diff --git a/.github/workflows/validate-bicep.yml b/.github/workflows/validate-bicep.yml new file mode 100644 index 000000000..451b9d651 --- /dev/null +++ b/.github/workflows/validate-bicep.yml @@ -0,0 +1,18 @@ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. + +name: validate-bicep +on: + pull_request: + paths: + - '**.bicep' + workflow_dispatch: + paths: + - '**.bicep' +jobs: + validate-bicep: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - run: | + az bicep build --file src/bicep/mlz.bicep diff --git a/.github/workflows/validate-build-bicep.yml b/.github/workflows/validate-build-bicep.yml new file mode 100644 index 000000000..d9004c80e --- /dev/null +++ b/.github/workflows/validate-build-bicep.yml @@ -0,0 +1,22 @@ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. + +name: validate-build-bicep +on: + push: + paths: + - '**.bicep' + branches: + - bicep +jobs: + validate-build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - run: | + git config user.name github-actions + git config user.email github-actions@github.com + az bicep build --file src/bicep/mlz.bicep --outfile src/bicep/mlz.json + git add src/bicep/mlz.json + git commit -m "GitHub Action: Build Bicep to JSON" + git push diff --git a/src/bicep/README.md b/src/bicep/README.md index 57d6a4bb6..4324951ff 100644 --- a/src/bicep/README.md +++ b/src/bicep/README.md @@ -99,3 +99,45 @@ az deployment sub create \ operationsSubscriptionId=$operationsSubscriptionId \ sharedServicesSubscriptionId=$sharedServicesSubscriptionId ``` + +## Adding Azure Policy + +To include one of the built in Azure policy initiatives for NIST 800-53, CMMC Level 3 or DoD IL5 compliance add the parameter with one of the following, NIST, IL5 or CMMC. For example deploying with MLZ: + +```plaintext +az deployment sub create \ + --location eastus \ + --template-file mlz.bicep \ + --parameters policy= +``` + +Or, apply policy after deploying MLZ: + +```plaintext +az deployment group create \ + --resource-group \ + --name \ + --template-file ./src/bicep/modules/policyAssignment.bicep \ + --parameters builtInAssignment= logAnalyticsWorkspaceName= \ + --parameters logAnalyticsWorkspaceName= \ + --parameters logAnalyticsWorkspaceResourceGroupName= +``` + +Under the [modules/policies](modules/policies) directory are JSON files named for the initiatives with default parameters (except for a Log Analytics workspace ID value `` that we substitute at deployment time -- any other parameter can be modified as needed). + +The result will be a policy assignment created for each resource group deployed by MLZ that can be viewed in the 'Compliance' view of Azure Policy in the Azure Portal. + +## Adding Remote Access via Bastion Host + +To deploy a virtual machine as a jumpbox into the network without a Public IP Address using Azure Bastion Host, provide two parameters `deployRemoteAccess=true` and `linuxVmAdminPasswordOrKey=` to the deployment. A quick and easy way to generate a secure password from the .devcontainer is the command `openssl rand -base64 14`. + +```plaintext +my_password=$(openssl rand -base64 14) + +az deployment sub create \ + --name "myRemoteAccessDeployment" \ + --location "eastus" \ + --template-file "src/bicep/mlz.bicep" \ + --parameters deployRemoteAccess="true" \ + --parameters linuxVmAdminPasswordOrKey="$my_password" +``` diff --git a/src/bicep/bicepconfig.json b/src/bicep/bicepconfig.json new file mode 100644 index 000000000..2f5755649 --- /dev/null +++ b/src/bicep/bicepconfig.json @@ -0,0 +1,28 @@ +{ + "analyzers": { + "core": { + "verbose": false, + "enabled": true, + "rules": { + "no-hardcoded-env-urls": { + "level": "error" + }, + "no-unused-params": { + "level": "error" + }, + "no-unused-vars": { + "level": "error" + }, + "prefer-interpolation": { + "level": "error" + }, + "secure-parameter-default": { + "level": "error" + }, + "simplify-interpolation": { + "level": "error" + } + } + } + } + } diff --git a/src/bicep/examples/remoteAccess/README.md b/src/bicep/examples/remoteAccess/README.md index 3e601ee2f..b0ad41f2c 100644 --- a/src/bicep/examples/remoteAccess/README.md +++ b/src/bicep/examples/remoteAccess/README.md @@ -8,7 +8,7 @@ Read on to understand what this example does, and when you're ready, collect all ### Deploys Azure Bastion Host -The docs on Azure Bastion: https://docs.microsoft.com/en-us/azure/bastion/bastion-overview +The docs on Azure Bastion: Some particulars about Bastion: @@ -20,7 +20,7 @@ Some particulars about Bastion: This example deploys two virtual machines into a new subnet in the existing Hub virtual network to serve as jumpboxes. -The docs on Virtual Machines: https://docs.microsoft.com/en-us/azure/templates/microsoft.compute/virtualmachines?tabs=json +The docs on Virtual Machines: ## Pre-requisites @@ -97,20 +97,25 @@ hubVirtualNetworkName="hub-vnet" hubSubnetResourceId="/subscriptions/.../providers/Microsoft.Network/virtualNetworks/hub-vnet/subnets/hub-subnet" hubNetworkSecurityGroupResourceId="/subscriptions/.../providers/Microsoft.Network/networkSecurityGroups/hub-nsg" +linuxPassword=$(openssl rand -base64 14) # generate a random 14 character password + az deployment group create \ --name "RemoteAccessExample" \ --resource-group $hubResourceGroupName \ - --template-file "./remoteAccess.bicep" \ + --template-file "./main.bicep" \ --parameters \ hubVirtualNetworkName="$hubVirtualNetworkName" \ hubSubnetResourceId="$hubSubnetResourceId" \ - hubNetworkSecurityGroupResourceId="$hubNetworkSecurityGroupResourceId" + hubNetworkSecurityGroupResourceId="$hubNetworkSecurityGroupResourceId" \ + linuxVmAdminPasswordOrKey="$linuxPassword" ``` Or, completely experimentally, try the Portal: -#### AzureCloud -[![Deploy To Azure](../../docs/imgs/deploytoazure.svg?sanitze=true)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2Fglennmusa%2Fmissionlz%2Fglennmusa%2Fbicep%2Fsrc%2Fbicep%2Fexamples%2FremoteAccess%2FremoteAccess.json) +### AzureCloud + +[![Deploy To Azure](../../docs/imgs/deploytoazure.svg?sanitze=true)](https://portal.azure.com/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2Fglennmusa%2Fmissionlz%2Fglennmusa%2Fbicep%2Fsrc%2Fbicep%2Fexamples%2FremoteAccess%2Fmain.json) + +### AzureUSGovernment -#### AzureUSGovernment -[![Deploy To Azure US Gov](../../docs/imgs/deploytoazuregov.svg?sanitize=true)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2Fglennmusa%2Fmissionlz%2Fglennmusa%2Fbicep%2Fexamples%2FremoteAccess%2FremoteAccess.json) +[![Deploy To Azure US Gov](../../docs/imgs/deploytoazuregov.svg?sanitize=true)](https://portal.azure.us/#create/Microsoft.Template/uri/https%3A%2F%2Fraw.githubusercontent.com%2Fglennmusa%2Fmissionlz%2Fglennmusa%2Fbicep%2Fexamples%2FremoteAccess%2Fmain.json) diff --git a/src/bicep/examples/remoteAccess/main.bicep b/src/bicep/examples/remoteAccess/main.bicep new file mode 100644 index 000000000..4cf1463f1 --- /dev/null +++ b/src/bicep/examples/remoteAccess/main.bicep @@ -0,0 +1,73 @@ +param location string = resourceGroup().location + +param hubVirtualNetworkName string +param hubSubnetResourceId string +param hubNetworkSecurityGroupResourceId string + +param bastionHostName string = 'bastionHost' +param bastionHostSubnetAddressPrefix string = '10.0.100.160/27' +param bastionHostPublicIPAddressName string = 'bastionHostPublicIPAddress' +param bastionHostPublicIPAddressSkuName string = 'Standard' +param bastionHostPublicIPAddressAllocationMethod string = 'Static' +param bastionHostPublicIPAddressAvailabilityZones array = [] +param bastionHostIPConfigurationName string = 'bastionHostIPConfiguration' + +param linuxVmName string = 'linuxVirtualMachine' +param linuxVmSize string = 'Standard_B2s' +param linuxVmOsDiskCreateOption string = 'FromImage' +param linuxVmOsDiskType string = 'Standard_LRS' +param linuxVmImagePublisher string = 'Canonical' +param linuxVmImageOffer string = 'UbuntuServer' +param linuxVmImageSku string = '18.04-LTS' +param linuxVmImageVersion string = 'latest' +param linuxVmAdminUsername string = 'azureuser' + +@allowed([ + 'sshPublicKey' + 'password' +]) +param linuxVmAuthenticationType string = 'password' +@secure() +@minLength(14) +param linuxVmAdminPasswordOrKey string + +param linuxVmNetworkInterfaceName string = 'linuxVmNetworkInterface' +param linuxVmNetworkInterfaceIpConfigurationName string = 'linuxVmIpConfiguration' +param linuxVmNetworkInterfacePrivateIPAddressAllocationMethod string = 'Dynamic' + +param nowUtc string = utcNow() + +module remoteAccess '../../modules/remoteAccess.bicep' = { + name: 'deploy-remoteAccess-Example-${nowUtc}' + params: { + location: location + + hubVirtualNetworkName: hubVirtualNetworkName + hubSubnetResourceId: hubSubnetResourceId + hubNetworkSecurityGroupResourceId: hubNetworkSecurityGroupResourceId + + bastionHostName: bastionHostName + bastionHostSubnetAddressPrefix: bastionHostSubnetAddressPrefix + bastionHostPublicIPAddressName: bastionHostPublicIPAddressName + bastionHostPublicIPAddressSkuName: bastionHostPublicIPAddressSkuName + bastionHostPublicIPAddressAllocationMethod: bastionHostPublicIPAddressAllocationMethod + bastionHostPublicIPAddressAvailabilityZones: bastionHostPublicIPAddressAvailabilityZones + bastionHostIPConfigurationName: bastionHostIPConfigurationName + + linuxNetworkInterfaceIpConfigurationName: linuxVmNetworkInterfaceIpConfigurationName + linuxNetworkInterfacePrivateIPAddressAllocationMethod: linuxVmNetworkInterfacePrivateIPAddressAllocationMethod + + linuxVmName: linuxVmName + linuxVmSize: linuxVmSize + linuxVmOsDiskCreateOption: linuxVmOsDiskCreateOption + linuxVmOsDiskType: linuxVmOsDiskType + linuxVmImagePublisher: linuxVmImagePublisher + linuxVmImageOffer: linuxVmImageOffer + linuxVmImageSku: linuxVmImageSku + linuxVmImageVersion: linuxVmImageVersion + linuxVmAdminUsername: linuxVmAdminUsername + linuxVmAuthenticationType: linuxVmAuthenticationType + linuxVmAdminPasswordOrKey: linuxVmAdminPasswordOrKey + linuxVmNetworkInterfaceName: linuxVmNetworkInterfaceName + } +} diff --git a/src/bicep/examples/remoteAccess/main.json b/src/bicep/examples/remoteAccess/main.json new file mode 100644 index 000000000..7f93405d6 --- /dev/null +++ b/src/bicep/examples/remoteAccess/main.json @@ -0,0 +1,745 @@ +{ + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.4.613.9944", + "templateHash": "12135705171876165812" + } + }, + "parameters": { + "location": { + "type": "string", + "defaultValue": "[resourceGroup().location]" + }, + "hubVirtualNetworkName": { + "type": "string" + }, + "hubSubnetResourceId": { + "type": "string" + }, + "hubNetworkSecurityGroupResourceId": { + "type": "string" + }, + "bastionHostName": { + "type": "string", + "defaultValue": "bastionHost" + }, + "bastionHostSubnetAddressPrefix": { + "type": "string", + "defaultValue": "10.0.100.160/27" + }, + "bastionHostPublicIPAddressName": { + "type": "string", + "defaultValue": "bastionHostPublicIPAddress" + }, + "bastionHostPublicIPAddressSkuName": { + "type": "string", + "defaultValue": "Standard" + }, + "bastionHostPublicIPAddressAllocationMethod": { + "type": "string", + "defaultValue": "Static" + }, + "bastionHostPublicIPAddressAvailabilityZones": { + "type": "array", + "defaultValue": [] + }, + "bastionHostIPConfigurationName": { + "type": "string", + "defaultValue": "bastionHostIPConfiguration" + }, + "linuxVmName": { + "type": "string", + "defaultValue": "linuxVirtualMachine" + }, + "linuxVmSize": { + "type": "string", + "defaultValue": "Standard_B2s" + }, + "linuxVmOsDiskCreateOption": { + "type": "string", + "defaultValue": "FromImage" + }, + "linuxVmOsDiskType": { + "type": "string", + "defaultValue": "Standard_LRS" + }, + "linuxVmImagePublisher": { + "type": "string", + "defaultValue": "Canonical" + }, + "linuxVmImageOffer": { + "type": "string", + "defaultValue": "UbuntuServer" + }, + "linuxVmImageSku": { + "type": "string", + "defaultValue": "18.04-LTS" + }, + "linuxVmImageVersion": { + "type": "string", + "defaultValue": "latest" + }, + "linuxVmAdminUsername": { + "type": "string", + "defaultValue": "azureuser" + }, + "linuxVmAuthenticationType": { + "type": "string", + "defaultValue": "password", + "allowedValues": [ + "sshPublicKey", + "password" + ] + }, + "linuxVmAdminPasswordOrKey": { + "type": "secureString", + "minLength": 14 + }, + "linuxVmNetworkInterfaceName": { + "type": "string", + "defaultValue": "linuxVmNetworkInterface" + }, + "linuxVmNetworkInterfaceIpConfigurationName": { + "type": "string", + "defaultValue": "linuxVmIpConfiguration" + }, + "linuxVmNetworkInterfacePrivateIPAddressAllocationMethod": { + "type": "string", + "defaultValue": "Dynamic" + }, + "nowUtc": { + "type": "string", + "defaultValue": "[utcNow()]" + } + }, + "functions": [], + "resources": [ + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", + "name": "[format('deploy-remoteAccess-Example-{0}', parameters('nowUtc'))]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "location": { + "value": "[parameters('location')]" + }, + "hubVirtualNetworkName": { + "value": "[parameters('hubVirtualNetworkName')]" + }, + "hubSubnetResourceId": { + "value": "[parameters('hubSubnetResourceId')]" + }, + "hubNetworkSecurityGroupResourceId": { + "value": "[parameters('hubNetworkSecurityGroupResourceId')]" + }, + "bastionHostName": { + "value": "[parameters('bastionHostName')]" + }, + "bastionHostSubnetAddressPrefix": { + "value": "[parameters('bastionHostSubnetAddressPrefix')]" + }, + "bastionHostPublicIPAddressName": { + "value": "[parameters('bastionHostPublicIPAddressName')]" + }, + "bastionHostPublicIPAddressSkuName": { + "value": "[parameters('bastionHostPublicIPAddressSkuName')]" + }, + "bastionHostPublicIPAddressAllocationMethod": { + "value": "[parameters('bastionHostPublicIPAddressAllocationMethod')]" + }, + "bastionHostPublicIPAddressAvailabilityZones": { + "value": "[parameters('bastionHostPublicIPAddressAvailabilityZones')]" + }, + "bastionHostIPConfigurationName": { + "value": "[parameters('bastionHostIPConfigurationName')]" + }, + "linuxNetworkInterfaceIpConfigurationName": { + "value": "[parameters('linuxVmNetworkInterfaceIpConfigurationName')]" + }, + "linuxNetworkInterfacePrivateIPAddressAllocationMethod": { + "value": "[parameters('linuxVmNetworkInterfacePrivateIPAddressAllocationMethod')]" + }, + "linuxVmName": { + "value": "[parameters('linuxVmName')]" + }, + "linuxVmSize": { + "value": "[parameters('linuxVmSize')]" + }, + "linuxVmOsDiskCreateOption": { + "value": "[parameters('linuxVmOsDiskCreateOption')]" + }, + "linuxVmOsDiskType": { + "value": "[parameters('linuxVmOsDiskType')]" + }, + "linuxVmImagePublisher": { + "value": "[parameters('linuxVmImagePublisher')]" + }, + "linuxVmImageOffer": { + "value": "[parameters('linuxVmImageOffer')]" + }, + "linuxVmImageSku": { + "value": "[parameters('linuxVmImageSku')]" + }, + "linuxVmImageVersion": { + "value": "[parameters('linuxVmImageVersion')]" + }, + "linuxVmAdminUsername": { + "value": "[parameters('linuxVmAdminUsername')]" + }, + "linuxVmAuthenticationType": { + "value": "[parameters('linuxVmAuthenticationType')]" + }, + "linuxVmAdminPasswordOrKey": { + "value": "[parameters('linuxVmAdminPasswordOrKey')]" + }, + "linuxVmNetworkInterfaceName": { + "value": "[parameters('linuxVmNetworkInterfaceName')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.4.613.9944", + "templateHash": "1598061819862701326" + } + }, + "parameters": { + "location": { + "type": "string" + }, + "tags": { + "type": "object", + "defaultValue": {} + }, + "hubVirtualNetworkName": { + "type": "string" + }, + "hubSubnetResourceId": { + "type": "string" + }, + "hubNetworkSecurityGroupResourceId": { + "type": "string" + }, + "bastionHostName": { + "type": "string" + }, + "bastionHostSubnetAddressPrefix": { + "type": "string" + }, + "bastionHostPublicIPAddressName": { + "type": "string" + }, + "bastionHostPublicIPAddressSkuName": { + "type": "string" + }, + "bastionHostPublicIPAddressAllocationMethod": { + "type": "string" + }, + "bastionHostPublicIPAddressAvailabilityZones": { + "type": "array" + }, + "bastionHostIPConfigurationName": { + "type": "string" + }, + "linuxVmName": { + "type": "string" + }, + "linuxVmSize": { + "type": "string" + }, + "linuxVmOsDiskCreateOption": { + "type": "string" + }, + "linuxVmOsDiskType": { + "type": "string" + }, + "linuxVmImagePublisher": { + "type": "string" + }, + "linuxVmImageOffer": { + "type": "string" + }, + "linuxVmImageSku": { + "type": "string" + }, + "linuxVmImageVersion": { + "type": "string" + }, + "linuxVmAdminUsername": { + "type": "string" + }, + "linuxVmAuthenticationType": { + "type": "string", + "allowedValues": [ + "sshPublicKey", + "password" + ] + }, + "linuxVmAdminPasswordOrKey": { + "type": "secureString" + }, + "linuxVmNetworkInterfaceName": { + "type": "string" + }, + "linuxNetworkInterfaceIpConfigurationName": { + "type": "string" + }, + "linuxNetworkInterfacePrivateIPAddressAllocationMethod": { + "type": "string" + } + }, + "functions": [], + "resources": [ + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", + "name": "remoteAccess-bastionHost", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "name": { + "value": "[parameters('bastionHostName')]" + }, + "location": { + "value": "[parameters('location')]" + }, + "tags": { + "value": "[parameters('tags')]" + }, + "virtualNetworkName": { + "value": "[parameters('hubVirtualNetworkName')]" + }, + "subnetAddressPrefix": { + "value": "[parameters('bastionHostSubnetAddressPrefix')]" + }, + "publicIPAddressName": { + "value": "[parameters('bastionHostPublicIPAddressName')]" + }, + "publicIPAddressSkuName": { + "value": "[parameters('bastionHostPublicIPAddressSkuName')]" + }, + "publicIPAddressAllocationMethod": { + "value": "[parameters('bastionHostPublicIPAddressAllocationMethod')]" + }, + "publicIPAddressAvailabilityZones": { + "value": "[parameters('bastionHostPublicIPAddressAvailabilityZones')]" + }, + "ipConfigurationName": { + "value": "[parameters('bastionHostIPConfigurationName')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.4.613.9944", + "templateHash": "10497818437168204965" + } + }, + "parameters": { + "name": { + "type": "string" + }, + "location": { + "type": "string" + }, + "tags": { + "type": "object", + "defaultValue": {} + }, + "virtualNetworkName": { + "type": "string" + }, + "subnetAddressPrefix": { + "type": "string" + }, + "publicIPAddressName": { + "type": "string" + }, + "publicIPAddressSkuName": { + "type": "string" + }, + "publicIPAddressAllocationMethod": { + "type": "string" + }, + "publicIPAddressAvailabilityZones": { + "type": "array" + }, + "ipConfigurationName": { + "type": "string" + } + }, + "functions": [], + "variables": { + "subnetName": "AzureBastionSubnet" + }, + "resources": [ + { + "type": "Microsoft.Network/publicIPAddresses", + "apiVersion": "2021-02-01", + "name": "[parameters('publicIPAddressName')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "sku": { + "name": "[parameters('publicIPAddressSkuName')]" + }, + "properties": { + "publicIPAllocationMethod": "[parameters('publicIPAddressAllocationMethod')]" + }, + "zones": "[parameters('publicIPAddressAvailabilityZones')]" + }, + { + "type": "Microsoft.Network/virtualNetworks/subnets", + "apiVersion": "2021-02-01", + "name": "[format('{0}/{1}', parameters('virtualNetworkName'), variables('subnetName'))]", + "properties": { + "addressPrefix": "[parameters('subnetAddressPrefix')]" + } + }, + { + "type": "Microsoft.Network/bastionHosts", + "apiVersion": "2021-02-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "properties": { + "ipConfigurations": [ + { + "name": "[parameters('ipConfigurationName')]", + "properties": { + "subnet": { + "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', split(format('{0}/{1}', parameters('virtualNetworkName'), variables('subnetName')), '/')[0], split(format('{0}/{1}', parameters('virtualNetworkName'), variables('subnetName')), '/')[1])]" + }, + "publicIPAddress": { + "id": "[resourceId('Microsoft.Network/publicIPAddresses', parameters('publicIPAddressName'))]" + } + } + } + ] + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/publicIPAddresses', parameters('publicIPAddressName'))]", + "[resourceId('Microsoft.Network/virtualNetworks/subnets', split(format('{0}/{1}', parameters('virtualNetworkName'), variables('subnetName')), '/')[0], split(format('{0}/{1}', parameters('virtualNetworkName'), variables('subnetName')), '/')[1])]" + ] + } + ] + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", + "name": "remoteAccess-linuxNetworkInterface", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "name": { + "value": "[parameters('linuxVmNetworkInterfaceName')]" + }, + "location": { + "value": "[parameters('location')]" + }, + "tags": { + "value": "[parameters('tags')]" + }, + "ipConfigurationName": { + "value": "[parameters('linuxNetworkInterfaceIpConfigurationName')]" + }, + "networkSecurityGroupId": { + "value": "[parameters('hubNetworkSecurityGroupResourceId')]" + }, + "privateIPAddressAllocationMethod": { + "value": "[parameters('linuxNetworkInterfacePrivateIPAddressAllocationMethod')]" + }, + "subnetId": { + "value": "[parameters('hubSubnetResourceId')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.4.613.9944", + "templateHash": "14459425343428091407" + } + }, + "parameters": { + "name": { + "type": "string" + }, + "location": { + "type": "string" + }, + "tags": { + "type": "object", + "defaultValue": {} + }, + "ipConfigurationName": { + "type": "string" + }, + "subnetId": { + "type": "string" + }, + "networkSecurityGroupId": { + "type": "string" + }, + "privateIPAddressAllocationMethod": { + "type": "string" + } + }, + "functions": [], + "resources": [ + { + "type": "Microsoft.Network/networkInterfaces", + "apiVersion": "2021-02-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "properties": { + "ipConfigurations": [ + { + "name": "[parameters('ipConfigurationName')]", + "properties": { + "subnet": { + "id": "[parameters('subnetId')]" + }, + "privateIPAllocationMethod": "[parameters('privateIPAddressAllocationMethod')]" + } + } + ], + "networkSecurityGroup": { + "id": "[parameters('networkSecurityGroupId')]" + } + } + } + ], + "outputs": { + "id": { + "type": "string", + "value": "[resourceId('Microsoft.Network/networkInterfaces', parameters('name'))]" + }, + "name": { + "type": "string", + "value": "[parameters('name')]" + } + } + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", + "name": "remoteAccess-linuxVirtualMachine", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "name": { + "value": "[parameters('linuxVmName')]" + }, + "location": { + "value": "[parameters('location')]" + }, + "tags": { + "value": "[parameters('tags')]" + }, + "vmSize": { + "value": "[parameters('linuxVmSize')]" + }, + "osDiskCreateOption": { + "value": "[parameters('linuxVmOsDiskCreateOption')]" + }, + "osDiskType": { + "value": "[parameters('linuxVmOsDiskType')]" + }, + "vmImagePublisher": { + "value": "[parameters('linuxVmImagePublisher')]" + }, + "vmImageOffer": { + "value": "[parameters('linuxVmImageOffer')]" + }, + "vmImageSku": { + "value": "[parameters('linuxVmImageSku')]" + }, + "vmImageVersion": { + "value": "[parameters('linuxVmImageVersion')]" + }, + "adminUsername": { + "value": "[parameters('linuxVmAdminUsername')]" + }, + "authenticationType": { + "value": "[parameters('linuxVmAuthenticationType')]" + }, + "adminPasswordOrKey": { + "value": "[parameters('linuxVmAdminPasswordOrKey')]" + }, + "networkInterfaceName": { + "value": "[reference(resourceId('Microsoft.Resources/deployments', 