }
       {
         definitionReferenceId: 'AuditDisksUnusedResourcesCostOptimization'
         definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Audit-Disks-UnusedResourcesCostOptimization'

infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/_policyDefinitionsBicepInput.txt

@@ -18,6 +18,10 @@
 	name: 'Append-Redis-sslEnforcement'
 	libDefinition: loadJsonContent('lib/policy_definitions/policy_definition_es_Append-Redis-sslEnforcement.json')
 }
+{
+	name: 'Audit-AzureHybridBenefit'
+	libDefinition: loadJsonContent('lib/policy_definitions/policy_definition_es_Audit-AzureHybridBenefit.json')
+}
 {
 	name: 'Audit-Disks-UnusedResourcesCostOptimization'
 	libDefinition: loadJsonContent('lib/policy_definitions/policy_definition_es_Audit-Disks-UnusedResourcesCostOptimization.json')

infra-as-code/bicep/modules/policy/definitions/lib/policy_definitions/policy_definition_es_Audit-AzureHybridBenefit.json

@@ -0,0 +1,88 @@
+{
+  "name": "Audit-AzureHybridBenefit",
+  "type": "Microsoft.Authorization/policyDefinitions",
+  "apiVersion": "2021-06-01",
+  "scope": null,
+  "properties": {
+    "policyType": "Custom",
+    "mode": "All",
+    "displayName": "Audit AHUB for eligible VMs",
+    "description": "Optimize cost by enabling Azure Hybrid Benefit. Leverage this Policy definition as a cost control to reveal Virtual Machines not using AHUB.",
+    "metadata": {
+      "version": "1.0.0",
+      "category": "Cost Optimization",
+      "source": "https://github.com/Azure/Enterprise-Scale/",
+      "alzCloudEnvironments": [
+        "AzureCloud",
+        "AzureChinaCloud",
+        "AzureUSGovernment"
+      ]
+    },
+    "parameters": {
+      "effect": {
+        "type": "String",
+        "metadata": {
+          "displayName": "Effect",
+          "description": "Enable or disable the execution of the policy"
+        },
+        "allowedValues": [
+          "Audit",
+          "Disabled"
+        ],
+        "defaultValue": "Audit"
+      }
+    },
+    "policyRule": {
+      "if": {
+        "allOf": [
+          {
+            "field": "type",
+            "in": [
+              "Microsoft.Compute/virtualMachines",
+              "Microsoft.Compute/virtualMachineScaleSets"
+            ]
+          },
+          {
+            "equals": "MicrosoftWindowsServer",
+            "field": "Microsoft.Compute/imagePublisher"
+          },
+          {
+            "equals": "WindowsServer",
+            "field": "Microsoft.Compute/imageOffer"
+          },
+          {
+            "anyOf": [
+              {
+                "field": "Microsoft.Compute/imageSKU",
+                "like": "2008-R2-SP1*"
+              },
+              {
+                "field": "Microsoft.Compute/imageSKU",
+                "like": "2012-*"
+              },
+              {
+                "field": "Microsoft.Compute/imageSKU",
+                "like": "2016-*"
+              },
+              {
+                "field": "Microsoft.Compute/imageSKU",
+                "like": "2019-*"
+              },
+              {
+                "field": "Microsoft.Compute/imageSKU",
+                "like": "2022-*"
+              }
+            ]
+          },
+          {
+            "field": "Microsoft.Compute/licenseType",
+            "notEquals": "Windows_Server"
+          }
+        ]
+      },
+      "then": {
+        "effect": "[parameters('effect')]"
+      }
+    }
+  }
+}

infra-as-code/bicep/modules/policy/definitions/lib/policy_set_definitions/_policySetDefinitionsBicepInput.txt

@@ -3,6 +3,12 @@ var varCustomPolicySetDefinitionsArray = [
 		name: 'Audit-UnusedResourcesCostOptimization'
 		libSetDefinition: loadJsonContent('lib/policy_set_definitions/policy_set_definition_es_Audit-UnusedResourcesCostOptimization.json')
 		libSetChildDefinitions: [
+			{
+				definitionReferenceId: 'AuditAzureHybridBenefitUnusedResourcesCostOptimization'
+				definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Audit-AzureHybridBenefit'
+				definitionParameters: varPolicySetDefinitionEsAuditUnusedResourcesCostOptimizationParameters.AuditAzureHybridBenefitUnusedResourcesCostOptimization.parameters
+				definitionGroups: []
+			}
 			{
 				definitionReferenceId: 'AuditDisksUnusedResourcesCostOptimization'
 				definitionId: '${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Audit-Disks-UnusedResourcesCostOptimization'

infra-as-code/bicep/modules/policy/definitions/lib/policy_set_definitions/policy_set_definition_es_Audit-UnusedResourcesCostOptimization.json

@@ -8,7 +8,7 @@
     "displayName": "Unused resources driving cost should be avoided",
     "description": "Optimize cost by detecting unused but chargeable resources. Leverage this Azure Policy Initiative as a cost control tool to reveal orphaned resources that are contributing cost.",
     "metadata": {
-      "version": "1.0.0",
+      "version": "2.0.0",
       "category": "Cost Optimization",
       "source": "https://github.com/Azure/Enterprise-Scale/",
       "alzCloudEnvironments": [
@@ -85,6 +85,16 @@
           }
         },
         "groupNames": []
+      },
+      {
+        "policyDefinitionReferenceId": "AuditAzureHybridBenefitUnusedResourcesCostOptimization",
+        "policyDefinitionId": "${varTargetManagementGroupResourceId}/providers/Microsoft.Authorization/policyDefinitions/Audit-AzureHybridBenefit",
+        "parameters": {
+          "effect": {
+            "value": "Audit"
+          }
+        },
+        "groupNames": []
       }
     ],
     "policyDefinitionGroups": null

infra-as-code/bicep/modules/policy/definitions/lib/policy_set_definitions/policy_set_definition_es_Audit-UnusedResourcesCostOptimization.parameters.json

@@ -1,4 +1,11 @@
 {
+  "AuditAzureHybridBenefitUnusedResourcesCostOptimization": {
+    "parameters": {
+      "effect": {
+        "value": "Audit"
+      }
+    }
+  },
   "AuditDisksUnusedResourcesCostOptimization": {
     "parameters": {
       "effect": {