Revert "Denyactionpr (#1406)"

This reverts commit bc80050.
Azure · Sep 18, 2023 · db09d28 · db09d28
1 parent bc80050
commit db09d28
Show file tree

Hide file tree

Showing 7 changed files with 78 additions and 203 deletions.
diff --git a/docs/wiki/Whats-new.md b/docs/wiki/Whats-new.md
@@ -48,9 +48,6 @@ Here's what's changed in Enterprise Scale/Azure Landing Zones:
 - Updated to the new [Configure Microsoft Defender for Storage to be enabled](https://www.azadvertizer.com/azpolicyadvertizer/cfdc5972-75b3-4418-8ae1-7f5c36839390.html) built-in policy to the `Deploy-MDFC-Config` initiative and assignment.
   - Read more about the new Microsoft Defender for Storage here: [aka.ms//DefenderForStorage](https://aka.ms//DefenderForStorage).
   - NOTE: there are additional cost considerations associated with this feature - [more info](https://learn.microsoft.com/azure/defender-for-cloud/defender-for-storage-introduction#malware-scanning-powered-by-microsoft-defender-antivirus).
-- Added two new definitions with Deny Action feature:
-  - `DenyAction-ActivityLogSettings.json`
-  - `DenyAction-DiagnosticSettings.json`
 
 ### July 2023
 

diff --git a/eslzArm/managementGroupTemplates/policyDefinitions/policies.json b/eslzArm/managementGroupTemplates/policyDefinitions/policies.json
diff --git a/eslzArm/managementGroupTemplates/roleDefinitions/customRoleDefinitions.json b/eslzArm/managementGroupTemplates/roleDefinitions/customRoleDefinitions.json
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.21.1.54444",
-      "templateHash": "7093918517635612324"
+      "version": "0.20.4.51522",
+      "templateHash": "11768655431175792812"
     }
   },
   "variables": {

diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/DenyAction-ActivityLogSettings.json b/src/resources/Microsoft.Authorization/policyDefinitions/DenyAction-ActivityLogSettings.json
diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/DenyAction-DiagnosticSettings.json b/src/resources/Microsoft.Authorization/policyDefinitions/DenyAction-DiagnosticSettings.json
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/DenyAction-DeleteProtection.json b/src/resources/Microsoft.Authorization/policySetDefinitions/DenyAction-DeleteProtection.json
diff --git a/src/templates/policies.bicep b/src/templates/policies.bicep
@@ -177,8 +177,6 @@ var loadPolicyDefinitions = {
     loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deploy-Windows-DomainJoin.json')
     loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW.json')
     loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Audit-PrivateLinkPrivateDnsZones.json')
-    loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/DenyAction-DiagnosticSettings.json')
-    loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/DenyAction-ActivityLogSettings.json')
   ]
   AzureCloud: [
     loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Audit-MachineLearning-PrivateEndpointId.json') // Needs validating in AzureChinaCloud and AzureUSGovernment
@@ -226,7 +224,6 @@ var loadPolicySetDefinitions = {
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.json')
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm.json')
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Sandbox.json')
-    loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/DenyAction-DeleteProtection.json')
   ]
   AzureCloud: [
     loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deny-PublicPaaSEndpoints.json') // See AzureChinaCloud and AzureUSGovernment comments below for reasoning