'remoteAccess-linuxNetworkInterface'), '2019-10-01').outputs.name.value]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.4.613.9944", + "templateHash": "3696027585532491981" + } + }, + "parameters": { + "name": { + "type": "string" + }, + "location": { + "type": "string" + }, + "tags": { + "type": "object", + "defaultValue": {} + }, + "networkInterfaceName": { + "type": "string" + }, + "vmSize": { + "type": "string" + }, + "osDiskCreateOption": { + "type": "string" + }, + "osDiskType": { + "type": "string" + }, + "vmImagePublisher": { + "type": "string" + }, + "vmImageOffer": { + "type": "string" + }, + "vmImageSku": { + "type": "string" + }, + "vmImageVersion": { + "type": "string" + }, + "adminUsername": { + "type": "string" + }, + "authenticationType": { + "type": "string", + "allowedValues": [ + "sshPublicKey", + "password" + ] + }, + "adminPasswordOrKey": { + "type": "secureString" + } + }, + "functions": [], + "variables": { + "linuxConfiguration": { + "disablePasswordAuthentication": true, + "ssh": { + "publicKeys": [ + { + "path": "[format('/home/{0}/.ssh/authorized_keys', parameters('adminUsername'))]", + "keyData": "[parameters('adminPasswordOrKey')]" + } + ] + } + } + }, + "resources": [ + { + "type": "Microsoft.Network/networkInterfaces", + "apiVersion": "2021-02-01", + "name": "[parameters('networkInterfaceName')]" + }, + { + "type": "Microsoft.Compute/virtualMachines", + "apiVersion": "2020-06-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "properties": { + "hardwareProfile": { + "vmSize": "[parameters('vmSize')]" + }, + "storageProfile": { + "osDisk": { + "createOption": "[parameters('osDiskCreateOption')]", + "managedDisk": { + "storageAccountType": "[parameters('osDiskType')]" + } + }, + "imageReference": { + "publisher": "[parameters('vmImagePublisher')]", + "offer": "[parameters('vmImageOffer')]", + "sku": "[parameters('vmImageSku')]", + "version": "[parameters('vmImageVersion')]" + } + }, + "networkProfile": { + "networkInterfaces": [ + { + "id": "[resourceId('Microsoft.Network/networkInterfaces', parameters('networkInterfaceName'))]" + } + ] + }, + "osProfile": { + "computerName": "[parameters('name')]", + "adminUsername": "[parameters('adminUsername')]", + "adminPassword": "[parameters('adminPasswordOrKey')]", + "linuxConfiguration": "[if(equals(parameters('authenticationType'), 'password'), null(), variables('linuxConfiguration'))]" + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/networkInterfaces', parameters('networkInterfaceName'))]" + ] + } + ], + "outputs": { + "adminUsername": { + "type": "string", + "value": "[parameters('adminUsername')]" + }, + "authenticationType": { + "type": "string", + "value": "[parameters('authenticationType')]" + } + } + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Resources/deployments', 'remoteAccess-linuxNetworkInterface')]" + ] + } + ] + } + } + } + ] +} \ No newline at end of file diff --git a/src/bicep/examples/remoteAccess/remoteAccess.bicep b/src/bicep/examples/remoteAccess/remoteAccess.bicep deleted file mode 100644 index e0186818a..000000000 --- a/src/bicep/examples/remoteAccess/remoteAccess.bicep +++ /dev/null @@ -1,91 +0,0 @@ -param location string = resourceGroup().location -param tags object = { - 'resourceIdentifier': resourceIdentifier -} - -param hubVirtualNetworkName string -param hubSubnetResourceId string -param hubNetworkSecurityGroupResourceId string - -param bastionHostName string = 'bastionHost' -param bastionHostSubnetAddressPrefix string = '10.0.100.160/27' -param bastionHostPublicIPAddressName string = 'bastionHostPublicIPAddress' -param bastionHostPublicIPAddressSkuName string = 'Standard' -param bastionHostPublicIPAddressAllocationMethod string = 'Static' -param bastionHostPublicIPAddressAvailabilityZones array = [] -param bastionHostIPConfigurationName string = 'bastionHostIPConfiguration' - -param linuxVmName string = 'linuxVirtualMachine' -param linuxVmSize string = 'Standard_B2s' -param linuxVmOsDiskCreateOption string = 'FromImage' -param linuxVmOsDiskType string = 'Standard_LRS' -param linuxVmImagePublisher string = 'Canonical' -param linuxVmImageOffer string = 'UbuntuServer' -param linuxVmImageSku string = '18.04-LTS' -param linuxVmImageVersion string = 'latest' -param linuxVmAdminUsername string = 'azureuser' - -@allowed([ - 'sshPublicKey' - 'password' -]) -param linuxVmAuthenticationType string = 'password' -@secure() -param linuxVmAdminPasswordOrKey string - -param linuxVmNetworkInterfaceName string = 'linuxVmNetworkInterface' -param linuxVmNetworkInterfaceIpConfigurationName string = 'linuxVmIpConfiguration' -param linuxVmNetworkInterfacePrivateIPAddressAllocationMethod string = 'Dynamic' - -param resourceIdentifier string = '${bastionHostName}${uniqueString(bastionHostName)}' - -resource hubVirtualNetwork 'Microsoft.Network/virtualNetworks@2021-02-01' existing = { - name: hubVirtualNetworkName -} - -module bastionHost './modules/bastionHost.bicep' = { - name: 'bastionHost' - - params: { - name: bastionHostName - location: location - tags: tags - - virtualNetworkName: hubVirtualNetwork.name - subnetAddressPrefix: bastionHostSubnetAddressPrefix - publicIPAddressName: bastionHostPublicIPAddressName - publicIPAddressSkuName: bastionHostPublicIPAddressSkuName - publicIPAddressAllocationMethod: bastionHostPublicIPAddressAllocationMethod - publicIPAddressAvailabilityZones: bastionHostPublicIPAddressAvailabilityZones - ipConfigurationName: bastionHostIPConfigurationName - } -} - -module linuxVirtualMachine './modules/linuxVirtualMachine.bicep' = { - name: 'linuxVirtualMachine' - params: { - name: linuxVmName - location: location - tags: tags - - vmSize: linuxVmSize - - osDiskCreateOption: linuxVmOsDiskCreateOption - osDiskType: linuxVmOsDiskType - - vmImagePublisher: linuxVmImagePublisher - vmImageOffer: linuxVmImageOffer - vmImageSku: linuxVmImageSku - vmImageVersion: linuxVmImageVersion - - adminUsername: linuxVmAdminUsername - authenticationType: linuxVmAuthenticationType - adminPasswordOrKey: linuxVmAdminPasswordOrKey - - networkInterfaceName: linuxVmNetworkInterfaceName - networkInterfaceIpConfigurationName: linuxVmNetworkInterfaceIpConfigurationName - networkInterfaceSubnetId: hubSubnetResourceId - networkInterfaceNetworkSecurityGroupId: hubNetworkSecurityGroupResourceId - networkInterfacePrivateIPAddressAllocationMethod: linuxVmNetworkInterfacePrivateIPAddressAllocationMethod - } -} diff --git a/src/bicep/examples/remoteAccess/remoteAccess.json b/src/bicep/examples/remoteAccess/remoteAccess.json deleted file mode 100644 index 8b44cf39c..000000000 --- a/src/bicep/examples/remoteAccess/remoteAccess.json +++ /dev/null @@ -1,575 +0,0 @@ -{ - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.4.451.19169", - "templateHash": "13795809089032296927" - } - }, - "parameters": { - "location": { - "type": "string", - "defaultValue": "[resourceGroup().location]" - }, - "tags": { - "type": "object", - "defaultValue": { - "resourceIdentifier": "[parameters('resourceIdentifier')]" - } - }, - "hubVirtualNetworkName": { - "type": "string" - }, - "hubSubnetResourceId": { - "type": "string" - }, - "hubNetworkSecurityGroupResourceId": { - "type": "string" - }, - "bastionHostName": { - "type": "string", - "defaultValue": "bastionHost" - }, - "bastionHostSubnetAddressPrefix": { - "type": "string", - "defaultValue": "10.0.100.160/27" - }, - "bastionHostPublicIPAddressName": { - "type": "string", - "defaultValue": "bastionHostPublicIPAddress" - }, - "bastionHostPublicIPAddressSkuName": { - "type": "string", - "defaultValue": "Standard" - }, - "bastionHostPublicIPAddressAllocationMethod": { - "type": "string", - "defaultValue": "Static" - }, - "bastionHostPublicIPAddressAvailabilityZones": { - "type": "array", - "defaultValue": [] - }, - "bastionHostIPConfigurationName": { - "type": "string", - "defaultValue": "bastionHostIPConfiguration" - }, - "linuxVmName": { - "type": "string", - "defaultValue": "linuxVirtualMachine" - }, - "linuxVmSize": { - "type": "string", - "defaultValue": "Standard_B2s" - }, - "linuxVmOsDiskCreateOption": { - "type": "string", - "defaultValue": "FromImage" - }, - "linuxVmOsDiskType": { - "type": "string", - "defaultValue": "Standard_LRS" - }, - "linuxVmImagePublisher": { - "type": "string", - "defaultValue": "Canonical" - }, - "linuxVmImageOffer": { - "type": "string", - "defaultValue": "UbuntuServer" - }, - "linuxVmImageSku": { - "type": "string", - "defaultValue": "18.04-LTS" - }, - "linuxVmImageVersion": { - "type": "string", - "defaultValue": "latest" - }, - "linuxVmAdminUsername": { - "type": "string", - "defaultValue": "azureuser" - }, - "linuxVmAuthenticationType": { - "type": "string", - "defaultValue": "password", - "allowedValues": [ - "sshPublicKey", - "password" - ] - }, - "linuxVmAdminPasswordOrKey": { - "type": "secureString" - }, - "linuxVmNetworkInterfaceName": { - "type": "string", - "defaultValue": "linuxVmNetworkInterface" - }, - "linuxVmNetworkInterfaceIpConfigurationName": { - "type": "string", - "defaultValue": "linuxVmIpConfiguration" - }, - "linuxVmNetworkInterfacePrivateIPAddressAllocationMethod": { - "type": "string", - "defaultValue": "Dynamic" - }, - "resourceIdentifier": { - "type": "string", - "defaultValue": "[format('{0}{1}', parameters('bastionHostName'), uniqueString(parameters('bastionHostName')))]" - } - }, - "functions": [], - "resources": [ - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2019-10-01", - "name": "bastionHost", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "name": { - "value": "[parameters('bastionHostName')]" - }, - "location": { - "value": "[parameters('location')]" - }, - "tags": { - "value": "[parameters('tags')]" - }, - "virtualNetworkName": { - "value": "[parameters('hubVirtualNetworkName')]" - }, - "subnetAddressPrefix": { - "value": "[parameters('bastionHostSubnetAddressPrefix')]" - }, - "publicIPAddressName": { - "value": "[parameters('bastionHostPublicIPAddressName')]" - }, - "publicIPAddressSkuName": { - "value": "[parameters('bastionHostPublicIPAddressSkuName')]" - }, - "publicIPAddressAllocationMethod": { - "value": "[parameters('bastionHostPublicIPAddressAllocationMethod')]" - }, - "publicIPAddressAvailabilityZones": { - "value": "[parameters('bastionHostPublicIPAddressAvailabilityZones')]" - }, - "ipConfigurationName": { - "value": "[parameters('bastionHostIPConfigurationName')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.4.451.19169", - "templateHash": "12529932093057780596" - } - }, - "parameters": { - "name": { - "type": "string" - }, - "location": { - "type": "string" - }, - "tags": { - "type": "object", - "defaultValue": {} - }, - "virtualNetworkName": { - "type": "string" - }, - "subnetAddressPrefix": { - "type": "string" - }, - "publicIPAddressName": { - "type": "string" - }, - "publicIPAddressSkuName": { - "type": "string" - }, - "publicIPAddressAllocationMethod": { - "type": "string" - }, - "publicIPAddressAvailabilityZones": { - "type": "array" - }, - "ipConfigurationName": { - "type": "string" - } - }, - "functions": [], - "variables": { - "subnetName": "AzureBastionSubnet" - }, - "resources": [ - { - "type": "Microsoft.Network/publicIPAddresses", - "apiVersion": "2021-02-01", - "name": "[parameters('publicIPAddressName')]", - "location": "[parameters('location')]", - "tags": "[parameters('tags')]", - "sku": { - "name": "[parameters('publicIPAddressSkuName')]" - }, - "properties": { - "publicIPAllocationMethod": "[parameters('publicIPAddressAllocationMethod')]" - }, - "zones": "[parameters('publicIPAddressAvailabilityZones')]" - }, - { - "type": "Microsoft.Network/virtualNetworks/subnets", - "apiVersion": "2021-02-01", - "name": "[format('{0}/{1}', parameters('virtualNetworkName'), variables('subnetName'))]", - "properties": { - "addressPrefix": "[parameters('subnetAddressPrefix')]" - } - }, - { - "type": "Microsoft.Network/bastionHosts", - "apiVersion": "2021-02-01", - "name": "[parameters('name')]", - "location": "[parameters('location')]", - "tags": "[parameters('tags')]", - "properties": { - "ipConfigurations": [ - { - "name": "[parameters('ipConfigurationName')]", - "properties": { - "subnet": { - "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', split(format('{0}/{1}', parameters('virtualNetworkName'), variables('subnetName')), '/')[0], split(format('{0}/{1}', parameters('virtualNetworkName'), variables('subnetName')), '/')[1])]" - }, - "publicIPAddress": { - "id": "[resourceId('Microsoft.Network/publicIPAddresses', parameters('publicIPAddressName'))]" - } - } - } - ] - }, - "dependsOn": [ - "[resourceId('Microsoft.Network/publicIPAddresses', parameters('publicIPAddressName'))]", - "[resourceId('Microsoft.Network/virtualNetworks/subnets', split(format('{0}/{1}', parameters('virtualNetworkName'), variables('subnetName')), '/')[0], split(format('{0}/{1}', parameters('virtualNetworkName'), variables('subnetName')), '/')[1])]" - ] - } - ] - } - } - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2019-10-01", - "name": "linuxVirtualMachine", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "name": { - "value": "[parameters('linuxVmName')]" - }, - "location": { - "value": "[parameters('location')]" - }, - "tags": { - "value": "[parameters('tags')]" - }, - "vmSize": { - "value": "[parameters('linuxVmSize')]" - }, - "osDiskCreateOption": { - "value": "[parameters('linuxVmOsDiskCreateOption')]" - }, - "osDiskType": { - "value": "[parameters('linuxVmOsDiskType')]" - }, - "vmImagePublisher": { - "value": "[parameters('linuxVmImagePublisher')]" - }, - "vmImageOffer": { - "value": "[parameters('linuxVmImageOffer')]" - }, - "vmImageSku": { - "value": "[parameters('linuxVmImageSku')]" - }, - "vmImageVersion": { - "value": "[parameters('linuxVmImageVersion')]" - }, - "adminUsername": { - "value": "[parameters('linuxVmAdminUsername')]" - }, - "authenticationType": { - "value": "[parameters('linuxVmAuthenticationType')]" - }, - "adminPasswordOrKey": { - "value": "[parameters('linuxVmAdminPasswordOrKey')]" - }, - "networkInterfaceName": { - "value": "[parameters('linuxVmNetworkInterfaceName')]" - }, - "networkInterfaceIpConfigurationName": { - "value": "[parameters('linuxVmNetworkInterfaceIpConfigurationName')]" - }, - "networkInterfaceSubnetId": { - "value": "[parameters('hubSubnetResourceId')]" - }, - "networkInterfaceNetworkSecurityGroupId": { - "value": "[parameters('hubNetworkSecurityGroupResourceId')]" - }, - "networkInterfacePrivateIPAddressAllocationMethod": { - "value": "[parameters('linuxVmNetworkInterfacePrivateIPAddressAllocationMethod')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.4.451.19169", - "templateHash": "433687360083107227" - } - }, - "parameters": { - "name": { - "type": "string" - }, - "location": { - "type": "string" - }, - "tags": { - "type": "object", - "defaultValue": {} - }, - "vmSize": { - "type": "string" - }, - "osDiskCreateOption": { - "type": "string" - }, - "osDiskType": { - "type": "string" - }, - "vmImagePublisher": { - "type": "string" - }, - "vmImageOffer": { - "type": "string" - }, - "vmImageSku": { - "type": "string" - }, - "vmImageVersion": { - "type": "string" - }, - "adminUsername": { - "type": "string" - }, - "authenticationType": { - "type": "string", - "defaultValue": "password", - "allowedValues": [ - "sshPublicKey", - "password" - ] - }, - "adminPasswordOrKey": { - "type": "secureString" - }, - "networkInterfaceName": { - "type": "string" - }, - "networkInterfaceIpConfigurationName": { - "type": "string" - }, - "networkInterfaceSubnetId": { - "type": "string" - }, - "networkInterfaceNetworkSecurityGroupId": { - "type": "string" - }, - "networkInterfacePrivateIPAddressAllocationMethod": { - "type": "string" - } - }, - "functions": [], - "variables": { - "linuxConfiguration": { - "disablePasswordAuthentication": true, - "ssh": { - "publicKeys": [ - { - "path": "[format('/home/{0}/.ssh/authorized_keys', parameters('adminUsername'))]", - "keyData": "[parameters('adminPasswordOrKey')]" - } - ] - } - } - }, - "resources": [ - { - "type": "Microsoft.Compute/virtualMachines", - "apiVersion": "2020-06-01", - "name": "[parameters('name')]", - "location": "[parameters('location')]", - "properties": { - "hardwareProfile": { - "vmSize": "[parameters('vmSize')]" - }, - "storageProfile": { - "osDisk": { - "createOption": "[parameters('osDiskCreateOption')]", - "managedDisk": { - "storageAccountType": "[parameters('osDiskType')]" - } - }, - "imageReference": { - "publisher": "[parameters('vmImagePublisher')]", - "offer": "[parameters('vmImageOffer')]", - "sku": "[parameters('vmImageSku')]", - "version": "[parameters('vmImageVersion')]" - } - }, - "networkProfile": { - "networkInterfaces": [ - { - "id": "[reference(resourceId('Microsoft.Resources/deployments', 'networkInterface'), '2019-10-01').outputs.id.value]" - } - ] - }, - "osProfile": { - "computerName": "[parameters('name')]", - "adminUsername": "[parameters('adminUsername')]", - "adminPassword": "[parameters('adminPasswordOrKey')]", - "linuxConfiguration": "[if(equals(parameters('authenticationType'), 'password'), null(), variables('linuxConfiguration'))]" - } - }, - "dependsOn": [ - "[resourceId('Microsoft.Resources/deployments', 'networkInterface')]" - ] - }, - { - "type": "Microsoft.Resources/deployments", - "apiVersion": "2019-10-01", - "name": "networkInterface", - "properties": { - "expressionEvaluationOptions": { - "scope": "inner" - }, - "mode": "Incremental", - "parameters": { - "name": { - "value": "[parameters('networkInterfaceName')]" - }, - "location": { - "value": "[parameters('location')]" - }, - "tags": { - "value": "[parameters('tags')]" - }, - "ipConfigurationName": { - "value": "[parameters('networkInterfaceIpConfigurationName')]" - }, - "subnetId": { - "value": "[parameters('networkInterfaceSubnetId')]" - }, - "networkSecurityGroupId": { - "value": "[parameters('networkInterfaceNetworkSecurityGroupId')]" - }, - "privateIPAddressAllocationMethod": { - "value": "[parameters('networkInterfacePrivateIPAddressAllocationMethod')]" - } - }, - "template": { - "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", - "contentVersion": "1.0.0.0", - "metadata": { - "_generator": { - "name": "bicep", - "version": "0.4.451.19169", - "templateHash": "12719800688140511850" - } - }, - "parameters": { - "name": { - "type": "string" - }, - "location": { - "type": "string" - }, - "tags": { - "type": "object", - "defaultValue": {} - }, - "ipConfigurationName": { - "type": "string" - }, - "subnetId": { - "type": "string" - }, - "networkSecurityGroupId": { - "type": "string" - }, - "privateIPAddressAllocationMethod": { - "type": "string" - } - }, - "functions": [], - "resources": [ - { - "type": "Microsoft.Network/networkInterfaces", - "apiVersion": "2021-02-01", - "name": "[parameters('name')]", - "location": "[parameters('location')]", - "tags": "[parameters('tags')]", - "properties": { - "ipConfigurations": [ - { - "name": "[parameters('ipConfigurationName')]", - "properties": { - "subnet": { - "id": "[parameters('subnetId')]" - }, - "privateIPAllocationMethod": "[parameters('privateIPAddressAllocationMethod')]" - } - } - ], - "networkSecurityGroup": { - "id": "[parameters('networkSecurityGroupId')]" - } - } - } - ], - "outputs": { - "id": { - "type": "string", - "value": "[resourceId('Microsoft.Network/networkInterfaces', parameters('name'))]" - } - } - } - } - } - ], - "outputs": { - "adminUsername": { - "type": "string", - "value": "[parameters('adminUsername')]" - }, - "authenticationType": { - "type": "string", - "value": "[parameters('authenticationType')]" - } - } - } - } - } - ] -} \ No newline at end of file diff --git a/src/bicep/mlz.bicep b/src/bicep/mlz.bicep index 2fddb9c7a..703147fdc 100644 --- a/src/bicep/mlz.bicep +++ b/src/bicep/mlz.bicep @@ -197,7 +197,7 @@ module sharedServices './modules/spokeNetwork.bicep' = { } } -// peering +//// peering module hubVirtualNetworkPeerings './modules/hubNetworkPeerings.bicep' = { name: 'deploy-hub-peerings-${nowUtc}' @@ -252,7 +252,129 @@ module sharedServicesVirtualNetworkPeering './modules/spokeNetworkPeering.bicep' } } +//// policy + +module hubPolicyAssignment './modules/policyAssignment.bicep' = { + name: 'assign-policy-${hubResourceGroupName}' + scope: resourceGroup(hubSubscriptionId, hubResourceGroupName) + params: { + builtInAssignment: policy + logAnalyticsWorkspaceName: logAnalyticsWorkspace.outputs.name + logAnalyticsWorkspaceResourceGroupName: operationsResourceGroup.outputs.name + operationsSubscriptionId: operationsSubscriptionId + } +} + +module operationsPolicyAssignment './modules/policyAssignment.bicep' = { + name: 'assign-policy-${operationsResourceGroupName}' + scope: resourceGroup(operationsSubscriptionId, operationsResourceGroupName) + params: { + builtInAssignment: policy + logAnalyticsWorkspaceName: logAnalyticsWorkspace.outputs.name + logAnalyticsWorkspaceResourceGroupName: operationsResourceGroup.outputs.name + operationsSubscriptionId: operationsSubscriptionId + } +} + +module sharedServicesPolicyAssignment './modules/policyAssignment.bicep' = { + name: 'assign-policy-${sharedServicesResourceGroupName}' + scope: resourceGroup(sharedServicesSubscriptionId, sharedServicesResourceGroupName) + params: { + builtInAssignment: policy + logAnalyticsWorkspaceName: logAnalyticsWorkspace.outputs.name + logAnalyticsWorkspaceResourceGroupName: operationsResourceGroup.outputs.name + operationsSubscriptionId: operationsSubscriptionId + } +} + +module identityPolicyAssignment './modules/policyAssignment.bicep' = { + name: 'assign-policy-${identityResourceGroupName}' + scope: resourceGroup(identitySubscriptionId, identityResourceGroupName) + params: { + builtInAssignment: policy + logAnalyticsWorkspaceName: logAnalyticsWorkspace.outputs.name + logAnalyticsWorkspaceResourceGroupName: operationsResourceGroup.outputs.name + operationsSubscriptionId: operationsSubscriptionId + } +} + +module hubSubscriptionCreateActivityLogging './modules/centralLogging.bicep' = { + name: 'deploy-hub-sub-activity-logging' + scope: subscription(hubSubscriptionId) + params: { + diagnosticSettingName: 'log-hub-sub-activity-to-${logAnalyticsWorkspace.outputs.name}' + logAnalyticsWorkspaceId: logAnalyticsWorkspace.outputs.id + } +} + +module operationsSubscriptionCreateActivityLogging './modules/centralLogging.bicep' = if(hubSubscriptionId != operationsSubscriptionId) { + name: 'deploy-operations-sub-activity-logging' + scope: subscription(operationsSubscriptionId) + params: { + diagnosticSettingName: 'log-operations-sub-activity-to-${logAnalyticsWorkspace.outputs.name}' + logAnalyticsWorkspaceId: logAnalyticsWorkspace.outputs.id + } +} + +module identitySubscriptionCreateActivityLogging './modules/centralLogging.bicep' = if(hubSubscriptionId != identitySubscriptionId) { + name: 'deploy-identity-sub-activity-logging' + scope: subscription(identitySubscriptionId) + params: { + diagnosticSettingName: 'log-identity-sub-activity-to-${logAnalyticsWorkspace.outputs.name}' + logAnalyticsWorkspaceId: logAnalyticsWorkspace.outputs.id + } +} + +module sharedServicesSubscriptionCreateActivityLogging './modules/centralLogging.bicep' = if(hubSubscriptionId != sharedServicesSubscriptionId) { + name: 'deploy-sharedServices-sub-activity-logging' + scope: subscription(sharedServicesSubscriptionId) + params: { + diagnosticSettingName: 'log-sharedServices-sub-activity-to-${logAnalyticsWorkspace.outputs.name}' + logAnalyticsWorkspaceId: logAnalyticsWorkspace.outputs.id + } +} + +//// remote access + +module remoteAccess './modules/remoteAccess.bicep' = if(deployRemoteAccess) { + name: 'deploy-remote-access-${nowUtc}' + scope: resourceGroup(hubSubscriptionId, hubResourceGroupName) + + params: { + location: hubLocation + + hubVirtualNetworkName: hub.outputs.virtualNetworkName + hubSubnetResourceId: hub.outputs.subnetResourceId + hubNetworkSecurityGroupResourceId: hub.outputs.networkSecurityGroupResourceId + + bastionHostName: bastionHostName + bastionHostSubnetAddressPrefix: bastionHostSubnetAddressPrefix + bastionHostPublicIPAddressName: bastionHostPublicIPAddressName + bastionHostPublicIPAddressSkuName: bastionHostPublicIPAddressSkuName + bastionHostPublicIPAddressAllocationMethod: bastionHostPublicIPAddressAllocationMethod + bastionHostPublicIPAddressAvailabilityZones: bastionHostPublicIPAddressAvailabilityZones + bastionHostIPConfigurationName: bastionHostIPConfigurationName + + linuxNetworkInterfaceIpConfigurationName: linuxNetworkInterfaceIpConfigurationName + linuxNetworkInterfacePrivateIPAddressAllocationMethod: linuxNetworkInterfacePrivateIPAddressAllocationMethod + + linuxVmName: linuxVmName + linuxVmSize: linuxVmSize + linuxVmOsDiskCreateOption: linuxVmOsDiskCreateOption + linuxVmOsDiskType: linuxVmOsDiskType + linuxVmImagePublisher: linuxVmImagePublisher + linuxVmImageOffer: linuxVmImageOffer + linuxVmImageSku: linuxVmImageSku + linuxVmImageVersion: linuxVmImageVersion + linuxVmAdminUsername: linuxVmAdminUsername + linuxVmAuthenticationType: linuxVmAuthenticationType + linuxVmAdminPasswordOrKey: linuxVmAdminPasswordOrKey + linuxVmNetworkInterfaceName: linuxVmNetworkInterfaceName + } +} + // parameters + @minLength(3) @maxLength(24) @description('A name (3-24 alphanumeric characters in length without whitespace) used to prefix resources and generate uniqueness for resources with globally unique naming requirements like Storage Accounts and Log Analytics Workspaces') @@ -312,7 +434,6 @@ param identityVirtualNetworkDiagnosticsLogs array = [] param identityVirtualNetworkDiagnosticsMetrics array = [] param identityNetworkSecurityGroupName string = replace(hubNetworkSecurityGroupName, 'hub', 'identity') param identityNetworkSecurityGroupRules array = [] - param identitySubnetServiceEndpoints array = [] param identityLogStorageAccountName string = toLower(take('idlogs${uniqueId}', 24)) param identityLogStorageSkuName string = hubLogStorageSkuName @@ -346,11 +467,50 @@ param sharedServicesLogStorageAccountName string = toLower(take('shrdSvclogs${un param sharedServicesLogStorageSkuName string = hubLogStorageSkuName param logAnalyticsWorkspaceName string = take('${resourcePrefix}-laws', 63) -param logAnalyticsWorkspaceLocation string = sharedServicesLocation +param logAnalyticsWorkspaceLocation string = operationsLocation param logAnalyticsWorkspaceCappingDailyQuotaGb int = -1 param logAnalyticsWorkspaceRetentionInDays int = 30 param logAnalyticsWorkspaceSkuName string = 'PerGB2018' +@allowed([ + 'NIST' + 'IL5' // Gov cloud only, trying to deploy IL5 in AzureCloud will switch to NIST + 'CMMC' + '' +]) +@description('Built-in policy assignments to assign, default is none. [NIST/IL5/CMMC] IL5 is only availalbe for GOV cloud and will switch to NIST if tried in AzureCloud.') +param policy string = '' + +@description('Provision Azure Bastion Host and jumpboxes in this deployment') +param deployRemoteAccess bool = false +param bastionHostName string = 'bastionHost' +param bastionHostSubnetAddressPrefix string = '10.0.100.160/27' +param bastionHostPublicIPAddressName string = 'bastionHostPublicIPAddress' +param bastionHostPublicIPAddressSkuName string = 'Standard' +param bastionHostPublicIPAddressAllocationMethod string = 'Static' +param bastionHostPublicIPAddressAvailabilityZones array = [] +param bastionHostIPConfigurationName string = 'bastionHostIPConfiguration' +param linuxVmName string = 'linuxVirtualMachine' +param linuxVmSize string = 'Standard_B2s' +param linuxVmOsDiskCreateOption string = 'FromImage' +param linuxVmOsDiskType string = 'Standard_LRS' +param linuxVmImagePublisher string = 'Canonical' +param linuxVmImageOffer string = 'UbuntuServer' +param linuxVmImageSku string = '18.04-LTS' +param linuxVmImageVersion string = 'latest' +param linuxVmAdminUsername string = 'azureuser' +@allowed([ + 'sshPublicKey' + 'password' +]) +param linuxVmAuthenticationType string = 'password' +@secure() +@minLength(14) +param linuxVmAdminPasswordOrKey string = deployRemoteAccess ? '' : newGuid() +param linuxVmNetworkInterfaceName string = 'linuxVmNetworkInterface' +param linuxNetworkInterfaceIpConfigurationName string = 'linuxVmIpConfiguration' +param linuxNetworkInterfacePrivateIPAddressAllocationMethod string = 'Dynamic' + param tags object = { 'resourcePrefix': resourcePrefix } @@ -359,6 +519,7 @@ param uniqueId string = uniqueString(deployment().name) param nowUtc string = utcNow() // outputs + output hubSubscriptionId string = hubSubscriptionId output hubResourceGroupName string = hubResourceGroup.outputs.name output hubResourceGroupResourceId string = hubResourceGroup.outputs.id diff --git a/src/bicep/mlz.json b/src/bicep/mlz.json index 5f6e9a2b3..c29eb9668 100644 --- a/src/bicep/mlz.json +++ b/src/bicep/mlz.json @@ -4,8 +4,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.451.19169", - "templateHash": "577182744064832528" + "version": "0.4.613.9944", + "templateHash": "3895776258968515169" } }, "parameters": { @@ -324,7 +324,7 @@ }, "logAnalyticsWorkspaceLocation": { "type": "string", - "defaultValue": "[parameters('sharedServicesLocation')]" + "defaultValue": "[parameters('operationsLocation')]" }, "logAnalyticsWorkspaceCappingDailyQuotaGb": { "type": "int", @@ -338,6 +338,115 @@ "type": "string", "defaultValue": "PerGB2018" }, + "policy": { + "type": "string", + "defaultValue": "", + "metadata": { + "description": "Built-in policy assignments to assign, default is none. [NIST/IL5/CMMC] IL5 is only availalbe for GOV cloud and will switch to NIST if tried in AzureCloud." + }, + "allowedValues": [ + "NIST", + "IL5", + "CMMC", + "" + ] + }, + "deployRemoteAccess": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Provision Azure Bastion Host and jumpboxes in this deployment" + } + }, + "bastionHostName": { + "type": "string", + "defaultValue": "bastionHost" + }, + "bastionHostSubnetAddressPrefix": { + "type": "string", + "defaultValue": "10.0.100.160/27" + }, + "bastionHostPublicIPAddressName": { + "type": "string", + "defaultValue": "bastionHostPublicIPAddress" + }, + "bastionHostPublicIPAddressSkuName": { + "type": "string", + "defaultValue": "Standard" + }, + "bastionHostPublicIPAddressAllocationMethod": { + "type": "string", + "defaultValue": "Static" + }, + "bastionHostPublicIPAddressAvailabilityZones": { + "type": "array", + "defaultValue": [] + }, + "bastionHostIPConfigurationName": { + "type": "string", + "defaultValue": "bastionHostIPConfiguration" + }, + "linuxVmName": { + "type": "string", + "defaultValue": "linuxVirtualMachine" + }, + "linuxVmSize": { + "type": "string", + "defaultValue": "Standard_B2s" + }, + "linuxVmOsDiskCreateOption": { + "type": "string", + "defaultValue": "FromImage" + }, + "linuxVmOsDiskType": { + "type": "string", + "defaultValue": "Standard_LRS" + }, + "linuxVmImagePublisher": { + "type": "string", + "defaultValue": "Canonical" + }, + "linuxVmImageOffer": { + "type": "string", + "defaultValue": "UbuntuServer" + }, + "linuxVmImageSku": { + "type": "string", + "defaultValue": "18.04-LTS" + }, + "linuxVmImageVersion": { + "type": "string", + "defaultValue": "latest" + }, + "linuxVmAdminUsername": { + "type": "string", + "defaultValue": "azureuser" + }, + "linuxVmAuthenticationType": { + "type": "string", + "defaultValue": "password", + "allowedValues": [ + "sshPublicKey", + "password" + ] + }, + "linuxVmAdminPasswordOrKey": { + "type": "secureString", + "defaultValue": "[if(parameters('deployRemoteAccess'), '', newGuid())]", + "minLength": 14 + }, + "linuxVmNetworkInterfaceName": { + "type": "string", + "defaultValue": "linuxVmNetworkInterface" + }, + "linuxNetworkInterfaceIpConfigurationName": { + "type": "string", + "defaultValue": "linuxVmIpConfiguration" + }, + "linuxNetworkInterfacePrivateIPAddressAllocationMethod": { + "type": "string", + "defaultValue": "Dynamic" + }, "tags": { "type": "object", "defaultValue": { @@ -387,8 +496,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.451.19169", - "templateHash": "4391723078931511573" + "version": "0.4.613.9944", + "templateHash": "2597065260920167442" } }, "parameters": { @@ -407,7 +516,7 @@ "resources": [ { "type": "Microsoft.Resources/resourceGroups", - "apiVersion": "2021-04-01", + "apiVersion": "2019-05-01", "name": "[parameters('name')]", "location": "[parameters('location')]", "tags": "[parameters('tags')]" @@ -454,8 +563,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.451.19169", - "templateHash": "4391723078931511573" + "version": "0.4.613.9944", + "templateHash": "2597065260920167442" } }, "parameters": { @@ -474,7 +583,7 @@ "resources": [ { "type": "Microsoft.Resources/resourceGroups", - "apiVersion": "2021-04-01", + "apiVersion": "2019-05-01", "name": "[parameters('name')]", "location": "[parameters('location')]", "tags": "[parameters('tags')]" @@ -521,8 +630,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.451.19169", - "templateHash": "4391723078931511573" + "version": "0.4.613.9944", + "templateHash": "2597065260920167442" } }, "parameters": { @@ -541,7 +650,7 @@ "resources": [ { "type": "Microsoft.Resources/resourceGroups", - "apiVersion": "2021-04-01", + "apiVersion": "2019-05-01", "name": "[parameters('name')]", "location": "[parameters('location')]", "tags": "[parameters('tags')]" @@ -588,8 +697,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.451.19169", - "templateHash": "4391723078931511573" + "version": "0.4.613.9944", + "templateHash": "2597065260920167442" } }, "parameters": { @@ -608,7 +717,7 @@ "resources": [ { "type": "Microsoft.Resources/resourceGroups", - "apiVersion": "2021-04-01", + "apiVersion": "2019-05-01", "name": "[parameters('name')]", "location": "[parameters('location')]", "tags": "[parameters('tags')]" @@ -664,8 +773,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.451.19169", - "templateHash": "3654750523315639217" + "version": "0.4.613.9944", + "templateHash": "1135244664014368490" } }, "parameters": { @@ -690,6 +799,10 @@ "workspaceCappingDailyQuotaGb": { "type": "int", "defaultValue": -1 + }, + "deploySentinel": { + "type": "bool", + "defaultValue": false } }, "functions": [], @@ -709,6 +822,74 @@ "dailyQuotaGb": "[parameters('workspaceCappingDailyQuotaGb')]" } } + }, + { + "condition": "[parameters('deploySentinel')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", + "name": "sentinelSolution", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "workspaceName": { + "value": "[parameters('name')]" + }, + "workspaceLocation": { + "value": "[parameters('location')]" + }, + "tags": { + "value": "[parameters('tags')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.4.613.9944", + "templateHash": "13919557056268320158" + } + }, + "parameters": { + "workspaceName": { + "type": "string" + }, + "workspaceLocation": { + "type": "string" + }, + "tags": { + "type": "object", + "defaultValue": {} + } + }, + "functions": [], + "resources": [ + { + "type": "Microsoft.OperationsManagement/solutions", + "apiVersion": "2015-11-01-preview", + "name": "[format('SecurityInsights({0})', parameters('workspaceName'))]", + "location": "[parameters('workspaceLocation')]", + "tags": "[parameters('tags')]", + "properties": { + "workspaceResourceId": "[resourceId('Microsoft.OperationalInsights/workspaces', parameters('workspaceName'))]" + }, + "plan": { + "name": "[format('SecurityInsights({0})', parameters('workspaceName'))]", + "publisher": "Microsoft", + "product": "OMSGallery/SecurityInsights", + "promotionCode": "" + } + } + ] + } + }, + "dependsOn": [ + "[resourceId('Microsoft.OperationalInsights/workspaces', parameters('name'))]" + ] } ], "outputs": { @@ -848,8 +1029,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.451.19169", - "templateHash": "7795182658623507493" + "version": "0.4.613.9944", + "templateHash": "11367184292724438005" } }, "parameters": { @@ -1070,8 +1251,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.451.19169", - "templateHash": "7478919688835670168" + "version": "0.4.613.9944", + "templateHash": "833209748305454708" } }, "parameters": { @@ -1141,8 +1322,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.451.19169", - "templateHash": "16344320883906419641" + "version": "0.4.613.9944", + "templateHash": "5161805386163632044" } }, "parameters": { @@ -1245,8 +1426,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.451.19169", - "templateHash": "4251305185578211506" + "version": "0.4.613.9944", + "templateHash": "16117476816851398131" } }, "parameters": { @@ -1370,8 +1551,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.451.19169", - "templateHash": "9581615100111735872" + "version": "0.4.613.9944", + "templateHash": "4341229051409225242" } }, "parameters": { @@ -1471,8 +1652,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.451.19169", - "templateHash": "11223093195346446502" + "version": "0.4.613.9944", + "templateHash": "11905204395726802012" } }, "parameters": { @@ -1557,8 +1738,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.451.19169", - "templateHash": "11223093195346446502" + "version": "0.4.613.9944", + "templateHash": "11905204395726802012" } }, "parameters": { @@ -1661,8 +1842,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.451.19169", - "templateHash": "1108501968354388067" + "version": "0.4.613.9944", + "templateHash": "14377085769738688639" } }, "parameters": { @@ -1882,8 +2063,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.451.19169", - "templateHash": "102664795413105394" + "version": "0.4.613.9944", + "templateHash": "15949869288234268239" } }, "parameters": { @@ -2030,8 +2211,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.451.19169", - "templateHash": "7478919688835670168" + "version": "0.4.613.9944", + "templateHash": "833209748305454708" } }, "parameters": { @@ -2101,8 +2282,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.451.19169", - "templateHash": "16344320883906419641" + "version": "0.4.613.9944", + "templateHash": "5161805386163632044" } }, "parameters": { @@ -2184,8 +2365,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.451.19169", - "templateHash": "9581615100111735872" + "version": "0.4.613.9944", + "templateHash": "4341229051409225242" } }, "parameters": { @@ -2305,8 +2486,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.451.19169", - "templateHash": "4251305185578211506" + "version": "0.4.613.9944", + "templateHash": "16117476816851398131" } }, "parameters": { @@ -2496,8 +2677,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.451.19169", - "templateHash": "102664795413105394" + "version": "0.4.613.9944", + "templateHash": "15949869288234268239" } }, "parameters": { @@ -2644,8 +2825,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.451.19169", - "templateHash": "7478919688835670168" + "version": "0.4.613.9944", + "templateHash": "833209748305454708" } }, "parameters": { @@ -2715,8 +2896,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.451.19169", - "templateHash": "16344320883906419641" + "version": "0.4.613.9944", + "templateHash": "5161805386163632044" } }, "parameters": { @@ -2798,8 +2979,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.451.19169", - "templateHash": "9581615100111735872" + "version": "0.4.613.9944", + "templateHash": "4341229051409225242" } }, "parameters": { @@ -2919,8 +3100,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.451.19169", - "templateHash": "4251305185578211506" + "version": "0.4.613.9944", + "templateHash": "16117476816851398131" } }, "parameters": { @@ -3110,8 +3291,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.451.19169", - "templateHash": "102664795413105394" + "version": "0.4.613.9944", + "templateHash": "15949869288234268239" } }, "parameters": { @@ -3258,8 +3439,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.451.19169", - "templateHash": "7478919688835670168" + "version": "0.4.613.9944", + "templateHash": "833209748305454708" } }, "parameters": { @@ -3329,8 +3510,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.451.19169", - "templateHash": "16344320883906419641" + "version": "0.4.613.9944", + "templateHash": "5161805386163632044" } }, "parameters": { @@ -3412,8 +3593,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.451.19169", - "templateHash": "9581615100111735872" + "version": "0.4.613.9944", + "templateHash": "4341229051409225242" } }, "parameters": { @@ -3533,8 +3714,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.451.19169", - "templateHash": "4251305185578211506" + "version": "0.4.613.9944", + "templateHash": "16117476816851398131" } }, "parameters": { @@ -3703,8 +3884,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.451.19169", - "templateHash": "1911650182896073393" + "version": "0.4.613.9944", + "templateHash": "9872315491162767153" } }, "parameters": { @@ -3759,8 +3940,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.451.19169", - "templateHash": "16145505190701732004" + "version": "0.4.613.9944", + "templateHash": "12715137779259556895" } }, "parameters": { @@ -3811,8 +3992,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.451.19169", - "templateHash": "16145505190701732004" + "version": "0.4.613.9944", + "templateHash": "12715137779259556895" } }, "parameters": { @@ -3863,8 +4044,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.451.19169", - "templateHash": "16145505190701732004" + "version": "0.4.613.9944", + "templateHash": "12715137779259556895" } }, "parameters": { @@ -3933,8 +4114,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.451.19169", - "templateHash": "13857954278136382775" + "version": "0.4.613.9944", + "templateHash": "7742888482530749531" } }, "parameters": { @@ -3977,8 +4158,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.451.19169", - "templateHash": "16145505190701732004" + "version": "0.4.613.9944", + "templateHash": "12715137779259556895" } }, "parameters": { @@ -4045,8 +4226,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.451.19169", - "templateHash": "13857954278136382775" + "version": "0.4.613.9944", + "templateHash": "7742888482530749531" } }, "parameters": { @@ -4089,8 +4270,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.451.19169", - "templateHash": "16145505190701732004" + "version": "0.4.613.9944", + "templateHash": "12715137779259556895" } }, "parameters": { @@ -4157,8 +4338,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.451.19169", - "templateHash": "13857954278136382775" + "version": "0.4.613.9944", + "templateHash": "7742888482530749531" } }, "parameters": { @@ -4201,8 +4382,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.4.451.19169", - "templateHash": "16145505190701732004" + "version": "0.4.613.9944", + "templateHash": "12715137779259556895" } }, "parameters": { @@ -4237,6 +4418,1295 @@ "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('sharedServicesSubscriptionId'), parameters('sharedServicesResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-sharedServices-spoke-{0}', parameters('nowUtc')))]", "[subscriptionResourceId(parameters('sharedServicesSubscriptionId'), 'Microsoft.Resources/deployments', format('deploy-sharedServices-rg-{0}', parameters('nowUtc')))]" ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", + "name": "[format('assign-policy-{0}', parameters('hubResourceGroupName'))]", + "subscriptionId": "[parameters('hubSubscriptionId')]", + "resourceGroup": "[parameters('hubResourceGroupName')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "builtInAssignment": { + "value": "[parameters('policy')]" + }, + "logAnalyticsWorkspaceName": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc'))), '2019-10-01').outputs.name.value]" + }, + "logAnalyticsWorkspaceResourceGroupName": { + "value": "[reference(subscriptionResourceId(parameters('operationsSubscriptionId'), 'Microsoft.Resources/deployments', format('deploy-operations-rg-{0}', parameters('nowUtc'))), '2019-10-01').outputs.name.value]" + }, + "operationsSubscriptionId": { + "value": "[parameters('operationsSubscriptionId')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.4.613.9944", + "templateHash": "3675806177489000536" + } + }, + "parameters": { + "builtInAssignment": { + "type": "string", + "defaultValue": "" + }, + "logAnalyticsWorkspaceName": { + "type": "string" + }, + "logAnalyticsWorkspaceResourceGroupName": { + "type": "string" + }, + "operationsSubscriptionId": { + "type": "string" + } + }, + "functions": [], + "variables": { + "modifiedAssignment": "[if(and(equals(toLower(environment().name), toLower('AzureCloud')), equals(toLower(parameters('builtInAssignment')), toLower('IL5'))), 'NIST', parameters('builtInAssignment'))]", + "assignmentName": "[format('{0} {1}', variables('modifiedAssignment'), resourceGroup().name)]" + }, + "resources": [ + { + "condition": "[not(empty(variables('modifiedAssignment')))]", + "type": "Microsoft.Authorization/policyAssignments", + "apiVersion": "2020-09-01", + "name": "[variables('assignmentName')]", + "location": "[resourceGroup().location]", + "properties": { + "policyDefinitionId": "[createObject('NIST', createObject('id', '/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f', 'parameters', json(replace(' {\n \"listOfMembersToExcludeFromWindowsVMAdministratorsGroup\": \n {\n \"value\": \"admin\"\n },\n \"listOfMembersToIncludeInWindowsVMAdministratorsGroup\": \n {\n \"value\": \"azureuser\"\n },\n \"logAnalyticsWorkspaceIdforVMReporting\": \n {\n \"value\": \"\"\n },\n \"IncludeArcMachines\": \n {\n \"value\": \"true\"\n },\n \"MinimumTLSVersion-5752e6d6-1206-46d8-8ab1-ecc2f71a8112\": \n {\n \"value\": \"1.2\"\n },\n \"NotAvailableMachineState-bed48b13-6647-468e-aa2f-1af1d3f4dd40\": \n {\n \"value\": \"Compliant\"\n },\n \"requiredRetentionDays\": \n {\n \"value\": \"365\"\n },\n \"resourceGroupName-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6\": \n {\n \"value\": \"NetworkWatcherRG\"\n }\n }', '', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('logAnalyticsWorkspaceResourceGroupName')), 'Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsWorkspaceName'))))), 'IL5', createObject('id', '/providers/Microsoft.Authorization/policySetDefinitions/f9a961fa-3241-4b20-adc4-bbf8ad9d7197', 'parameters', json(replace('{\n \"IncludeArcMachines\" : { \n \"value\" : \"false\"\n },\n \"NotAvailableMachineState-bed48b13-6647-468e-aa2f-1af1d3f4dd40\" : { \n \"value\" : \"Compliant\"\n },\n \"MinimumTLSVersionForWindowsServers\" : { \n \"value\" : \"1.2\"\n },\n \"requiredRetentionDays\" : { \n \"value\" : \"365\"\n },\n \"effect-febd0533-8e55-448f-b837-bd0e06f16469\" : { \n \"value\" : \"audit\"\n },\n \"allowedContainerImagesRegex-febd0533-8e55-448f-b837-bd0e06f16469\" : { \n \"value\" : \"^(.+){0}$\"\n },\n \"effect-95edb821-ddaf-4404-9732-666045e056b4\" : { \n \"value\" : \"audit\"\n },\n \"effect-440b515e-a580-421e-abeb-b159a61ddcbc\" : { \n \"value\" : \"audit\"\n },\n \"effect-233a2a17-77ca-4fb1-9b6b-69223d272a44\" : { \n \"value\" : \"audit\"\n },\n \"effect-e345eecc-fa47-480f-9e88-67dcc122b164\" : { \n \"value\" : \"audit\"\n },\n \"cpuLimit-e345eecc-fa47-480f-9e88-67dcc122b164\" : { \n \"value\" : \"0\"\n },\n \"memoryLimit-e345eecc-fa47-480f-9e88-67dcc122b164\" : { \n \"value\" : \"0\"\n },\n \"effect-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \n \"value\" : \"audit\"\n },\n \"runAsUserRule-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \n \"value\" : \"MustRunAsNonRoot\"\n },\n \"runAsGroupRule-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \n \"value\" : \"RunAsAny\"\n },\n \"supplementalGroupsRule-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \n \"value\" : \"RunAsAny\"\n },\n \"fsGroupRule-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \n \"value\" : \"RunAsAny\"\n },\n \"effect-1c6e92c9-99f0-4e55-9cf2-0c234dc48f99\" : { \n \"value\" : \"audit\"\n },\n \"effect-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8\" : { \n \"value\" : \"audit\"\n },\n \"effect-df49d893-a74c-421d-bc95-c663042e5b80\" : { \n \"value\" : \"audit\"\n },\n \"effect-1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\" : { \n \"value\" : \"audit\"\n },\n \"effect-c26596ff-4d70-4e6a-9a30-c2506bd2f80c\" : { \n \"value\" : \"audit\"\n },\n \"effect-511f5417-5d12-434d-ab2e-816901e72a5e\" : { \n \"value\" : \"audit\"\n },\n \"effect-82985f06-dc18-4a48-bc1c-b9f4f0098cfe\" : { \n \"value\" : \"audit\"\n },\n \"effect-098fc59e-46c7-4d99-9b16-64990e543d75\" : { \n \"value\" : \"audit\"\n },\n \"NetworkWatcherResourceGroupName\" : { \n \"value\" : \"NetworkWatcherRG\"\n },\n \"setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\" : { \n \"value\" : \"enabled\"\n },\n \"aadAuthenticationInServiceFabricMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"effect-71ef260a-8f18-47b7-abcb-62d0673d94dc\" : { \n \"value\" : \"Audit\"\n },\n \"effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c\" : { \n \"value\" : \"Audit\"\n },\n \"effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\" : { \n \"value\" : \"Audit\"\n },\n \"effect-862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\" : { \n \"value\" : \"Audit\"\n },\n \"effect-d9da03a1-f3c3-412a-9709-947156872263\" : { \n \"value\" : \"Audit\"\n },\n \"effect-617c02be-7f02-4efd-8836-3180d47b6c68\" : { \n \"value\" : \"Audit\"\n },\n \"effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-ec068d99-e9c7-401f-8cef-5bdde4e6ccf1\" : { \n \"value\" : \"Audit\"\n },\n \"effect-c349d81b-9985-44ae-a8da-ff98d108ede8\" : { \n \"value\" : \"Audit\"\n },\n \"effect-3657f5a0-770e-44a3-b44e-9431ba1e9735\" : { \n \"value\" : \"Audit\"\n },\n \"effect-b4ac1030-89c5-4697-8e00-28b5ba6a8811\" : { \n \"value\" : \"audit\"\n },\n \"effect-ea0dfaed-95fb-448c-934e-d6e713ce393d\" : { \n \"value\" : \"audit\"\n },\n \"effect-4733ea7b-a883-42fe-8cac-97454c2a9e4a\" : { \n \"value\" : \"Audit\"\n },\n \"effect-f4b53539-8df9-40e4-86c6-6b607703bd4e\" : { \n \"value\" : \"Audit\"\n },\n \"effect-41425d9f-d1a5-499a-9932-f8ed8453932c\" : { \n \"value\" : \"Audit\"\n },\n \"effect-fc4d8e41-e223-45ea-9bf5-eada37891d87\" : { \n \"value\" : \"Audit\"\n },\n \"effect-86efb160-8de7-451d-bc08-5d475b0aadae\" : { \n \"value\" : \"Audit\"\n },\n \"effect-4ec52d6d-beb7-40c4-9a9e-fe753254690e\" : { \n \"value\" : \"Audit\"\n },\n \"effect-64d314f6-6062-4780-a861-c23e8951bee5\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1fd32ebd-e4c3-4e13-a54a-d7422d4d95f6\" : { \n \"value\" : \"Audit\"\n },\n \"effect-fa298e57-9444-42ba-bf04-86e8470e32c7\" : { \n \"value\" : \"audit\"\n },\n \"effect-67121cc7-ff39-4ab8-b7e3-95b84dab487d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1f905d99-2ab7-462c-a6b0-f709acca6c8f\" : { \n \"value\" : \"audit\"\n },\n \"effect-5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\" : { \n \"value\" : \"Audit\"\n },\n \"effect-ba769a63-b8cc-4b2d-abf6-ac33c7204be8\" : { \n \"value\" : \"Audit\"\n },\n \"effect-81e74cea-30fd-40d5-802f-d72103c2aaaa\" : { \n \"value\" : \"Audit\"\n },\n \"effect-0aa61e00-0a01-4a3c-9945-e93cffedf0e6\" : { \n \"value\" : \"Audit\"\n },\n \"effect-47031206-ce96-41f8-861b-6a915f3de284\" : { \n \"value\" : \"Audit\"\n },\n \"effect-87ba29ef-1ab3-4d82-b763-87fcd4f531f7\" : { \n \"value\" : \"audit\"\n },\n \"effect-51522a96-0869-4791-82f3-981000c2c67f\" : { \n \"value\" : \"audit\"\n },\n \"effect-b5ec538c-daa0-4006-8596-35468b9148e8\" : { \n \"value\" : \"Audit\"\n },\n \"effect-56a5ee18-2ae6-4810-86f7-18e39ce5629b\" : { \n \"value\" : \"Audit\"\n },\n \"effect-2e94d99a-8a36-4563-bc77-810d8893b671\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1fafeaf6-7927-4059-a50a-8eb2a7a6f2b5\" : { \n \"value\" : \"Audit\"\n },\n \"effect-99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1f68a601-6e6d-4e42-babf-3f643a047ea2\" : { \n \"value\" : \"audit\"\n },\n \"effect-f7d52b2d-e161-4dfa-a82b-55e564167385\" : { \n \"value\" : \"Audit\"\n },\n \"effect-7d7be79c-23ba-4033-84dd-45e2a5ccdd67\" : { \n \"value\" : \"Audit\"\n },\n \"effect-ca91455f-eace-4f96-be59-e6e2c35b4816\" : { \n \"value\" : \"Audit\"\n },\n \"effect-702dd420-7fcc-42c5-afe8-4026edd20fe0\" : { \n \"value\" : \"Audit\"\n },\n \"diagnosticsLogsInRedisCacheMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"secureTransferToStorageAccountMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"effect-d0793b48-0edc-4296-a390-4c75d1bdfd71\" : { \n \"value\" : \"Audit\"\n },\n \"effect-7d092e0a-7acd-40d2-a975-dca21cae48c4\" : { \n \"value\" : \"Audit\"\n },\n \"effect-2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\" : { \n \"value\" : \"Audit\"\n },\n \"disableUnrestrictedNetworkToStorageAccountMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"effect-55615ac9-af46-4a59-874e-391cc3dfb490\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1b8ca024-1d5c-4dec-8995-b1a932b41780\" : { \n \"value\" : \"Audit\"\n },\n \"effect-037eea7a-bd0a-46c5-9a66-03aea78705d3\" : { \n \"value\" : \"Audit\"\n },\n \"effect-53503636-bcc9-4748-9663-5348217f160f\" : { \n \"value\" : \"Audit\"\n },\n \"effect-40cec1dd-a100-4920-b15b-3024fe8901ab\" : { \n \"value\" : \"Audit\"\n },\n \"effect-0725b4dd-7e76-479c-a735-68e7ee23d5ca\" : { \n \"value\" : \"Audit\"\n },\n \"effect-a049bf77-880b-470f-ba6d-9f21c530cf83\" : { \n \"value\" : \"Audit\"\n },\n \"effect-ee980b6d-0eca-4501-8d54-f6290fd512c3\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1d84d5fb-01f6-4d12-ba4f-4a26081d403d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-37e0d2fe-28a5-43d6-a273-67d37d1f5606\" : { \n \"value\" : \"Audit\"\n },\n \"identityDesignateMoreThanOneOwnerMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"diskEncryptionMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"emailNotificationToSubscriptionOwnerHighSeverityAlertsEnabledEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"functionAppDisableRemoteDebuggingMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"sqlDbEncryptionMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensurePHPVersionLatestForAPIAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"aadAuthenticationInSqlServerMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"vmssEndpointProtectionMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"vmssOsVulnerabilitiesMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"adaptiveApplicationControlsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"geoRedundantBackupShouldBeEnabledForAzureDatabaseForPostgreSQLEffect\" : { \n \"value\" : \"Audit\"\n },\n \"ensureJavaVersionLatestForWebAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityDesignateLessThanOwnersMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"securityContactEmailAddressForSubscriptionEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"webAppRestrictCORSAccessMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityRemoveDeprecatedAccountMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"functionAppEnforceHttpsMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"ensurePythonVersionLatestForWebAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensurePythonVersionLatestForFunctionAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensurePHPVersionLatestForWebAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensurePythonVersionLatestForAPIAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMySQLEffect\" : { \n \"value\" : \"Audit\"\n },\n \"systemUpdatesMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensureJavaVersionLatestForAPIAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensureHTTPVersionLatestForWebAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"apiAppRequireLatestTlsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityEnableMFAForWritePermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensureHTTPVersionLatestForAPIAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensureJavaVersionLatestForFunctionAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"nextGenerationFirewallMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"useRbacRulesMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"webAppEnforceHttpsMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"sqlServerAuditingMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"vnetEnableDDoSProtectionMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityEnableMFAForOwnerPermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"sqlServerAdvancedDataSecurityMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"sqlManagedInstanceAdvancedDataSecurityMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"endpointProtectionMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"jitNetworkAccessMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"apiAppEnforceHttpsMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"geoRedundantStorageShouldBeEnabledForStorageAccountsEffect\" : { \n \"value\" : \"Audit\"\n },\n \"vmssSystemUpdatesMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"webAppDisableRemoteDebuggingMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"systemConfigurationsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensureHTTPVersionLatestForFunctionAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityEnableMFAForReadPermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"containerBenchmarkMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"apiAppDisableRemoteDebuggingMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"vulnerabilityAssessmentOnServerMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"webAppRequireLatestTlsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"functionAppRequireLatestTlsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"kubernetesServiceVersionUpToDateMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"sqlDbVulnerabilityAssesmentMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"membersToIncludeInLocalAdministratorsGroup\" : { \n \"value\" : \"\"\n },\n \"membersToExcludeInLocalAdministratorsGroup\" : { \n \"value\" : \"\"\n },\n \"logAnalyticsWorkspaceIDForVMAgents\" : { \n \"value\" : \"\"\n },\n \"PHPLatestVersionForAppServices\" : { \n \"value\" : \"7.4\"\n },\n \"JavaLatestVersionForAppServices\" : { \n \"value\" : \"11\"\n },\n \"WindowsPythonLatestVersionForAppServices\" : { \n \"value\" : \"3.6\"\n },\n \"LinuxPythonLatestVersionForAppServices\" : { \n \"value\" : \"3.9\"\n },\n \"ensureDotNetFrameworkLatestForFunctionAppEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"sqlManagedInstanceAdvancedDataSecurityEmailsMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"vulnerabilityAssessmentMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"ensureDotNetFrameworkLatestForWebAppEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"sqlServerAdvancedDataSecurityEmailsMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"microsoftIaaSAntimalwareExtensionShouldBeDeployedOnWindowsServersEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"securityCenterStandardPricingTierShouldBeSelectedEffect\" : { \n \"value\" : \"Audit\"\n },\n \"theLogAnalyticsAgentShouldBeInstalledOnVirtualMachinesEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"ensurePHPVersionLatestForFunctionAppEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"securityContactPhoneNumberShouldBeProvidedForSubscriptionEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"threatDetectionTypesOnManagedInstanceMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"ensureDotNetFrameworkLatestForAPIAppEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"sqlServerAdvancedDataSecurityEmailAdminsMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"threatDetectionTypesOnServerMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"theLogAnalyticsAgentShouldBeInstalledOnVirtualMachineScaleSetsEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n }\n}', '', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('logAnalyticsWorkspaceResourceGroupName')), 'Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsWorkspaceName'))))), 'CMMC', createObject('id', '/providers/Microsoft.Authorization/policySetDefinitions/b5629c75-5c77-4422-87b9-2509e680f8de', 'parameters', json(replace('{\n \"logAnalyticsWorkspaceId-f47b5582-33ec-4c5c-87c0-b010a6b2e917\" : { \n \"value\" : \"\"\n },\n \"effect-09024ccc-0c5f-475e-9457-b7c0d9ed487b\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"MembersToExclude-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f\" :{\n \"value\": \"\"\n },\n \"MembersToInclude-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7\": {\n \"value\": \"\"\n },\n \"effect-0961003e-5a0a-4549-abde-af6a37f2724d\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-0b15565f-aa9e-48ba-8619-45960f2c314d\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-0e60b895-3786-45da-8377-9c6b4b6ac5f9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-17k78e20-9358-41c9-923c-fb736d382a12\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"PHPLatestVersion\" : { \n \"value\" : \"7.3\"\n },\n \"effect-22bee202-a82f-4305-9a2a-6d7f44d4dedb\" : { \n \"value\" : \"Audit\"\n },\n \"effect-26a828e1-e88f-464e-bbb3-c134a282b9de\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-34c877ad-507e-4c82-993e-3452a6e0ad3c\" : { \n \"value\" : \"Audit\"\n },\n \"effect-3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-404c3081-a854-4457-ae30-26a93ef643f9\" : { \n \"value\" : \"Audit\"\n },\n \"effect-47a6b606-51aa-4496-8bb7-64b11cf66adc\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-496223c3-ad65-4ecd-878a-bae78737e9ed\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"JavaLatestVersion\" : { \n \"value\" : \"11\"\n },\n \"effect-4f11b553-d42e-4e3a-89be-32ca364cad4c\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-5c607a2e-c700-4744-8254-d77e7c9eb5e4\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-5f76cf89-fbf2-47fd-a3f4-b891fa780b60\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-6b1cbf55-e8b6-442f-ba4c-7246b6381474\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\" : { \n \"value\" : \"Audit\"\n },\n \"effect-7008174a-fd10-4ef0-817e-fc820a951d73\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"LinuxPythonLatestVersion\" : { \n \"value\" : \"3.8\"\n },\n \"effect-7238174a-fd10-4ef0-817e-fc820a951d73\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-7261b898-8a84-4db8-9e04-18527132abb3\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-74c3584d-afae-46f7-a20a-6f8adba71a16\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-86b3d65f-7626-441e-b690-81a8b71cff60\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-88999f4c-376a-45c8-bcb3-4058f713cf39\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-8c122334-9d20-4eb8-89ea-ac9a705b74ae\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-9297c21d-2ed6-4474-b48f-163f75654ce3\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-991310cd-e9f3-47bc-b7b6-f57b557d07db\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-9b597639-28e4-48eb-b506-56b05d366257\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-9daedab3-fb2d-461e-b861-71790eead4f6\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-a4af4a39-4135-47fb-b175-47fbdf85311d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\" : { \n \"value\" : \"enabled\"\n },\n \"effect-a70ca396-0a34-413a-88e1-b956c1e683be\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-aa633080-8b72-40c4-a2d7-d00c03e80bed\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-af6cd1bd-1635-48cb-bde7-5b15693900b9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"resourceGroupName-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6\" : { \n \"value\" : \"NetworkWatcherRG\"\n },\n \"effect-b7ddfbdc-1260-477d-91fd-98bd9be789a6\" : { \n \"value\" : \"Audit\"\n },\n \"effect-c3f317a7-a95c-4547-b7e7-11017ebdf2fe\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-cb510bfd-1cba-4d9f-a230-cb0976f4bb71\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-e2c1c086-2d84-4019-bff3-c44ccd95113c\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-e3576e28-8b17-4677-84c3-db2990658d64\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-e8cbc669-f12d-49eb-93e7-9273119e9933\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-ebb62a0c-3560-49e1-89ed-27e074e9f8ad\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-efbde977-ba53-4479-b8e9-10b957924fbf\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-f6de0be7-9a8a-4b8a-b349-43cf02d22f7c\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-f8456c1c-aa66-4dfb-861a-25d127b775c9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-f9d614c5-c173-4d56-95a7-b4437057d193\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-fb893a29-21bb-418c-a157-e99480ec364c\" : { \n \"value\" : \"Audit\"\n },\n \"effect-feedbf84-6b99-488c-acc2-71c829aa5ffc\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-3b980d31-7904-4bb7-8575-5665739a8052\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-6e2593d9-add6-4083-9c9b-4b7d2188c899\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-12430be1-6cc8-4527-a9a8-e3d38f250096\" : { \n \"value\" : \"Audit\"\n },\n \"modeRequirement-12430be1-6cc8-4527-a9a8-e3d38f250096\" : { \n \"value\" : \"Detection\"\n },\n \"effect-425bea59-a659-4cbb-8d31-34499bd030b8\" : { \n \"value\" : \"Audit\"\n },\n \"modeRequirement-425bea59-a659-4cbb-8d31-34499bd030b8\" : { \n \"value\" : \"Detection\"\n },\n \"effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\" : { \n \"value\" : \"Audit\"\n },\n \"effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c\" : { \n \"value\" : \"Audit\"\n },\n \"effect-013e242c-8828-4970-87b3-ab247555486d\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-d38fc420-0735-4ef3-ac11-c806f651a570\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-a1181c5f-672a-477a-979a-7d58aa086233\" : { \n \"value\" : \"Audit\"\n },\n \"effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-4da35fc9-c9e7-4960-aec9-797fe7d9051d\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-523b5cd1-3e23-492f-a539-13118b6d1e3a\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-7fe3b40f-802b-4cdd-8bd4-fd799c948cc2\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-c25d9a16-bc35-4e15-a7e5-9db606bf9ed4\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b0f33259-77d7-4c9e-aac6-3aabcfae693c\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-037eea7a-bd0a-46c5-9a66-03aea78705d3\" : { \n \"value\" : \"Audit\"\n },\n \"effect-0725b4dd-7e76-479c-a735-68e7ee23d5ca\" : { \n \"value\" : \"Audit\"\n },\n \"effect-0820b7b9-23aa-4725-a1ce-ae4558f718e5\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-2c89a2e5-7285-40fe-afe0-ae8654b92fab\" : { \n \"value\" : \"Audit\"\n },\n \"effect-358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-5744710e-cc2f-4ee8-8809-3b11e89f4bc9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-ac4a19c2-fa67-49b4-8ae5-0b2e78c49457\" : { \n \"value\" : \"Audit\"\n },\n \"effect-c9d007d0-c057-4772-b18c-01e546713bcd\" : { \n \"value\" : \"Audit\"\n },\n \"effect-d0793b48-0edc-4296-a390-4c75d1bdfd71\" : { \n \"value\" : \"Audit\"\n },\n \"effect-e372f825-a257-4fb8-9175-797a8a8627d6\" : { \n \"value\" : \"Audit\"\n },\n \"effect-d158790f-bfb0-486c-8631-2dc6b4e8e6af\" : { \n \"value\" : \"Audit\"\n },\n \"effect-e802a67a-daf5-4436-9ea6-f6d821dd0c5d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-a451c1ef-c6ca-483d-87ed-f49761e3ffb5\" : { \n \"value\" : \"Audit\"\n },\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftSql-servers-firewallRules-delete\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-delete\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftClassicNetwork-networkSecurityGroups-delete\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-securityRules-delete\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftClassicNetwork-networkSecurityGroups-securityRules-delete\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-ae89ebca-1c92-4898-ac2c-9f63decb045c\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-d26f7642-7545-4e18-9b75-8c9bbdee3a9a\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-1a4e592a-6a6e-44a5-9814-e36264ca96e7\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-7796937f-307b-4598-941c-67d3a05ebfe7\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-c5447c04-a4d7-4ba8-a263-c9ee321a6858\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-41388f1c-2db0-4c25-95b2-35d7f5ccbfa9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b02aacc0-b073-424e-8298-42b22829ee0a\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-0ec47710-77ff-4a3d-9181-6aa50af424d0\" : { \n \"value\" : \"Audit\"\n },\n \"effect-48af4db5-9b8b-401c-8e74-076be876a430\" : { \n \"value\" : \"Audit\"\n },\n \"effect-82339799-d096-41ae-8538-b108becf0970\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-bb91dfba-c30d-4263-9add-9c2384e659a6\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-e71308d3-144b-4262-b144-efdc3cc90517\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-2bdd0062-9d75-436e-89df-487dd8e4b3c7\" : { \n \"value\" : \"Disabled\"\n },\n \"effect-4733ea7b-a883-42fe-8cac-97454c2a9e4a\" : { \n \"value\" : \"Audit\"\n },\n \"effect-67121cc7-ff39-4ab8-b7e3-95b84dab487d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-6fac406b-40ca-413b-bf8e-0bf964659c25\" : { \n \"value\" : \"Audit\"\n },\n \"effect-81e74cea-30fd-40d5-802f-d72103c2aaaa\" : { \n \"value\" : \"Audit\"\n },\n \"effect-c349d81b-9985-44ae-a8da-ff98d108ede8\" : { \n \"value\" : \"Audit\"\n },\n \"effect-f4b53539-8df9-40e4-86c6-6b607703bd4e\" : { \n \"value\" : \"Audit\"\n },\n \"effect-ec068d99-e9c7-401f-8cef-5bdde4e6ccf1\" : { \n \"value\" : \"Audit\"\n },\n \"effect-048248b0-55cd-46da-b1ff-39efd52db260\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-0d134df8-db83-46fb-ad72-fe0c9428c8dd\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-2c89a2e5-7285-40fe-afe0-ae8654b92fb2\" : { \n \"value\" : \"Audit\"\n },\n \"effect-3657f5a0-770e-44a3-b44e-9431ba1e9735\" : { \n \"value\" : \"Audit\"\n },\n \"effect-5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\" : { \n \"value\" : \"Audit\"\n },\n \"effect-617c02be-7f02-4efd-8836-3180d47b6c68\" : { \n \"value\" : \"Audit\"\n },\n \"effect-7d7be79c-23ba-4033-84dd-45e2a5ccdd67\" : { \n \"value\" : \"Audit\"\n },\n \"effect-87ba29ef-1ab3-4d82-b763-87fcd4f531f7\" : { \n \"value\" : \"audit\"\n },\n \"effect-f7d52b2d-e161-4dfa-a82b-55e564167385\" : { \n \"value\" : \"Audit\"\n },\n \"effect-c43e4a30-77cb-48ab-a4dd-93f175c63b57\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1f314764-cb73-4fc9-b863-8eca98ac36e9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-123a3936-f020-408a-ba0c-47873faf1534\" : { \n \"value\" : \"AuditIfNotExists\"\n }\n}\n', '', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('logAnalyticsWorkspaceResourceGroupName')), 'Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsWorkspaceName')), '2021-06-01').customerId))))[variables('modifiedAssignment')].id]", + "parameters": "[createObject('NIST', createObject('id', '/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f', 'parameters', json(replace(' {\n \"listOfMembersToExcludeFromWindowsVMAdministratorsGroup\": \n {\n \"value\": \"admin\"\n },\n \"listOfMembersToIncludeInWindowsVMAdministratorsGroup\": \n {\n \"value\": \"azureuser\"\n },\n \"logAnalyticsWorkspaceIdforVMReporting\": \n {\n \"value\": \"\"\n },\n \"IncludeArcMachines\": \n {\n \"value\": \"true\"\n },\n \"MinimumTLSVersion-5752e6d6-1206-46d8-8ab1-ecc2f71a8112\": \n {\n \"value\": \"1.2\"\n },\n \"NotAvailableMachineState-bed48b13-6647-468e-aa2f-1af1d3f4dd40\": \n {\n \"value\": \"Compliant\"\n },\n \"requiredRetentionDays\": \n {\n \"value\": \"365\"\n },\n \"resourceGroupName-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6\": \n {\n \"value\": \"NetworkWatcherRG\"\n }\n }', '', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('logAnalyticsWorkspaceResourceGroupName')), 'Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsWorkspaceName'))))), 'IL5', createObject('id', '/providers/Microsoft.Authorization/policySetDefinitions/f9a961fa-3241-4b20-adc4-bbf8ad9d7197', 'parameters', json(replace('{\n \"IncludeArcMachines\" : { \n \"value\" : \"false\"\n },\n \"NotAvailableMachineState-bed48b13-6647-468e-aa2f-1af1d3f4dd40\" : { \n \"value\" : \"Compliant\"\n },\n \"MinimumTLSVersionForWindowsServers\" : { \n \"value\" : \"1.2\"\n },\n \"requiredRetentionDays\" : { \n \"value\" : \"365\"\n },\n \"effect-febd0533-8e55-448f-b837-bd0e06f16469\" : { \n \"value\" : \"audit\"\n },\n \"allowedContainerImagesRegex-febd0533-8e55-448f-b837-bd0e06f16469\" : { \n \"value\" : \"^(.+){0}$\"\n },\n \"effect-95edb821-ddaf-4404-9732-666045e056b4\" : { \n \"value\" : \"audit\"\n },\n \"effect-440b515e-a580-421e-abeb-b159a61ddcbc\" : { \n \"value\" : \"audit\"\n },\n \"effect-233a2a17-77ca-4fb1-9b6b-69223d272a44\" : { \n \"value\" : \"audit\"\n },\n \"effect-e345eecc-fa47-480f-9e88-67dcc122b164\" : { \n \"value\" : \"audit\"\n },\n \"cpuLimit-e345eecc-fa47-480f-9e88-67dcc122b164\" : { \n \"value\" : \"0\"\n },\n \"memoryLimit-e345eecc-fa47-480f-9e88-67dcc122b164\" : { \n \"value\" : \"0\"\n },\n \"effect-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \n \"value\" : \"audit\"\n },\n \"runAsUserRule-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \n \"value\" : \"MustRunAsNonRoot\"\n },\n \"runAsGroupRule-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \n \"value\" : \"RunAsAny\"\n },\n \"supplementalGroupsRule-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \n \"value\" : \"RunAsAny\"\n },\n \"fsGroupRule-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \n \"value\" : \"RunAsAny\"\n },\n \"effect-1c6e92c9-99f0-4e55-9cf2-0c234dc48f99\" : { \n \"value\" : \"audit\"\n },\n \"effect-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8\" : { \n \"value\" : \"audit\"\n },\n \"effect-df49d893-a74c-421d-bc95-c663042e5b80\" : { \n \"value\" : \"audit\"\n },\n \"effect-1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\" : { \n \"value\" : \"audit\"\n },\n \"effect-c26596ff-4d70-4e6a-9a30-c2506bd2f80c\" : { \n \"value\" : \"audit\"\n },\n \"effect-511f5417-5d12-434d-ab2e-816901e72a5e\" : { \n \"value\" : \"audit\"\n },\n \"effect-82985f06-dc18-4a48-bc1c-b9f4f0098cfe\" : { \n \"value\" : \"audit\"\n },\n \"effect-098fc59e-46c7-4d99-9b16-64990e543d75\" : { \n \"value\" : \"audit\"\n },\n \"NetworkWatcherResourceGroupName\" : { \n \"value\" : \"NetworkWatcherRG\"\n },\n \"setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\" : { \n \"value\" : \"enabled\"\n },\n \"aadAuthenticationInServiceFabricMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"effect-71ef260a-8f18-47b7-abcb-62d0673d94dc\" : { \n \"value\" : \"Audit\"\n },\n \"effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c\" : { \n \"value\" : \"Audit\"\n },\n \"effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\" : { \n \"value\" : \"Audit\"\n },\n \"effect-862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\" : { \n \"value\" : \"Audit\"\n },\n \"effect-d9da03a1-f3c3-412a-9709-947156872263\" : { \n \"value\" : \"Audit\"\n },\n \"effect-617c02be-7f02-4efd-8836-3180d47b6c68\" : { \n \"value\" : \"Audit\"\n },\n \"effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-ec068d99-e9c7-401f-8cef-5bdde4e6ccf1\" : { \n \"value\" : \"Audit\"\n },\n \"effect-c349d81b-9985-44ae-a8da-ff98d108ede8\" : { \n \"value\" : \"Audit\"\n },\n \"effect-3657f5a0-770e-44a3-b44e-9431ba1e9735\" : { \n \"value\" : \"Audit\"\n },\n \"effect-b4ac1030-89c5-4697-8e00-28b5ba6a8811\" : { \n \"value\" : \"audit\"\n },\n \"effect-ea0dfaed-95fb-448c-934e-d6e713ce393d\" : { \n \"value\" : \"audit\"\n },\n \"effect-4733ea7b-a883-42fe-8cac-97454c2a9e4a\" : { \n \"value\" : \"Audit\"\n },\n \"effect-f4b53539-8df9-40e4-86c6-6b607703bd4e\" : { \n \"value\" : \"Audit\"\n },\n \"effect-41425d9f-d1a5-499a-9932-f8ed8453932c\" : { \n \"value\" : \"Audit\"\n },\n \"effect-fc4d8e41-e223-45ea-9bf5-eada37891d87\" : { \n \"value\" : \"Audit\"\n },\n \"effect-86efb160-8de7-451d-bc08-5d475b0aadae\" : { \n \"value\" : \"Audit\"\n },\n \"effect-4ec52d6d-beb7-40c4-9a9e-fe753254690e\" : { \n \"value\" : \"Audit\"\n },\n \"effect-64d314f6-6062-4780-a861-c23e8951bee5\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1fd32ebd-e4c3-4e13-a54a-d7422d4d95f6\" : { \n \"value\" : \"Audit\"\n },\n \"effect-fa298e57-9444-42ba-bf04-86e8470e32c7\" : { \n \"value\" : \"audit\"\n },\n \"effect-67121cc7-ff39-4ab8-b7e3-95b84dab487d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1f905d99-2ab7-462c-a6b0-f709acca6c8f\" : { \n \"value\" : \"audit\"\n },\n \"effect-5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\" : { \n \"value\" : \"Audit\"\n },\n \"effect-ba769a63-b8cc-4b2d-abf6-ac33c7204be8\" : { \n \"value\" : \"Audit\"\n },\n \"effect-81e74cea-30fd-40d5-802f-d72103c2aaaa\" : { \n \"value\" : \"Audit\"\n },\n \"effect-0aa61e00-0a01-4a3c-9945-e93cffedf0e6\" : { \n \"value\" : \"Audit\"\n },\n \"effect-47031206-ce96-41f8-861b-6a915f3de284\" : { \n \"value\" : \"Audit\"\n },\n \"effect-87ba29ef-1ab3-4d82-b763-87fcd4f531f7\" : { \n \"value\" : \"audit\"\n },\n \"effect-51522a96-0869-4791-82f3-981000c2c67f\" : { \n \"value\" : \"audit\"\n },\n \"effect-b5ec538c-daa0-4006-8596-35468b9148e8\" : { \n \"value\" : \"Audit\"\n },\n \"effect-56a5ee18-2ae6-4810-86f7-18e39ce5629b\" : { \n \"value\" : \"Audit\"\n },\n \"effect-2e94d99a-8a36-4563-bc77-810d8893b671\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1fafeaf6-7927-4059-a50a-8eb2a7a6f2b5\" : { \n \"value\" : \"Audit\"\n },\n \"effect-99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1f68a601-6e6d-4e42-babf-3f643a047ea2\" : { \n \"value\" : \"audit\"\n },\n \"effect-f7d52b2d-e161-4dfa-a82b-55e564167385\" : { \n \"value\" : \"Audit\"\n },\n \"effect-7d7be79c-23ba-4033-84dd-45e2a5ccdd67\" : { \n \"value\" : \"Audit\"\n },\n \"effect-ca91455f-eace-4f96-be59-e6e2c35b4816\" : { \n \"value\" : \"Audit\"\n },\n \"effect-702dd420-7fcc-42c5-afe8-4026edd20fe0\" : { \n \"value\" : \"Audit\"\n },\n \"diagnosticsLogsInRedisCacheMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"secureTransferToStorageAccountMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"effect-d0793b48-0edc-4296-a390-4c75d1bdfd71\" : { \n \"value\" : \"Audit\"\n },\n \"effect-7d092e0a-7acd-40d2-a975-dca21cae48c4\" : { \n \"value\" : \"Audit\"\n },\n \"effect-2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\" : { \n \"value\" : \"Audit\"\n },\n \"disableUnrestrictedNetworkToStorageAccountMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"effect-55615ac9-af46-4a59-874e-391cc3dfb490\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1b8ca024-1d5c-4dec-8995-b1a932b41780\" : { \n \"value\" : \"Audit\"\n },\n \"effect-037eea7a-bd0a-46c5-9a66-03aea78705d3\" : { \n \"value\" : \"Audit\"\n },\n \"effect-53503636-bcc9-4748-9663-5348217f160f\" : { \n \"value\" : \"Audit\"\n },\n \"effect-40cec1dd-a100-4920-b15b-3024fe8901ab\" : { \n \"value\" : \"Audit\"\n },\n \"effect-0725b4dd-7e76-479c-a735-68e7ee23d5ca\" : { \n \"value\" : \"Audit\"\n },\n \"effect-a049bf77-880b-470f-ba6d-9f21c530cf83\" : { \n \"value\" : \"Audit\"\n },\n \"effect-ee980b6d-0eca-4501-8d54-f6290fd512c3\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1d84d5fb-01f6-4d12-ba4f-4a26081d403d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-37e0d2fe-28a5-43d6-a273-67d37d1f5606\" : { \n \"value\" : \"Audit\"\n },\n \"identityDesignateMoreThanOneOwnerMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"diskEncryptionMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"emailNotificationToSubscriptionOwnerHighSeverityAlertsEnabledEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"functionAppDisableRemoteDebuggingMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"sqlDbEncryptionMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensurePHPVersionLatestForAPIAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"aadAuthenticationInSqlServerMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"vmssEndpointProtectionMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"vmssOsVulnerabilitiesMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"adaptiveApplicationControlsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"geoRedundantBackupShouldBeEnabledForAzureDatabaseForPostgreSQLEffect\" : { \n \"value\" : \"Audit\"\n },\n \"ensureJavaVersionLatestForWebAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityDesignateLessThanOwnersMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"securityContactEmailAddressForSubscriptionEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"webAppRestrictCORSAccessMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityRemoveDeprecatedAccountMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"functionAppEnforceHttpsMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"ensurePythonVersionLatestForWebAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensurePythonVersionLatestForFunctionAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensurePHPVersionLatestForWebAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensurePythonVersionLatestForAPIAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMySQLEffect\" : { \n \"value\" : \"Audit\"\n },\n \"systemUpdatesMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensureJavaVersionLatestForAPIAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensureHTTPVersionLatestForWebAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"apiAppRequireLatestTlsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityEnableMFAForWritePermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensureHTTPVersionLatestForAPIAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensureJavaVersionLatestForFunctionAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"nextGenerationFirewallMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"useRbacRulesMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"webAppEnforceHttpsMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"sqlServerAuditingMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"vnetEnableDDoSProtectionMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityEnableMFAForOwnerPermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"sqlServerAdvancedDataSecurityMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"sqlManagedInstanceAdvancedDataSecurityMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"endpointProtectionMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"jitNetworkAccessMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"apiAppEnforceHttpsMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"geoRedundantStorageShouldBeEnabledForStorageAccountsEffect\" : { \n \"value\" : \"Audit\"\n },\n \"vmssSystemUpdatesMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"webAppDisableRemoteDebuggingMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"systemConfigurationsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensureHTTPVersionLatestForFunctionAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityEnableMFAForReadPermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"containerBenchmarkMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"apiAppDisableRemoteDebuggingMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"vulnerabilityAssessmentOnServerMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"webAppRequireLatestTlsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"functionAppRequireLatestTlsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"kubernetesServiceVersionUpToDateMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"sqlDbVulnerabilityAssesmentMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"membersToIncludeInLocalAdministratorsGroup\" : { \n \"value\" : \"\"\n },\n \"membersToExcludeInLocalAdministratorsGroup\" : { \n \"value\" : \"\"\n },\n \"logAnalyticsWorkspaceIDForVMAgents\" : { \n \"value\" : \"\"\n },\n \"PHPLatestVersionForAppServices\" : { \n \"value\" : \"7.4\"\n },\n \"JavaLatestVersionForAppServices\" : { \n \"value\" : \"11\"\n },\n \"WindowsPythonLatestVersionForAppServices\" : { \n \"value\" : \"3.6\"\n },\n \"LinuxPythonLatestVersionForAppServices\" : { \n \"value\" : \"3.9\"\n },\n \"ensureDotNetFrameworkLatestForFunctionAppEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"sqlManagedInstanceAdvancedDataSecurityEmailsMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"vulnerabilityAssessmentMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"ensureDotNetFrameworkLatestForWebAppEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"sqlServerAdvancedDataSecurityEmailsMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"microsoftIaaSAntimalwareExtensionShouldBeDeployedOnWindowsServersEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"securityCenterStandardPricingTierShouldBeSelectedEffect\" : { \n \"value\" : \"Audit\"\n },\n \"theLogAnalyticsAgentShouldBeInstalledOnVirtualMachinesEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"ensurePHPVersionLatestForFunctionAppEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"securityContactPhoneNumberShouldBeProvidedForSubscriptionEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"threatDetectionTypesOnManagedInstanceMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"ensureDotNetFrameworkLatestForAPIAppEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"sqlServerAdvancedDataSecurityEmailAdminsMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"threatDetectionTypesOnServerMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"theLogAnalyticsAgentShouldBeInstalledOnVirtualMachineScaleSetsEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n }\n}', '', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('logAnalyticsWorkspaceResourceGroupName')), 'Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsWorkspaceName'))))), 'CMMC', createObject('id', '/providers/Microsoft.Authorization/policySetDefinitions/b5629c75-5c77-4422-87b9-2509e680f8de', 'parameters', json(replace('{\n \"logAnalyticsWorkspaceId-f47b5582-33ec-4c5c-87c0-b010a6b2e917\" : { \n \"value\" : \"\"\n },\n \"effect-09024ccc-0c5f-475e-9457-b7c0d9ed487b\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"MembersToExclude-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f\" :{\n \"value\": \"\"\n },\n \"MembersToInclude-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7\": {\n \"value\": \"\"\n },\n \"effect-0961003e-5a0a-4549-abde-af6a37f2724d\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-0b15565f-aa9e-48ba-8619-45960f2c314d\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-0e60b895-3786-45da-8377-9c6b4b6ac5f9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-17k78e20-9358-41c9-923c-fb736d382a12\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"PHPLatestVersion\" : { \n \"value\" : \"7.3\"\n },\n \"effect-22bee202-a82f-4305-9a2a-6d7f44d4dedb\" : { \n \"value\" : \"Audit\"\n },\n \"effect-26a828e1-e88f-464e-bbb3-c134a282b9de\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-34c877ad-507e-4c82-993e-3452a6e0ad3c\" : { \n \"value\" : \"Audit\"\n },\n \"effect-3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-404c3081-a854-4457-ae30-26a93ef643f9\" : { \n \"value\" : \"Audit\"\n },\n \"effect-47a6b606-51aa-4496-8bb7-64b11cf66adc\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-496223c3-ad65-4ecd-878a-bae78737e9ed\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"JavaLatestVersion\" : { \n \"value\" : \"11\"\n },\n \"effect-4f11b553-d42e-4e3a-89be-32ca364cad4c\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-5c607a2e-c700-4744-8254-d77e7c9eb5e4\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-5f76cf89-fbf2-47fd-a3f4-b891fa780b60\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-6b1cbf55-e8b6-442f-ba4c-7246b6381474\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\" : { \n \"value\" : \"Audit\"\n },\n \"effect-7008174a-fd10-4ef0-817e-fc820a951d73\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"LinuxPythonLatestVersion\" : { \n \"value\" : \"3.8\"\n },\n \"effect-7238174a-fd10-4ef0-817e-fc820a951d73\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-7261b898-8a84-4db8-9e04-18527132abb3\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-74c3584d-afae-46f7-a20a-6f8adba71a16\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-86b3d65f-7626-441e-b690-81a8b71cff60\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-88999f4c-376a-45c8-bcb3-4058f713cf39\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-8c122334-9d20-4eb8-89ea-ac9a705b74ae\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-9297c21d-2ed6-4474-b48f-163f75654ce3\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-991310cd-e9f3-47bc-b7b6-f57b557d07db\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-9b597639-28e4-48eb-b506-56b05d366257\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-9daedab3-fb2d-461e-b861-71790eead4f6\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-a4af4a39-4135-47fb-b175-47fbdf85311d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\" : { \n \"value\" : \"enabled\"\n },\n \"effect-a70ca396-0a34-413a-88e1-b956c1e683be\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-aa633080-8b72-40c4-a2d7-d00c03e80bed\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-af6cd1bd-1635-48cb-bde7-5b15693900b9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"resourceGroupName-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6\" : { \n \"value\" : \"NetworkWatcherRG\"\n },\n \"effect-b7ddfbdc-1260-477d-91fd-98bd9be789a6\" : { \n \"value\" : \"Audit\"\n },\n \"effect-c3f317a7-a95c-4547-b7e7-11017ebdf2fe\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-cb510bfd-1cba-4d9f-a230-cb0976f4bb71\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-e2c1c086-2d84-4019-bff3-c44ccd95113c\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-e3576e28-8b17-4677-84c3-db2990658d64\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-e8cbc669-f12d-49eb-93e7-9273119e9933\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-ebb62a0c-3560-49e1-89ed-27e074e9f8ad\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-efbde977-ba53-4479-b8e9-10b957924fbf\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-f6de0be7-9a8a-4b8a-b349-43cf02d22f7c\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-f8456c1c-aa66-4dfb-861a-25d127b775c9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-f9d614c5-c173-4d56-95a7-b4437057d193\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-fb893a29-21bb-418c-a157-e99480ec364c\" : { \n \"value\" : \"Audit\"\n },\n \"effect-feedbf84-6b99-488c-acc2-71c829aa5ffc\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-3b980d31-7904-4bb7-8575-5665739a8052\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-6e2593d9-add6-4083-9c9b-4b7d2188c899\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-12430be1-6cc8-4527-a9a8-e3d38f250096\" : { \n \"value\" : \"Audit\"\n },\n \"modeRequirement-12430be1-6cc8-4527-a9a8-e3d38f250096\" : { \n \"value\" : \"Detection\"\n },\n \"effect-425bea59-a659-4cbb-8d31-34499bd030b8\" : { \n \"value\" : \"Audit\"\n },\n \"modeRequirement-425bea59-a659-4cbb-8d31-34499bd030b8\" : { \n \"value\" : \"Detection\"\n },\n \"effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\" : { \n \"value\" : \"Audit\"\n },\n \"effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c\" : { \n \"value\" : \"Audit\"\n },\n \"effect-013e242c-8828-4970-87b3-ab247555486d\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-d38fc420-0735-4ef3-ac11-c806f651a570\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-a1181c5f-672a-477a-979a-7d58aa086233\" : { \n \"value\" : \"Audit\"\n },\n \"effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-4da35fc9-c9e7-4960-aec9-797fe7d9051d\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-523b5cd1-3e23-492f-a539-13118b6d1e3a\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-7fe3b40f-802b-4cdd-8bd4-fd799c948cc2\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-c25d9a16-bc35-4e15-a7e5-9db606bf9ed4\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b0f33259-77d7-4c9e-aac6-3aabcfae693c\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-037eea7a-bd0a-46c5-9a66-03aea78705d3\" : { \n \"value\" : \"Audit\"\n },\n \"effect-0725b4dd-7e76-479c-a735-68e7ee23d5ca\" : { \n \"value\" : \"Audit\"\n },\n \"effect-0820b7b9-23aa-4725-a1ce-ae4558f718e5\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-2c89a2e5-7285-40fe-afe0-ae8654b92fab\" : { \n \"value\" : \"Audit\"\n },\n \"effect-358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-5744710e-cc2f-4ee8-8809-3b11e89f4bc9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-ac4a19c2-fa67-49b4-8ae5-0b2e78c49457\" : { \n \"value\" : \"Audit\"\n },\n \"effect-c9d007d0-c057-4772-b18c-01e546713bcd\" : { \n \"value\" : \"Audit\"\n },\n \"effect-d0793b48-0edc-4296-a390-4c75d1bdfd71\" : { \n \"value\" : \"Audit\"\n },\n \"effect-e372f825-a257-4fb8-9175-797a8a8627d6\" : { \n \"value\" : \"Audit\"\n },\n \"effect-d158790f-bfb0-486c-8631-2dc6b4e8e6af\" : { \n \"value\" : \"Audit\"\n },\n \"effect-e802a67a-daf5-4436-9ea6-f6d821dd0c5d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-a451c1ef-c6ca-483d-87ed-f49761e3ffb5\" : { \n \"value\" : \"Audit\"\n },\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftSql-servers-firewallRules-delete\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-delete\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftClassicNetwork-networkSecurityGroups-delete\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-securityRules-delete\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftClassicNetwork-networkSecurityGroups-securityRules-delete\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-ae89ebca-1c92-4898-ac2c-9f63decb045c\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-d26f7642-7545-4e18-9b75-8c9bbdee3a9a\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-1a4e592a-6a6e-44a5-9814-e36264ca96e7\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-7796937f-307b-4598-941c-67d3a05ebfe7\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-c5447c04-a4d7-4ba8-a263-c9ee321a6858\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-41388f1c-2db0-4c25-95b2-35d7f5ccbfa9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b02aacc0-b073-424e-8298-42b22829ee0a\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-0ec47710-77ff-4a3d-9181-6aa50af424d0\" : { \n \"value\" : \"Audit\"\n },\n \"effect-48af4db5-9b8b-401c-8e74-076be876a430\" : { \n \"value\" : \"Audit\"\n },\n \"effect-82339799-d096-41ae-8538-b108becf0970\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-bb91dfba-c30d-4263-9add-9c2384e659a6\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-e71308d3-144b-4262-b144-efdc3cc90517\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-2bdd0062-9d75-436e-89df-487dd8e4b3c7\" : { \n \"value\" : \"Disabled\"\n },\n \"effect-4733ea7b-a883-42fe-8cac-97454c2a9e4a\" : { \n \"value\" : \"Audit\"\n },\n \"effect-67121cc7-ff39-4ab8-b7e3-95b84dab487d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-6fac406b-40ca-413b-bf8e-0bf964659c25\" : { \n \"value\" : \"Audit\"\n },\n \"effect-81e74cea-30fd-40d5-802f-d72103c2aaaa\" : { \n \"value\" : \"Audit\"\n },\n \"effect-c349d81b-9985-44ae-a8da-ff98d108ede8\" : { \n \"value\" : \"Audit\"\n },\n \"effect-f4b53539-8df9-40e4-86c6-6b607703bd4e\" : { \n \"value\" : \"Audit\"\n },\n \"effect-ec068d99-e9c7-401f-8cef-5bdde4e6ccf1\" : { \n \"value\" : \"Audit\"\n },\n \"effect-048248b0-55cd-46da-b1ff-39efd52db260\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-0d134df8-db83-46fb-ad72-fe0c9428c8dd\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-2c89a2e5-7285-40fe-afe0-ae8654b92fb2\" : { \n \"value\" : \"Audit\"\n },\n \"effect-3657f5a0-770e-44a3-b44e-9431ba1e9735\" : { \n \"value\" : \"Audit\"\n },\n \"effect-5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\" : { \n \"value\" : \"Audit\"\n },\n \"effect-617c02be-7f02-4efd-8836-3180d47b6c68\" : { \n \"value\" : \"Audit\"\n },\n \"effect-7d7be79c-23ba-4033-84dd-45e2a5ccdd67\" : { \n \"value\" : \"Audit\"\n },\n \"effect-87ba29ef-1ab3-4d82-b763-87fcd4f531f7\" : { \n \"value\" : \"audit\"\n },\n \"effect-f7d52b2d-e161-4dfa-a82b-55e564167385\" : { \n \"value\" : \"Audit\"\n },\n \"effect-c43e4a30-77cb-48ab-a4dd-93f175c63b57\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1f314764-cb73-4fc9-b863-8eca98ac36e9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-123a3936-f020-408a-ba0c-47873faf1534\" : { \n \"value\" : \"AuditIfNotExists\"\n }\n}\n', '', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('logAnalyticsWorkspaceResourceGroupName')), 'Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsWorkspaceName')), '2021-06-01').customerId))))[variables('modifiedAssignment')].parameters]" + }, + "identity": { + "type": "SystemAssigned" + } + } + ] + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc')))]", + "[subscriptionResourceId(parameters('operationsSubscriptionId'), 'Microsoft.Resources/deployments', format('deploy-operations-rg-{0}', parameters('nowUtc')))]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", + "name": "[format('assign-policy-{0}', parameters('operationsResourceGroupName'))]", + "subscriptionId": "[parameters('operationsSubscriptionId')]", + "resourceGroup": "[parameters('operationsResourceGroupName')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "builtInAssignment": { + "value": "[parameters('policy')]" + }, + "logAnalyticsWorkspaceName": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc'))), '2019-10-01').outputs.name.value]" + }, + "logAnalyticsWorkspaceResourceGroupName": { + "value": "[reference(subscriptionResourceId(parameters('operationsSubscriptionId'), 'Microsoft.Resources/deployments', format('deploy-operations-rg-{0}', parameters('nowUtc'))), '2019-10-01').outputs.name.value]" + }, + "operationsSubscriptionId": { + "value": "[parameters('operationsSubscriptionId')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.4.613.9944", + "templateHash": "3675806177489000536" + } + }, + "parameters": { + "builtInAssignment": { + "type": "string", + "defaultValue": "" + }, + "logAnalyticsWorkspaceName": { + "type": "string" + }, + "logAnalyticsWorkspaceResourceGroupName": { + "type": "string" + }, + "operationsSubscriptionId": { + "type": "string" + } + }, + "functions": [], + "variables": { + "modifiedAssignment": "[if(and(equals(toLower(environment().name), toLower('AzureCloud')), equals(toLower(parameters('builtInAssignment')), toLower('IL5'))), 'NIST', parameters('builtInAssignment'))]", + "assignmentName": "[format('{0} {1}', variables('modifiedAssignment'), resourceGroup().name)]" + }, + "resources": [ + { + "condition": "[not(empty(variables('modifiedAssignment')))]", + "type": "Microsoft.Authorization/policyAssignments", + "apiVersion": "2020-09-01", + "name": "[variables('assignmentName')]", + "location": "[resourceGroup().location]", + "properties": { + "policyDefinitionId": "[createObject('NIST', createObject('id', '/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f', 'parameters', json(replace(' {\n \"listOfMembersToExcludeFromWindowsVMAdministratorsGroup\": \n {\n \"value\": \"admin\"\n },\n \"listOfMembersToIncludeInWindowsVMAdministratorsGroup\": \n {\n \"value\": \"azureuser\"\n },\n \"logAnalyticsWorkspaceIdforVMReporting\": \n {\n \"value\": \"\"\n },\n \"IncludeArcMachines\": \n {\n \"value\": \"true\"\n },\n \"MinimumTLSVersion-5752e6d6-1206-46d8-8ab1-ecc2f71a8112\": \n {\n \"value\": \"1.2\"\n },\n \"NotAvailableMachineState-bed48b13-6647-468e-aa2f-1af1d3f4dd40\": \n {\n \"value\": \"Compliant\"\n },\n \"requiredRetentionDays\": \n {\n \"value\": \"365\"\n },\n \"resourceGroupName-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6\": \n {\n \"value\": \"NetworkWatcherRG\"\n }\n }', '', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('logAnalyticsWorkspaceResourceGroupName')), 'Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsWorkspaceName'))))), 'IL5', createObject('id', '/providers/Microsoft.Authorization/policySetDefinitions/f9a961fa-3241-4b20-adc4-bbf8ad9d7197', 'parameters', json(replace('{\n \"IncludeArcMachines\" : { \n \"value\" : \"false\"\n },\n \"NotAvailableMachineState-bed48b13-6647-468e-aa2f-1af1d3f4dd40\" : { \n \"value\" : \"Compliant\"\n },\n \"MinimumTLSVersionForWindowsServers\" : { \n \"value\" : \"1.2\"\n },\n \"requiredRetentionDays\" : { \n \"value\" : \"365\"\n },\n \"effect-febd0533-8e55-448f-b837-bd0e06f16469\" : { \n \"value\" : \"audit\"\n },\n \"allowedContainerImagesRegex-febd0533-8e55-448f-b837-bd0e06f16469\" : { \n \"value\" : \"^(.+){0}$\"\n },\n \"effect-95edb821-ddaf-4404-9732-666045e056b4\" : { \n \"value\" : \"audit\"\n },\n \"effect-440b515e-a580-421e-abeb-b159a61ddcbc\" : { \n \"value\" : \"audit\"\n },\n \"effect-233a2a17-77ca-4fb1-9b6b-69223d272a44\" : { \n \"value\" : \"audit\"\n },\n \"effect-e345eecc-fa47-480f-9e88-67dcc122b164\" : { \n \"value\" : \"audit\"\n },\n \"cpuLimit-e345eecc-fa47-480f-9e88-67dcc122b164\" : { \n \"value\" : \"0\"\n },\n \"memoryLimit-e345eecc-fa47-480f-9e88-67dcc122b164\" : { \n \"value\" : \"0\"\n },\n \"effect-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \n \"value\" : \"audit\"\n },\n \"runAsUserRule-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \n \"value\" : \"MustRunAsNonRoot\"\n },\n \"runAsGroupRule-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \n \"value\" : \"RunAsAny\"\n },\n \"supplementalGroupsRule-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \n \"value\" : \"RunAsAny\"\n },\n \"fsGroupRule-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \n \"value\" : \"RunAsAny\"\n },\n \"effect-1c6e92c9-99f0-4e55-9cf2-0c234dc48f99\" : { \n \"value\" : \"audit\"\n },\n \"effect-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8\" : { \n \"value\" : \"audit\"\n },\n \"effect-df49d893-a74c-421d-bc95-c663042e5b80\" : { \n \"value\" : \"audit\"\n },\n \"effect-1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\" : { \n \"value\" : \"audit\"\n },\n \"effect-c26596ff-4d70-4e6a-9a30-c2506bd2f80c\" : { \n \"value\" : \"audit\"\n },\n \"effect-511f5417-5d12-434d-ab2e-816901e72a5e\" : { \n \"value\" : \"audit\"\n },\n \"effect-82985f06-dc18-4a48-bc1c-b9f4f0098cfe\" : { \n \"value\" : \"audit\"\n },\n \"effect-098fc59e-46c7-4d99-9b16-64990e543d75\" : { \n \"value\" : \"audit\"\n },\n \"NetworkWatcherResourceGroupName\" : { \n \"value\" : \"NetworkWatcherRG\"\n },\n \"setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\" : { \n \"value\" : \"enabled\"\n },\n \"aadAuthenticationInServiceFabricMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"effect-71ef260a-8f18-47b7-abcb-62d0673d94dc\" : { \n \"value\" : \"Audit\"\n },\n \"effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c\" : { \n \"value\" : \"Audit\"\n },\n \"effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\" : { \n \"value\" : \"Audit\"\n },\n \"effect-862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\" : { \n \"value\" : \"Audit\"\n },\n \"effect-d9da03a1-f3c3-412a-9709-947156872263\" : { \n \"value\" : \"Audit\"\n },\n \"effect-617c02be-7f02-4efd-8836-3180d47b6c68\" : { \n \"value\" : \"Audit\"\n },\n \"effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-ec068d99-e9c7-401f-8cef-5bdde4e6ccf1\" : { \n \"value\" : \"Audit\"\n },\n \"effect-c349d81b-9985-44ae-a8da-ff98d108ede8\" : { \n \"value\" : \"Audit\"\n },\n \"effect-3657f5a0-770e-44a3-b44e-9431ba1e9735\" : { \n \"value\" : \"Audit\"\n },\n \"effect-b4ac1030-89c5-4697-8e00-28b5ba6a8811\" : { \n \"value\" : \"audit\"\n },\n \"effect-ea0dfaed-95fb-448c-934e-d6e713ce393d\" : { \n \"value\" : \"audit\"\n },\n \"effect-4733ea7b-a883-42fe-8cac-97454c2a9e4a\" : { \n \"value\" : \"Audit\"\n },\n \"effect-f4b53539-8df9-40e4-86c6-6b607703bd4e\" : { \n \"value\" : \"Audit\"\n },\n \"effect-41425d9f-d1a5-499a-9932-f8ed8453932c\" : { \n \"value\" : \"Audit\"\n },\n \"effect-fc4d8e41-e223-45ea-9bf5-eada37891d87\" : { \n \"value\" : \"Audit\"\n },\n \"effect-86efb160-8de7-451d-bc08-5d475b0aadae\" : { \n \"value\" : \"Audit\"\n },\n \"effect-4ec52d6d-beb7-40c4-9a9e-fe753254690e\" : { \n \"value\" : \"Audit\"\n },\n \"effect-64d314f6-6062-4780-a861-c23e8951bee5\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1fd32ebd-e4c3-4e13-a54a-d7422d4d95f6\" : { \n \"value\" : \"Audit\"\n },\n \"effect-fa298e57-9444-42ba-bf04-86e8470e32c7\" : { \n \"value\" : \"audit\"\n },\n \"effect-67121cc7-ff39-4ab8-b7e3-95b84dab487d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1f905d99-2ab7-462c-a6b0-f709acca6c8f\" : { \n \"value\" : \"audit\"\n },\n \"effect-5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\" : { \n \"value\" : \"Audit\"\n },\n \"effect-ba769a63-b8cc-4b2d-abf6-ac33c7204be8\" : { \n \"value\" : \"Audit\"\n },\n \"effect-81e74cea-30fd-40d5-802f-d72103c2aaaa\" : { \n \"value\" : \"Audit\"\n },\n \"effect-0aa61e00-0a01-4a3c-9945-e93cffedf0e6\" : { \n \"value\" : \"Audit\"\n },\n \"effect-47031206-ce96-41f8-861b-6a915f3de284\" : { \n \"value\" : \"Audit\"\n },\n \"effect-87ba29ef-1ab3-4d82-b763-87fcd4f531f7\" : { \n \"value\" : \"audit\"\n },\n \"effect-51522a96-0869-4791-82f3-981000c2c67f\" : { \n \"value\" : \"audit\"\n },\n \"effect-b5ec538c-daa0-4006-8596-35468b9148e8\" : { \n \"value\" : \"Audit\"\n },\n \"effect-56a5ee18-2ae6-4810-86f7-18e39ce5629b\" : { \n \"value\" : \"Audit\"\n },\n \"effect-2e94d99a-8a36-4563-bc77-810d8893b671\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1fafeaf6-7927-4059-a50a-8eb2a7a6f2b5\" : { \n \"value\" : \"Audit\"\n },\n \"effect-99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1f68a601-6e6d-4e42-babf-3f643a047ea2\" : { \n \"value\" : \"audit\"\n },\n \"effect-f7d52b2d-e161-4dfa-a82b-55e564167385\" : { \n \"value\" : \"Audit\"\n },\n \"effect-7d7be79c-23ba-4033-84dd-45e2a5ccdd67\" : { \n \"value\" : \"Audit\"\n },\n \"effect-ca91455f-eace-4f96-be59-e6e2c35b4816\" : { \n \"value\" : \"Audit\"\n },\n \"effect-702dd420-7fcc-42c5-afe8-4026edd20fe0\" : { \n \"value\" : \"Audit\"\n },\n \"diagnosticsLogsInRedisCacheMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"secureTransferToStorageAccountMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"effect-d0793b48-0edc-4296-a390-4c75d1bdfd71\" : { \n \"value\" : \"Audit\"\n },\n \"effect-7d092e0a-7acd-40d2-a975-dca21cae48c4\" : { \n \"value\" : \"Audit\"\n },\n \"effect-2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\" : { \n \"value\" : \"Audit\"\n },\n \"disableUnrestrictedNetworkToStorageAccountMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"effect-55615ac9-af46-4a59-874e-391cc3dfb490\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1b8ca024-1d5c-4dec-8995-b1a932b41780\" : { \n \"value\" : \"Audit\"\n },\n \"effect-037eea7a-bd0a-46c5-9a66-03aea78705d3\" : { \n \"value\" : \"Audit\"\n },\n \"effect-53503636-bcc9-4748-9663-5348217f160f\" : { \n \"value\" : \"Audit\"\n },\n \"effect-40cec1dd-a100-4920-b15b-3024fe8901ab\" : { \n \"value\" : \"Audit\"\n },\n \"effect-0725b4dd-7e76-479c-a735-68e7ee23d5ca\" : { \n \"value\" : \"Audit\"\n },\n \"effect-a049bf77-880b-470f-ba6d-9f21c530cf83\" : { \n \"value\" : \"Audit\"\n },\n \"effect-ee980b6d-0eca-4501-8d54-f6290fd512c3\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1d84d5fb-01f6-4d12-ba4f-4a26081d403d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-37e0d2fe-28a5-43d6-a273-67d37d1f5606\" : { \n \"value\" : \"Audit\"\n },\n \"identityDesignateMoreThanOneOwnerMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"diskEncryptionMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"emailNotificationToSubscriptionOwnerHighSeverityAlertsEnabledEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"functionAppDisableRemoteDebuggingMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"sqlDbEncryptionMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensurePHPVersionLatestForAPIAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"aadAuthenticationInSqlServerMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"vmssEndpointProtectionMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"vmssOsVulnerabilitiesMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"adaptiveApplicationControlsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"geoRedundantBackupShouldBeEnabledForAzureDatabaseForPostgreSQLEffect\" : { \n \"value\" : \"Audit\"\n },\n \"ensureJavaVersionLatestForWebAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityDesignateLessThanOwnersMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"securityContactEmailAddressForSubscriptionEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"webAppRestrictCORSAccessMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityRemoveDeprecatedAccountMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"functionAppEnforceHttpsMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"ensurePythonVersionLatestForWebAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensurePythonVersionLatestForFunctionAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensurePHPVersionLatestForWebAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensurePythonVersionLatestForAPIAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMySQLEffect\" : { \n \"value\" : \"Audit\"\n },\n \"systemUpdatesMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensureJavaVersionLatestForAPIAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensureHTTPVersionLatestForWebAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"apiAppRequireLatestTlsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityEnableMFAForWritePermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensureHTTPVersionLatestForAPIAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensureJavaVersionLatestForFunctionAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"nextGenerationFirewallMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"useRbacRulesMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"webAppEnforceHttpsMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"sqlServerAuditingMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"vnetEnableDDoSProtectionMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityEnableMFAForOwnerPermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"sqlServerAdvancedDataSecurityMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"sqlManagedInstanceAdvancedDataSecurityMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"endpointProtectionMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"jitNetworkAccessMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"apiAppEnforceHttpsMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"geoRedundantStorageShouldBeEnabledForStorageAccountsEffect\" : { \n \"value\" : \"Audit\"\n },\n \"vmssSystemUpdatesMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"webAppDisableRemoteDebuggingMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"systemConfigurationsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensureHTTPVersionLatestForFunctionAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityEnableMFAForReadPermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"containerBenchmarkMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"apiAppDisableRemoteDebuggingMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"vulnerabilityAssessmentOnServerMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"webAppRequireLatestTlsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"functionAppRequireLatestTlsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"kubernetesServiceVersionUpToDateMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"sqlDbVulnerabilityAssesmentMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"membersToIncludeInLocalAdministratorsGroup\" : { \n \"value\" : \"\"\n },\n \"membersToExcludeInLocalAdministratorsGroup\" : { \n \"value\" : \"\"\n },\n \"logAnalyticsWorkspaceIDForVMAgents\" : { \n \"value\" : \"\"\n },\n \"PHPLatestVersionForAppServices\" : { \n \"value\" : \"7.4\"\n },\n \"JavaLatestVersionForAppServices\" : { \n \"value\" : \"11\"\n },\n \"WindowsPythonLatestVersionForAppServices\" : { \n \"value\" : \"3.6\"\n },\n \"LinuxPythonLatestVersionForAppServices\" : { \n \"value\" : \"3.9\"\n },\n \"ensureDotNetFrameworkLatestForFunctionAppEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"sqlManagedInstanceAdvancedDataSecurityEmailsMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"vulnerabilityAssessmentMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"ensureDotNetFrameworkLatestForWebAppEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"sqlServerAdvancedDataSecurityEmailsMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"microsoftIaaSAntimalwareExtensionShouldBeDeployedOnWindowsServersEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"securityCenterStandardPricingTierShouldBeSelectedEffect\" : { \n \"value\" : \"Audit\"\n },\n \"theLogAnalyticsAgentShouldBeInstalledOnVirtualMachinesEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"ensurePHPVersionLatestForFunctionAppEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"securityContactPhoneNumberShouldBeProvidedForSubscriptionEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"threatDetectionTypesOnManagedInstanceMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"ensureDotNetFrameworkLatestForAPIAppEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"sqlServerAdvancedDataSecurityEmailAdminsMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"threatDetectionTypesOnServerMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"theLogAnalyticsAgentShouldBeInstalledOnVirtualMachineScaleSetsEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n }\n}', '', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('logAnalyticsWorkspaceResourceGroupName')), 'Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsWorkspaceName'))))), 'CMMC', createObject('id', '/providers/Microsoft.Authorization/policySetDefinitions/b5629c75-5c77-4422-87b9-2509e680f8de', 'parameters', json(replace('{\n \"logAnalyticsWorkspaceId-f47b5582-33ec-4c5c-87c0-b010a6b2e917\" : { \n \"value\" : \"\"\n },\n \"effect-09024ccc-0c5f-475e-9457-b7c0d9ed487b\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"MembersToExclude-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f\" :{\n \"value\": \"\"\n },\n \"MembersToInclude-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7\": {\n \"value\": \"\"\n },\n \"effect-0961003e-5a0a-4549-abde-af6a37f2724d\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-0b15565f-aa9e-48ba-8619-45960f2c314d\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-0e60b895-3786-45da-8377-9c6b4b6ac5f9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-17k78e20-9358-41c9-923c-fb736d382a12\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"PHPLatestVersion\" : { \n \"value\" : \"7.3\"\n },\n \"effect-22bee202-a82f-4305-9a2a-6d7f44d4dedb\" : { \n \"value\" : \"Audit\"\n },\n \"effect-26a828e1-e88f-464e-bbb3-c134a282b9de\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-34c877ad-507e-4c82-993e-3452a6e0ad3c\" : { \n \"value\" : \"Audit\"\n },\n \"effect-3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-404c3081-a854-4457-ae30-26a93ef643f9\" : { \n \"value\" : \"Audit\"\n },\n \"effect-47a6b606-51aa-4496-8bb7-64b11cf66adc\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-496223c3-ad65-4ecd-878a-bae78737e9ed\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"JavaLatestVersion\" : { \n \"value\" : \"11\"\n },\n \"effect-4f11b553-d42e-4e3a-89be-32ca364cad4c\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-5c607a2e-c700-4744-8254-d77e7c9eb5e4\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-5f76cf89-fbf2-47fd-a3f4-b891fa780b60\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-6b1cbf55-e8b6-442f-ba4c-7246b6381474\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\" : { \n \"value\" : \"Audit\"\n },\n \"effect-7008174a-fd10-4ef0-817e-fc820a951d73\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"LinuxPythonLatestVersion\" : { \n \"value\" : \"3.8\"\n },\n \"effect-7238174a-fd10-4ef0-817e-fc820a951d73\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-7261b898-8a84-4db8-9e04-18527132abb3\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-74c3584d-afae-46f7-a20a-6f8adba71a16\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-86b3d65f-7626-441e-b690-81a8b71cff60\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-88999f4c-376a-45c8-bcb3-4058f713cf39\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-8c122334-9d20-4eb8-89ea-ac9a705b74ae\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-9297c21d-2ed6-4474-b48f-163f75654ce3\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-991310cd-e9f3-47bc-b7b6-f57b557d07db\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-9b597639-28e4-48eb-b506-56b05d366257\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-9daedab3-fb2d-461e-b861-71790eead4f6\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-a4af4a39-4135-47fb-b175-47fbdf85311d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\" : { \n \"value\" : \"enabled\"\n },\n \"effect-a70ca396-0a34-413a-88e1-b956c1e683be\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-aa633080-8b72-40c4-a2d7-d00c03e80bed\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-af6cd1bd-1635-48cb-bde7-5b15693900b9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"resourceGroupName-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6\" : { \n \"value\" : \"NetworkWatcherRG\"\n },\n \"effect-b7ddfbdc-1260-477d-91fd-98bd9be789a6\" : { \n \"value\" : \"Audit\"\n },\n \"effect-c3f317a7-a95c-4547-b7e7-11017ebdf2fe\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-cb510bfd-1cba-4d9f-a230-cb0976f4bb71\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-e2c1c086-2d84-4019-bff3-c44ccd95113c\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-e3576e28-8b17-4677-84c3-db2990658d64\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-e8cbc669-f12d-49eb-93e7-9273119e9933\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-ebb62a0c-3560-49e1-89ed-27e074e9f8ad\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-efbde977-ba53-4479-b8e9-10b957924fbf\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-f6de0be7-9a8a-4b8a-b349-43cf02d22f7c\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-f8456c1c-aa66-4dfb-861a-25d127b775c9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-f9d614c5-c173-4d56-95a7-b4437057d193\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-fb893a29-21bb-418c-a157-e99480ec364c\" : { \n \"value\" : \"Audit\"\n },\n \"effect-feedbf84-6b99-488c-acc2-71c829aa5ffc\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-3b980d31-7904-4bb7-8575-5665739a8052\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-6e2593d9-add6-4083-9c9b-4b7d2188c899\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-12430be1-6cc8-4527-a9a8-e3d38f250096\" : { \n \"value\" : \"Audit\"\n },\n \"modeRequirement-12430be1-6cc8-4527-a9a8-e3d38f250096\" : { \n \"value\" : \"Detection\"\n },\n \"effect-425bea59-a659-4cbb-8d31-34499bd030b8\" : { \n \"value\" : \"Audit\"\n },\n \"modeRequirement-425bea59-a659-4cbb-8d31-34499bd030b8\" : { \n \"value\" : \"Detection\"\n },\n \"effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\" : { \n \"value\" : \"Audit\"\n },\n \"effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c\" : { \n \"value\" : \"Audit\"\n },\n \"effect-013e242c-8828-4970-87b3-ab247555486d\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-d38fc420-0735-4ef3-ac11-c806f651a570\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-a1181c5f-672a-477a-979a-7d58aa086233\" : { \n \"value\" : \"Audit\"\n },\n \"effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-4da35fc9-c9e7-4960-aec9-797fe7d9051d\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-523b5cd1-3e23-492f-a539-13118b6d1e3a\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-7fe3b40f-802b-4cdd-8bd4-fd799c948cc2\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-c25d9a16-bc35-4e15-a7e5-9db606bf9ed4\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b0f33259-77d7-4c9e-aac6-3aabcfae693c\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-037eea7a-bd0a-46c5-9a66-03aea78705d3\" : { \n \"value\" : \"Audit\"\n },\n \"effect-0725b4dd-7e76-479c-a735-68e7ee23d5ca\" : { \n \"value\" : \"Audit\"\n },\n \"effect-0820b7b9-23aa-4725-a1ce-ae4558f718e5\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-2c89a2e5-7285-40fe-afe0-ae8654b92fab\" : { \n \"value\" : \"Audit\"\n },\n \"effect-358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-5744710e-cc2f-4ee8-8809-3b11e89f4bc9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-ac4a19c2-fa67-49b4-8ae5-0b2e78c49457\" : { \n \"value\" : \"Audit\"\n },\n \"effect-c9d007d0-c057-4772-b18c-01e546713bcd\" : { \n \"value\" : \"Audit\"\n },\n \"effect-d0793b48-0edc-4296-a390-4c75d1bdfd71\" : { \n \"value\" : \"Audit\"\n },\n \"effect-e372f825-a257-4fb8-9175-797a8a8627d6\" : { \n \"value\" : \"Audit\"\n },\n \"effect-d158790f-bfb0-486c-8631-2dc6b4e8e6af\" : { \n \"value\" : \"Audit\"\n },\n \"effect-e802a67a-daf5-4436-9ea6-f6d821dd0c5d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-a451c1ef-c6ca-483d-87ed-f49761e3ffb5\" : { \n \"value\" : \"Audit\"\n },\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftSql-servers-firewallRules-delete\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-delete\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftClassicNetwork-networkSecurityGroups-delete\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-securityRules-delete\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftClassicNetwork-networkSecurityGroups-securityRules-delete\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-ae89ebca-1c92-4898-ac2c-9f63decb045c\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-d26f7642-7545-4e18-9b75-8c9bbdee3a9a\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-1a4e592a-6a6e-44a5-9814-e36264ca96e7\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-7796937f-307b-4598-941c-67d3a05ebfe7\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-c5447c04-a4d7-4ba8-a263-c9ee321a6858\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-41388f1c-2db0-4c25-95b2-35d7f5ccbfa9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b02aacc0-b073-424e-8298-42b22829ee0a\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-0ec47710-77ff-4a3d-9181-6aa50af424d0\" : { \n \"value\" : \"Audit\"\n },\n \"effect-48af4db5-9b8b-401c-8e74-076be876a430\" : { \n \"value\" : \"Audit\"\n },\n \"effect-82339799-d096-41ae-8538-b108becf0970\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-bb91dfba-c30d-4263-9add-9c2384e659a6\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-e71308d3-144b-4262-b144-efdc3cc90517\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-2bdd0062-9d75-436e-89df-487dd8e4b3c7\" : { \n \"value\" : \"Disabled\"\n },\n \"effect-4733ea7b-a883-42fe-8cac-97454c2a9e4a\" : { \n \"value\" : \"Audit\"\n },\n \"effect-67121cc7-ff39-4ab8-b7e3-95b84dab487d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-6fac406b-40ca-413b-bf8e-0bf964659c25\" : { \n \"value\" : \"Audit\"\n },\n \"effect-81e74cea-30fd-40d5-802f-d72103c2aaaa\" : { \n \"value\" : \"Audit\"\n },\n \"effect-c349d81b-9985-44ae-a8da-ff98d108ede8\" : { \n \"value\" : \"Audit\"\n },\n \"effect-f4b53539-8df9-40e4-86c6-6b607703bd4e\" : { \n \"value\" : \"Audit\"\n },\n \"effect-ec068d99-e9c7-401f-8cef-5bdde4e6ccf1\" : { \n \"value\" : \"Audit\"\n },\n \"effect-048248b0-55cd-46da-b1ff-39efd52db260\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-0d134df8-db83-46fb-ad72-fe0c9428c8dd\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-2c89a2e5-7285-40fe-afe0-ae8654b92fb2\" : { \n \"value\" : \"Audit\"\n },\n \"effect-3657f5a0-770e-44a3-b44e-9431ba1e9735\" : { \n \"value\" : \"Audit\"\n },\n \"effect-5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\" : { \n \"value\" : \"Audit\"\n },\n \"effect-617c02be-7f02-4efd-8836-3180d47b6c68\" : { \n \"value\" : \"Audit\"\n },\n \"effect-7d7be79c-23ba-4033-84dd-45e2a5ccdd67\" : { \n \"value\" : \"Audit\"\n },\n \"effect-87ba29ef-1ab3-4d82-b763-87fcd4f531f7\" : { \n \"value\" : \"audit\"\n },\n \"effect-f7d52b2d-e161-4dfa-a82b-55e564167385\" : { \n \"value\" : \"Audit\"\n },\n \"effect-c43e4a30-77cb-48ab-a4dd-93f175c63b57\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1f314764-cb73-4fc9-b863-8eca98ac36e9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-123a3936-f020-408a-ba0c-47873faf1534\" : { \n \"value\" : \"AuditIfNotExists\"\n }\n}\n', '', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('logAnalyticsWorkspaceResourceGroupName')), 'Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsWorkspaceName')), '2021-06-01').customerId))))[variables('modifiedAssignment')].id]", + "parameters": "[createObject('NIST', createObject('id', '/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f', 'parameters', json(replace(' {\n \"listOfMembersToExcludeFromWindowsVMAdministratorsGroup\": \n {\n \"value\": \"admin\"\n },\n \"listOfMembersToIncludeInWindowsVMAdministratorsGroup\": \n {\n \"value\": \"azureuser\"\n },\n \"logAnalyticsWorkspaceIdforVMReporting\": \n {\n \"value\": \"\"\n },\n \"IncludeArcMachines\": \n {\n \"value\": \"true\"\n },\n \"MinimumTLSVersion-5752e6d6-1206-46d8-8ab1-ecc2f71a8112\": \n {\n \"value\": \"1.2\"\n },\n \"NotAvailableMachineState-bed48b13-6647-468e-aa2f-1af1d3f4dd40\": \n {\n \"value\": \"Compliant\"\n },\n \"requiredRetentionDays\": \n {\n \"value\": \"365\"\n },\n \"resourceGroupName-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6\": \n {\n \"value\": \"NetworkWatcherRG\"\n }\n }', '', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('logAnalyticsWorkspaceResourceGroupName')), 'Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsWorkspaceName'))))), 'IL5', createObject('id', '/providers/Microsoft.Authorization/policySetDefinitions/f9a961fa-3241-4b20-adc4-bbf8ad9d7197', 'parameters', json(replace('{\n \"IncludeArcMachines\" : { \n \"value\" : \"false\"\n },\n \"NotAvailableMachineState-bed48b13-6647-468e-aa2f-1af1d3f4dd40\" : { \n \"value\" : \"Compliant\"\n },\n \"MinimumTLSVersionForWindowsServers\" : { \n \"value\" : \"1.2\"\n },\n \"requiredRetentionDays\" : { \n \"value\" : \"365\"\n },\n \"effect-febd0533-8e55-448f-b837-bd0e06f16469\" : { \n \"value\" : \"audit\"\n },\n \"allowedContainerImagesRegex-febd0533-8e55-448f-b837-bd0e06f16469\" : { \n \"value\" : \"^(.+){0}$\"\n },\n \"effect-95edb821-ddaf-4404-9732-666045e056b4\" : { \n \"value\" : \"audit\"\n },\n \"effect-440b515e-a580-421e-abeb-b159a61ddcbc\" : { \n \"value\" : \"audit\"\n },\n \"effect-233a2a17-77ca-4fb1-9b6b-69223d272a44\" : { \n \"value\" : \"audit\"\n },\n \"effect-e345eecc-fa47-480f-9e88-67dcc122b164\" : { \n \"value\" : \"audit\"\n },\n \"cpuLimit-e345eecc-fa47-480f-9e88-67dcc122b164\" : { \n \"value\" : \"0\"\n },\n \"memoryLimit-e345eecc-fa47-480f-9e88-67dcc122b164\" : { \n \"value\" : \"0\"\n },\n \"effect-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \n \"value\" : \"audit\"\n },\n \"runAsUserRule-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \n \"value\" : \"MustRunAsNonRoot\"\n },\n \"runAsGroupRule-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \n \"value\" : \"RunAsAny\"\n },\n \"supplementalGroupsRule-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \n \"value\" : \"RunAsAny\"\n },\n \"fsGroupRule-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \n \"value\" : \"RunAsAny\"\n },\n \"effect-1c6e92c9-99f0-4e55-9cf2-0c234dc48f99\" : { \n \"value\" : \"audit\"\n },\n \"effect-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8\" : { \n \"value\" : \"audit\"\n },\n \"effect-df49d893-a74c-421d-bc95-c663042e5b80\" : { \n \"value\" : \"audit\"\n },\n \"effect-1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\" : { \n \"value\" : \"audit\"\n },\n \"effect-c26596ff-4d70-4e6a-9a30-c2506bd2f80c\" : { \n \"value\" : \"audit\"\n },\n \"effect-511f5417-5d12-434d-ab2e-816901e72a5e\" : { \n \"value\" : \"audit\"\n },\n \"effect-82985f06-dc18-4a48-bc1c-b9f4f0098cfe\" : { \n \"value\" : \"audit\"\n },\n \"effect-098fc59e-46c7-4d99-9b16-64990e543d75\" : { \n \"value\" : \"audit\"\n },\n \"NetworkWatcherResourceGroupName\" : { \n \"value\" : \"NetworkWatcherRG\"\n },\n \"setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\" : { \n \"value\" : \"enabled\"\n },\n \"aadAuthenticationInServiceFabricMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"effect-71ef260a-8f18-47b7-abcb-62d0673d94dc\" : { \n \"value\" : \"Audit\"\n },\n \"effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c\" : { \n \"value\" : \"Audit\"\n },\n \"effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\" : { \n \"value\" : \"Audit\"\n },\n \"effect-862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\" : { \n \"value\" : \"Audit\"\n },\n \"effect-d9da03a1-f3c3-412a-9709-947156872263\" : { \n \"value\" : \"Audit\"\n },\n \"effect-617c02be-7f02-4efd-8836-3180d47b6c68\" : { \n \"value\" : \"Audit\"\n },\n \"effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-ec068d99-e9c7-401f-8cef-5bdde4e6ccf1\" : { \n \"value\" : \"Audit\"\n },\n \"effect-c349d81b-9985-44ae-a8da-ff98d108ede8\" : { \n \"value\" : \"Audit\"\n },\n \"effect-3657f5a0-770e-44a3-b44e-9431ba1e9735\" : { \n \"value\" : \"Audit\"\n },\n \"effect-b4ac1030-89c5-4697-8e00-28b5ba6a8811\" : { \n \"value\" : \"audit\"\n },\n \"effect-ea0dfaed-95fb-448c-934e-d6e713ce393d\" : { \n \"value\" : \"audit\"\n },\n \"effect-4733ea7b-a883-42fe-8cac-97454c2a9e4a\" : { \n \"value\" : \"Audit\"\n },\n \"effect-f4b53539-8df9-40e4-86c6-6b607703bd4e\" : { \n \"value\" : \"Audit\"\n },\n \"effect-41425d9f-d1a5-499a-9932-f8ed8453932c\" : { \n \"value\" : \"Audit\"\n },\n \"effect-fc4d8e41-e223-45ea-9bf5-eada37891d87\" : { \n \"value\" : \"Audit\"\n },\n \"effect-86efb160-8de7-451d-bc08-5d475b0aadae\" : { \n \"value\" : \"Audit\"\n },\n \"effect-4ec52d6d-beb7-40c4-9a9e-fe753254690e\" : { \n \"value\" : \"Audit\"\n },\n \"effect-64d314f6-6062-4780-a861-c23e8951bee5\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1fd32ebd-e4c3-4e13-a54a-d7422d4d95f6\" : { \n \"value\" : \"Audit\"\n },\n \"effect-fa298e57-9444-42ba-bf04-86e8470e32c7\" : { \n \"value\" : \"audit\"\n },\n \"effect-67121cc7-ff39-4ab8-b7e3-95b84dab487d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1f905d99-2ab7-462c-a6b0-f709acca6c8f\" : { \n \"value\" : \"audit\"\n },\n \"effect-5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\" : { \n \"value\" : \"Audit\"\n },\n \"effect-ba769a63-b8cc-4b2d-abf6-ac33c7204be8\" : { \n \"value\" : \"Audit\"\n },\n \"effect-81e74cea-30fd-40d5-802f-d72103c2aaaa\" : { \n \"value\" : \"Audit\"\n },\n \"effect-0aa61e00-0a01-4a3c-9945-e93cffedf0e6\" : { \n \"value\" : \"Audit\"\n },\n \"effect-47031206-ce96-41f8-861b-6a915f3de284\" : { \n \"value\" : \"Audit\"\n },\n \"effect-87ba29ef-1ab3-4d82-b763-87fcd4f531f7\" : { \n \"value\" : \"audit\"\n },\n \"effect-51522a96-0869-4791-82f3-981000c2c67f\" : { \n \"value\" : \"audit\"\n },\n \"effect-b5ec538c-daa0-4006-8596-35468b9148e8\" : { \n \"value\" : \"Audit\"\n },\n \"effect-56a5ee18-2ae6-4810-86f7-18e39ce5629b\" : { \n \"value\" : \"Audit\"\n },\n \"effect-2e94d99a-8a36-4563-bc77-810d8893b671\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1fafeaf6-7927-4059-a50a-8eb2a7a6f2b5\" : { \n \"value\" : \"Audit\"\n },\n \"effect-99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1f68a601-6e6d-4e42-babf-3f643a047ea2\" : { \n \"value\" : \"audit\"\n },\n \"effect-f7d52b2d-e161-4dfa-a82b-55e564167385\" : { \n \"value\" : \"Audit\"\n },\n \"effect-7d7be79c-23ba-4033-84dd-45e2a5ccdd67\" : { \n \"value\" : \"Audit\"\n },\n \"effect-ca91455f-eace-4f96-be59-e6e2c35b4816\" : { \n \"value\" : \"Audit\"\n },\n \"effect-702dd420-7fcc-42c5-afe8-4026edd20fe0\" : { \n \"value\" : \"Audit\"\n },\n \"diagnosticsLogsInRedisCacheMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"secureTransferToStorageAccountMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"effect-d0793b48-0edc-4296-a390-4c75d1bdfd71\" : { \n \"value\" : \"Audit\"\n },\n \"effect-7d092e0a-7acd-40d2-a975-dca21cae48c4\" : { \n \"value\" : \"Audit\"\n },\n \"effect-2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\" : { \n \"value\" : \"Audit\"\n },\n \"disableUnrestrictedNetworkToStorageAccountMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"effect-55615ac9-af46-4a59-874e-391cc3dfb490\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1b8ca024-1d5c-4dec-8995-b1a932b41780\" : { \n \"value\" : \"Audit\"\n },\n \"effect-037eea7a-bd0a-46c5-9a66-03aea78705d3\" : { \n \"value\" : \"Audit\"\n },\n \"effect-53503636-bcc9-4748-9663-5348217f160f\" : { \n \"value\" : \"Audit\"\n },\n \"effect-40cec1dd-a100-4920-b15b-3024fe8901ab\" : { \n \"value\" : \"Audit\"\n },\n \"effect-0725b4dd-7e76-479c-a735-68e7ee23d5ca\" : { \n \"value\" : \"Audit\"\n },\n \"effect-a049bf77-880b-470f-ba6d-9f21c530cf83\" : { \n \"value\" : \"Audit\"\n },\n \"effect-ee980b6d-0eca-4501-8d54-f6290fd512c3\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1d84d5fb-01f6-4d12-ba4f-4a26081d403d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-37e0d2fe-28a5-43d6-a273-67d37d1f5606\" : { \n \"value\" : \"Audit\"\n },\n \"identityDesignateMoreThanOneOwnerMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"diskEncryptionMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"emailNotificationToSubscriptionOwnerHighSeverityAlertsEnabledEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"functionAppDisableRemoteDebuggingMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"sqlDbEncryptionMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensurePHPVersionLatestForAPIAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"aadAuthenticationInSqlServerMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"vmssEndpointProtectionMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"vmssOsVulnerabilitiesMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"adaptiveApplicationControlsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"geoRedundantBackupShouldBeEnabledForAzureDatabaseForPostgreSQLEffect\" : { \n \"value\" : \"Audit\"\n },\n \"ensureJavaVersionLatestForWebAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityDesignateLessThanOwnersMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"securityContactEmailAddressForSubscriptionEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"webAppRestrictCORSAccessMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityRemoveDeprecatedAccountMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"functionAppEnforceHttpsMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"ensurePythonVersionLatestForWebAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensurePythonVersionLatestForFunctionAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensurePHPVersionLatestForWebAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensurePythonVersionLatestForAPIAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMySQLEffect\" : { \n \"value\" : \"Audit\"\n },\n \"systemUpdatesMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensureJavaVersionLatestForAPIAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensureHTTPVersionLatestForWebAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"apiAppRequireLatestTlsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityEnableMFAForWritePermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensureHTTPVersionLatestForAPIAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensureJavaVersionLatestForFunctionAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"nextGenerationFirewallMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"useRbacRulesMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"webAppEnforceHttpsMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"sqlServerAuditingMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"vnetEnableDDoSProtectionMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityEnableMFAForOwnerPermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"sqlServerAdvancedDataSecurityMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"sqlManagedInstanceAdvancedDataSecurityMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"endpointProtectionMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"jitNetworkAccessMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"apiAppEnforceHttpsMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"geoRedundantStorageShouldBeEnabledForStorageAccountsEffect\" : { \n \"value\" : \"Audit\"\n },\n \"vmssSystemUpdatesMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"webAppDisableRemoteDebuggingMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"systemConfigurationsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensureHTTPVersionLatestForFunctionAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityEnableMFAForReadPermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"containerBenchmarkMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"apiAppDisableRemoteDebuggingMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"vulnerabilityAssessmentOnServerMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"webAppRequireLatestTlsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"functionAppRequireLatestTlsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"kubernetesServiceVersionUpToDateMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"sqlDbVulnerabilityAssesmentMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"membersToIncludeInLocalAdministratorsGroup\" : { \n \"value\" : \"\"\n },\n \"membersToExcludeInLocalAdministratorsGroup\" : { \n \"value\" : \"\"\n },\n \"logAnalyticsWorkspaceIDForVMAgents\" : { \n \"value\" : \"\"\n },\n \"PHPLatestVersionForAppServices\" : { \n \"value\" : \"7.4\"\n },\n \"JavaLatestVersionForAppServices\" : { \n \"value\" : \"11\"\n },\n \"WindowsPythonLatestVersionForAppServices\" : { \n \"value\" : \"3.6\"\n },\n \"LinuxPythonLatestVersionForAppServices\" : { \n \"value\" : \"3.9\"\n },\n \"ensureDotNetFrameworkLatestForFunctionAppEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"sqlManagedInstanceAdvancedDataSecurityEmailsMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"vulnerabilityAssessmentMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"ensureDotNetFrameworkLatestForWebAppEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"sqlServerAdvancedDataSecurityEmailsMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"microsoftIaaSAntimalwareExtensionShouldBeDeployedOnWindowsServersEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"securityCenterStandardPricingTierShouldBeSelectedEffect\" : { \n \"value\" : \"Audit\"\n },\n \"theLogAnalyticsAgentShouldBeInstalledOnVirtualMachinesEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"ensurePHPVersionLatestForFunctionAppEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"securityContactPhoneNumberShouldBeProvidedForSubscriptionEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"threatDetectionTypesOnManagedInstanceMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"ensureDotNetFrameworkLatestForAPIAppEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"sqlServerAdvancedDataSecurityEmailAdminsMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"threatDetectionTypesOnServerMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"theLogAnalyticsAgentShouldBeInstalledOnVirtualMachineScaleSetsEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n }\n}', '', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('logAnalyticsWorkspaceResourceGroupName')), 'Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsWorkspaceName'))))), 'CMMC', createObject('id', '/providers/Microsoft.Authorization/policySetDefinitions/b5629c75-5c77-4422-87b9-2509e680f8de', 'parameters', json(replace('{\n \"logAnalyticsWorkspaceId-f47b5582-33ec-4c5c-87c0-b010a6b2e917\" : { \n \"value\" : \"\"\n },\n \"effect-09024ccc-0c5f-475e-9457-b7c0d9ed487b\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"MembersToExclude-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f\" :{\n \"value\": \"\"\n },\n \"MembersToInclude-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7\": {\n \"value\": \"\"\n },\n \"effect-0961003e-5a0a-4549-abde-af6a37f2724d\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-0b15565f-aa9e-48ba-8619-45960f2c314d\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-0e60b895-3786-45da-8377-9c6b4b6ac5f9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-17k78e20-9358-41c9-923c-fb736d382a12\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"PHPLatestVersion\" : { \n \"value\" : \"7.3\"\n },\n \"effect-22bee202-a82f-4305-9a2a-6d7f44d4dedb\" : { \n \"value\" : \"Audit\"\n },\n \"effect-26a828e1-e88f-464e-bbb3-c134a282b9de\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-34c877ad-507e-4c82-993e-3452a6e0ad3c\" : { \n \"value\" : \"Audit\"\n },\n \"effect-3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-404c3081-a854-4457-ae30-26a93ef643f9\" : { \n \"value\" : \"Audit\"\n },\n \"effect-47a6b606-51aa-4496-8bb7-64b11cf66adc\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-496223c3-ad65-4ecd-878a-bae78737e9ed\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"JavaLatestVersion\" : { \n \"value\" : \"11\"\n },\n \"effect-4f11b553-d42e-4e3a-89be-32ca364cad4c\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-5c607a2e-c700-4744-8254-d77e7c9eb5e4\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-5f76cf89-fbf2-47fd-a3f4-b891fa780b60\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-6b1cbf55-e8b6-442f-ba4c-7246b6381474\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\" : { \n \"value\" : \"Audit\"\n },\n \"effect-7008174a-fd10-4ef0-817e-fc820a951d73\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"LinuxPythonLatestVersion\" : { \n \"value\" : \"3.8\"\n },\n \"effect-7238174a-fd10-4ef0-817e-fc820a951d73\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-7261b898-8a84-4db8-9e04-18527132abb3\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-74c3584d-afae-46f7-a20a-6f8adba71a16\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-86b3d65f-7626-441e-b690-81a8b71cff60\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-88999f4c-376a-45c8-bcb3-4058f713cf39\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-8c122334-9d20-4eb8-89ea-ac9a705b74ae\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-9297c21d-2ed6-4474-b48f-163f75654ce3\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-991310cd-e9f3-47bc-b7b6-f57b557d07db\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-9b597639-28e4-48eb-b506-56b05d366257\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-9daedab3-fb2d-461e-b861-71790eead4f6\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-a4af4a39-4135-47fb-b175-47fbdf85311d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\" : { \n \"value\" : \"enabled\"\n },\n \"effect-a70ca396-0a34-413a-88e1-b956c1e683be\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-aa633080-8b72-40c4-a2d7-d00c03e80bed\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-af6cd1bd-1635-48cb-bde7-5b15693900b9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"resourceGroupName-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6\" : { \n \"value\" : \"NetworkWatcherRG\"\n },\n \"effect-b7ddfbdc-1260-477d-91fd-98bd9be789a6\" : { \n \"value\" : \"Audit\"\n },\n \"effect-c3f317a7-a95c-4547-b7e7-11017ebdf2fe\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-cb510bfd-1cba-4d9f-a230-cb0976f4bb71\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-e2c1c086-2d84-4019-bff3-c44ccd95113c\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-e3576e28-8b17-4677-84c3-db2990658d64\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-e8cbc669-f12d-49eb-93e7-9273119e9933\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-ebb62a0c-3560-49e1-89ed-27e074e9f8ad\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-efbde977-ba53-4479-b8e9-10b957924fbf\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-f6de0be7-9a8a-4b8a-b349-43cf02d22f7c\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-f8456c1c-aa66-4dfb-861a-25d127b775c9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-f9d614c5-c173-4d56-95a7-b4437057d193\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-fb893a29-21bb-418c-a157-e99480ec364c\" : { \n \"value\" : \"Audit\"\n },\n \"effect-feedbf84-6b99-488c-acc2-71c829aa5ffc\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-3b980d31-7904-4bb7-8575-5665739a8052\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-6e2593d9-add6-4083-9c9b-4b7d2188c899\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-12430be1-6cc8-4527-a9a8-e3d38f250096\" : { \n \"value\" : \"Audit\"\n },\n \"modeRequirement-12430be1-6cc8-4527-a9a8-e3d38f250096\" : { \n \"value\" : \"Detection\"\n },\n \"effect-425bea59-a659-4cbb-8d31-34499bd030b8\" : { \n \"value\" : \"Audit\"\n },\n \"modeRequirement-425bea59-a659-4cbb-8d31-34499bd030b8\" : { \n \"value\" : \"Detection\"\n },\n \"effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\" : { \n \"value\" : \"Audit\"\n },\n \"effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c\" : { \n \"value\" : \"Audit\"\n },\n \"effect-013e242c-8828-4970-87b3-ab247555486d\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-d38fc420-0735-4ef3-ac11-c806f651a570\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-a1181c5f-672a-477a-979a-7d58aa086233\" : { \n \"value\" : \"Audit\"\n },\n \"effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-4da35fc9-c9e7-4960-aec9-797fe7d9051d\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-523b5cd1-3e23-492f-a539-13118b6d1e3a\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-7fe3b40f-802b-4cdd-8bd4-fd799c948cc2\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-c25d9a16-bc35-4e15-a7e5-9db606bf9ed4\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b0f33259-77d7-4c9e-aac6-3aabcfae693c\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-037eea7a-bd0a-46c5-9a66-03aea78705d3\" : { \n \"value\" : \"Audit\"\n },\n \"effect-0725b4dd-7e76-479c-a735-68e7ee23d5ca\" : { \n \"value\" : \"Audit\"\n },\n \"effect-0820b7b9-23aa-4725-a1ce-ae4558f718e5\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-2c89a2e5-7285-40fe-afe0-ae8654b92fab\" : { \n \"value\" : \"Audit\"\n },\n \"effect-358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-5744710e-cc2f-4ee8-8809-3b11e89f4bc9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-ac4a19c2-fa67-49b4-8ae5-0b2e78c49457\" : { \n \"value\" : \"Audit\"\n },\n \"effect-c9d007d0-c057-4772-b18c-01e546713bcd\" : { \n \"value\" : \"Audit\"\n },\n \"effect-d0793b48-0edc-4296-a390-4c75d1bdfd71\" : { \n \"value\" : \"Audit\"\n },\n \"effect-e372f825-a257-4fb8-9175-797a8a8627d6\" : { \n \"value\" : \"Audit\"\n },\n \"effect-d158790f-bfb0-486c-8631-2dc6b4e8e6af\" : { \n \"value\" : \"Audit\"\n },\n \"effect-e802a67a-daf5-4436-9ea6-f6d821dd0c5d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-a451c1ef-c6ca-483d-87ed-f49761e3ffb5\" : { \n \"value\" : \"Audit\"\n },\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftSql-servers-firewallRules-delete\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-delete\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftClassicNetwork-networkSecurityGroups-delete\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-securityRules-delete\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftClassicNetwork-networkSecurityGroups-securityRules-delete\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-ae89ebca-1c92-4898-ac2c-9f63decb045c\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-d26f7642-7545-4e18-9b75-8c9bbdee3a9a\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-1a4e592a-6a6e-44a5-9814-e36264ca96e7\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-7796937f-307b-4598-941c-67d3a05ebfe7\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-c5447c04-a4d7-4ba8-a263-c9ee321a6858\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-41388f1c-2db0-4c25-95b2-35d7f5ccbfa9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b02aacc0-b073-424e-8298-42b22829ee0a\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-0ec47710-77ff-4a3d-9181-6aa50af424d0\" : { \n \"value\" : \"Audit\"\n },\n \"effect-48af4db5-9b8b-401c-8e74-076be876a430\" : { \n \"value\" : \"Audit\"\n },\n \"effect-82339799-d096-41ae-8538-b108becf0970\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-bb91dfba-c30d-4263-9add-9c2384e659a6\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-e71308d3-144b-4262-b144-efdc3cc90517\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-2bdd0062-9d75-436e-89df-487dd8e4b3c7\" : { \n \"value\" : \"Disabled\"\n },\n \"effect-4733ea7b-a883-42fe-8cac-97454c2a9e4a\" : { \n \"value\" : \"Audit\"\n },\n \"effect-67121cc7-ff39-4ab8-b7e3-95b84dab487d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-6fac406b-40ca-413b-bf8e-0bf964659c25\" : { \n \"value\" : \"Audit\"\n },\n \"effect-81e74cea-30fd-40d5-802f-d72103c2aaaa\" : { \n \"value\" : \"Audit\"\n },\n \"effect-c349d81b-9985-44ae-a8da-ff98d108ede8\" : { \n \"value\" : \"Audit\"\n },\n \"effect-f4b53539-8df9-40e4-86c6-6b607703bd4e\" : { \n \"value\" : \"Audit\"\n },\n \"effect-ec068d99-e9c7-401f-8cef-5bdde4e6ccf1\" : { \n \"value\" : \"Audit\"\n },\n \"effect-048248b0-55cd-46da-b1ff-39efd52db260\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-0d134df8-db83-46fb-ad72-fe0c9428c8dd\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-2c89a2e5-7285-40fe-afe0-ae8654b92fb2\" : { \n \"value\" : \"Audit\"\n },\n \"effect-3657f5a0-770e-44a3-b44e-9431ba1e9735\" : { \n \"value\" : \"Audit\"\n },\n \"effect-5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\" : { \n \"value\" : \"Audit\"\n },\n \"effect-617c02be-7f02-4efd-8836-3180d47b6c68\" : { \n \"value\" : \"Audit\"\n },\n \"effect-7d7be79c-23ba-4033-84dd-45e2a5ccdd67\" : { \n \"value\" : \"Audit\"\n },\n \"effect-87ba29ef-1ab3-4d82-b763-87fcd4f531f7\" : { \n \"value\" : \"audit\"\n },\n \"effect-f7d52b2d-e161-4dfa-a82b-55e564167385\" : { \n \"value\" : \"Audit\"\n },\n \"effect-c43e4a30-77cb-48ab-a4dd-93f175c63b57\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1f314764-cb73-4fc9-b863-8eca98ac36e9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-123a3936-f020-408a-ba0c-47873faf1534\" : { \n \"value\" : \"AuditIfNotExists\"\n }\n}\n', '', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('logAnalyticsWorkspaceResourceGroupName')), 'Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsWorkspaceName')), '2021-06-01').customerId))))[variables('modifiedAssignment')].parameters]" + }, + "identity": { + "type": "SystemAssigned" + } + } + ] + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc')))]", + "[subscriptionResourceId(parameters('operationsSubscriptionId'), 'Microsoft.Resources/deployments', format('deploy-operations-rg-{0}', parameters('nowUtc')))]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", + "name": "[format('assign-policy-{0}', parameters('sharedServicesResourceGroupName'))]", + "subscriptionId": "[parameters('sharedServicesSubscriptionId')]", + "resourceGroup": "[parameters('sharedServicesResourceGroupName')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "builtInAssignment": { + "value": "[parameters('policy')]" + }, + "logAnalyticsWorkspaceName": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc'))), '2019-10-01').outputs.name.value]" + }, + "logAnalyticsWorkspaceResourceGroupName": { + "value": "[reference(subscriptionResourceId(parameters('operationsSubscriptionId'), 'Microsoft.Resources/deployments', format('deploy-operations-rg-{0}', parameters('nowUtc'))), '2019-10-01').outputs.name.value]" + }, + "operationsSubscriptionId": { + "value": "[parameters('operationsSubscriptionId')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.4.613.9944", + "templateHash": "3675806177489000536" + } + }, + "parameters": { + "builtInAssignment": { + "type": "string", + "defaultValue": "" + }, + "logAnalyticsWorkspaceName": { + "type": "string" + }, + "logAnalyticsWorkspaceResourceGroupName": { + "type": "string" + }, + "operationsSubscriptionId": { + "type": "string" + } + }, + "functions": [], + "variables": { + "modifiedAssignment": "[if(and(equals(toLower(environment().name), toLower('AzureCloud')), equals(toLower(parameters('builtInAssignment')), toLower('IL5'))), 'NIST', parameters('builtInAssignment'))]", + "assignmentName": "[format('{0} {1}', variables('modifiedAssignment'), resourceGroup().name)]" + }, + "resources": [ + { + "condition": "[not(empty(variables('modifiedAssignment')))]", + "type": "Microsoft.Authorization/policyAssignments", + "apiVersion": "2020-09-01", + "name": "[variables('assignmentName')]", + "location": "[resourceGroup().location]", + "properties": { + "policyDefinitionId": "[createObject('NIST', createObject('id', '/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f', 'parameters', json(replace(' {\n \"listOfMembersToExcludeFromWindowsVMAdministratorsGroup\": \n {\n \"value\": \"admin\"\n },\n \"listOfMembersToIncludeInWindowsVMAdministratorsGroup\": \n {\n \"value\": \"azureuser\"\n },\n \"logAnalyticsWorkspaceIdforVMReporting\": \n {\n \"value\": \"\"\n },\n \"IncludeArcMachines\": \n {\n \"value\": \"true\"\n },\n \"MinimumTLSVersion-5752e6d6-1206-46d8-8ab1-ecc2f71a8112\": \n {\n \"value\": \"1.2\"\n },\n \"NotAvailableMachineState-bed48b13-6647-468e-aa2f-1af1d3f4dd40\": \n {\n \"value\": \"Compliant\"\n },\n \"requiredRetentionDays\": \n {\n \"value\": \"365\"\n },\n \"resourceGroupName-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6\": \n {\n \"value\": \"NetworkWatcherRG\"\n }\n }', '', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('logAnalyticsWorkspaceResourceGroupName')), 'Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsWorkspaceName'))))), 'IL5', createObject('id', '/providers/Microsoft.Authorization/policySetDefinitions/f9a961fa-3241-4b20-adc4-bbf8ad9d7197', 'parameters', json(replace('{\n \"IncludeArcMachines\" : { \n \"value\" : \"false\"\n },\n \"NotAvailableMachineState-bed48b13-6647-468e-aa2f-1af1d3f4dd40\" : { \n \"value\" : \"Compliant\"\n },\n \"MinimumTLSVersionForWindowsServers\" : { \n \"value\" : \"1.2\"\n },\n \"requiredRetentionDays\" : { \n \"value\" : \"365\"\n },\n \"effect-febd0533-8e55-448f-b837-bd0e06f16469\" : { \n \"value\" : \"audit\"\n },\n \"allowedContainerImagesRegex-febd0533-8e55-448f-b837-bd0e06f16469\" : { \n \"value\" : \"^(.+){0}$\"\n },\n \"effect-95edb821-ddaf-4404-9732-666045e056b4\" : { \n \"value\" : \"audit\"\n },\n \"effect-440b515e-a580-421e-abeb-b159a61ddcbc\" : { \n \"value\" : \"audit\"\n },\n \"effect-233a2a17-77ca-4fb1-9b6b-69223d272a44\" : { \n \"value\" : \"audit\"\n },\n \"effect-e345eecc-fa47-480f-9e88-67dcc122b164\" : { \n \"value\" : \"audit\"\n },\n \"cpuLimit-e345eecc-fa47-480f-9e88-67dcc122b164\" : { \n \"value\" : \"0\"\n },\n \"memoryLimit-e345eecc-fa47-480f-9e88-67dcc122b164\" : { \n \"value\" : \"0\"\n },\n \"effect-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \n \"value\" : \"audit\"\n },\n \"runAsUserRule-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \n \"value\" : \"MustRunAsNonRoot\"\n },\n \"runAsGroupRule-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \n \"value\" : \"RunAsAny\"\n },\n \"supplementalGroupsRule-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \n \"value\" : \"RunAsAny\"\n },\n \"fsGroupRule-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \n \"value\" : \"RunAsAny\"\n },\n \"effect-1c6e92c9-99f0-4e55-9cf2-0c234dc48f99\" : { \n \"value\" : \"audit\"\n },\n \"effect-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8\" : { \n \"value\" : \"audit\"\n },\n \"effect-df49d893-a74c-421d-bc95-c663042e5b80\" : { \n \"value\" : \"audit\"\n },\n \"effect-1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\" : { \n \"value\" : \"audit\"\n },\n \"effect-c26596ff-4d70-4e6a-9a30-c2506bd2f80c\" : { \n \"value\" : \"audit\"\n },\n \"effect-511f5417-5d12-434d-ab2e-816901e72a5e\" : { \n \"value\" : \"audit\"\n },\n \"effect-82985f06-dc18-4a48-bc1c-b9f4f0098cfe\" : { \n \"value\" : \"audit\"\n },\n \"effect-098fc59e-46c7-4d99-9b16-64990e543d75\" : { \n \"value\" : \"audit\"\n },\n \"NetworkWatcherResourceGroupName\" : { \n \"value\" : \"NetworkWatcherRG\"\n },\n \"setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\" : { \n \"value\" : \"enabled\"\n },\n \"aadAuthenticationInServiceFabricMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"effect-71ef260a-8f18-47b7-abcb-62d0673d94dc\" : { \n \"value\" : \"Audit\"\n },\n \"effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c\" : { \n \"value\" : \"Audit\"\n },\n \"effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\" : { \n \"value\" : \"Audit\"\n },\n \"effect-862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\" : { \n \"value\" : \"Audit\"\n },\n \"effect-d9da03a1-f3c3-412a-9709-947156872263\" : { \n \"value\" : \"Audit\"\n },\n \"effect-617c02be-7f02-4efd-8836-3180d47b6c68\" : { \n \"value\" : \"Audit\"\n },\n \"effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-ec068d99-e9c7-401f-8cef-5bdde4e6ccf1\" : { \n \"value\" : \"Audit\"\n },\n \"effect-c349d81b-9985-44ae-a8da-ff98d108ede8\" : { \n \"value\" : \"Audit\"\n },\n \"effect-3657f5a0-770e-44a3-b44e-9431ba1e9735\" : { \n \"value\" : \"Audit\"\n },\n \"effect-b4ac1030-89c5-4697-8e00-28b5ba6a8811\" : { \n \"value\" : \"audit\"\n },\n \"effect-ea0dfaed-95fb-448c-934e-d6e713ce393d\" : { \n \"value\" : \"audit\"\n },\n \"effect-4733ea7b-a883-42fe-8cac-97454c2a9e4a\" : { \n \"value\" : \"Audit\"\n },\n \"effect-f4b53539-8df9-40e4-86c6-6b607703bd4e\" : { \n \"value\" : \"Audit\"\n },\n \"effect-41425d9f-d1a5-499a-9932-f8ed8453932c\" : { \n \"value\" : \"Audit\"\n },\n \"effect-fc4d8e41-e223-45ea-9bf5-eada37891d87\" : { \n \"value\" : \"Audit\"\n },\n \"effect-86efb160-8de7-451d-bc08-5d475b0aadae\" : { \n \"value\" : \"Audit\"\n },\n \"effect-4ec52d6d-beb7-40c4-9a9e-fe753254690e\" : { \n \"value\" : \"Audit\"\n },\n \"effect-64d314f6-6062-4780-a861-c23e8951bee5\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1fd32ebd-e4c3-4e13-a54a-d7422d4d95f6\" : { \n \"value\" : \"Audit\"\n },\n \"effect-fa298e57-9444-42ba-bf04-86e8470e32c7\" : { \n \"value\" : \"audit\"\n },\n \"effect-67121cc7-ff39-4ab8-b7e3-95b84dab487d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1f905d99-2ab7-462c-a6b0-f709acca6c8f\" : { \n \"value\" : \"audit\"\n },\n \"effect-5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\" : { \n \"value\" : \"Audit\"\n },\n \"effect-ba769a63-b8cc-4b2d-abf6-ac33c7204be8\" : { \n \"value\" : \"Audit\"\n },\n \"effect-81e74cea-30fd-40d5-802f-d72103c2aaaa\" : { \n \"value\" : \"Audit\"\n },\n \"effect-0aa61e00-0a01-4a3c-9945-e93cffedf0e6\" : { \n \"value\" : \"Audit\"\n },\n \"effect-47031206-ce96-41f8-861b-6a915f3de284\" : { \n \"value\" : \"Audit\"\n },\n \"effect-87ba29ef-1ab3-4d82-b763-87fcd4f531f7\" : { \n \"value\" : \"audit\"\n },\n \"effect-51522a96-0869-4791-82f3-981000c2c67f\" : { \n \"value\" : \"audit\"\n },\n \"effect-b5ec538c-daa0-4006-8596-35468b9148e8\" : { \n \"value\" : \"Audit\"\n },\n \"effect-56a5ee18-2ae6-4810-86f7-18e39ce5629b\" : { \n \"value\" : \"Audit\"\n },\n \"effect-2e94d99a-8a36-4563-bc77-810d8893b671\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1fafeaf6-7927-4059-a50a-8eb2a7a6f2b5\" : { \n \"value\" : \"Audit\"\n },\n \"effect-99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1f68a601-6e6d-4e42-babf-3f643a047ea2\" : { \n \"value\" : \"audit\"\n },\n \"effect-f7d52b2d-e161-4dfa-a82b-55e564167385\" : { \n \"value\" : \"Audit\"\n },\n \"effect-7d7be79c-23ba-4033-84dd-45e2a5ccdd67\" : { \n \"value\" : \"Audit\"\n },\n \"effect-ca91455f-eace-4f96-be59-e6e2c35b4816\" : { \n \"value\" : \"Audit\"\n },\n \"effect-702dd420-7fcc-42c5-afe8-4026edd20fe0\" : { \n \"value\" : \"Audit\"\n },\n \"diagnosticsLogsInRedisCacheMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"secureTransferToStorageAccountMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"effect-d0793b48-0edc-4296-a390-4c75d1bdfd71\" : { \n \"value\" : \"Audit\"\n },\n \"effect-7d092e0a-7acd-40d2-a975-dca21cae48c4\" : { \n \"value\" : \"Audit\"\n },\n \"effect-2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\" : { \n \"value\" : \"Audit\"\n },\n \"disableUnrestrictedNetworkToStorageAccountMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"effect-55615ac9-af46-4a59-874e-391cc3dfb490\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1b8ca024-1d5c-4dec-8995-b1a932b41780\" : { \n \"value\" : \"Audit\"\n },\n \"effect-037eea7a-bd0a-46c5-9a66-03aea78705d3\" : { \n \"value\" : \"Audit\"\n },\n \"effect-53503636-bcc9-4748-9663-5348217f160f\" : { \n \"value\" : \"Audit\"\n },\n \"effect-40cec1dd-a100-4920-b15b-3024fe8901ab\" : { \n \"value\" : \"Audit\"\n },\n \"effect-0725b4dd-7e76-479c-a735-68e7ee23d5ca\" : { \n \"value\" : \"Audit\"\n },\n \"effect-a049bf77-880b-470f-ba6d-9f21c530cf83\" : { \n \"value\" : \"Audit\"\n },\n \"effect-ee980b6d-0eca-4501-8d54-f6290fd512c3\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1d84d5fb-01f6-4d12-ba4f-4a26081d403d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-37e0d2fe-28a5-43d6-a273-67d37d1f5606\" : { \n \"value\" : \"Audit\"\n },\n \"identityDesignateMoreThanOneOwnerMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"diskEncryptionMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"emailNotificationToSubscriptionOwnerHighSeverityAlertsEnabledEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"functionAppDisableRemoteDebuggingMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"sqlDbEncryptionMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensurePHPVersionLatestForAPIAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"aadAuthenticationInSqlServerMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"vmssEndpointProtectionMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"vmssOsVulnerabilitiesMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"adaptiveApplicationControlsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"geoRedundantBackupShouldBeEnabledForAzureDatabaseForPostgreSQLEffect\" : { \n \"value\" : \"Audit\"\n },\n \"ensureJavaVersionLatestForWebAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityDesignateLessThanOwnersMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"securityContactEmailAddressForSubscriptionEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"webAppRestrictCORSAccessMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityRemoveDeprecatedAccountMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"functionAppEnforceHttpsMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"ensurePythonVersionLatestForWebAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensurePythonVersionLatestForFunctionAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensurePHPVersionLatestForWebAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensurePythonVersionLatestForAPIAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMySQLEffect\" : { \n \"value\" : \"Audit\"\n },\n \"systemUpdatesMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensureJavaVersionLatestForAPIAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensureHTTPVersionLatestForWebAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"apiAppRequireLatestTlsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityEnableMFAForWritePermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensureHTTPVersionLatestForAPIAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensureJavaVersionLatestForFunctionAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"nextGenerationFirewallMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"useRbacRulesMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"webAppEnforceHttpsMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"sqlServerAuditingMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"vnetEnableDDoSProtectionMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityEnableMFAForOwnerPermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"sqlServerAdvancedDataSecurityMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"sqlManagedInstanceAdvancedDataSecurityMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"endpointProtectionMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"jitNetworkAccessMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"apiAppEnforceHttpsMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"geoRedundantStorageShouldBeEnabledForStorageAccountsEffect\" : { \n \"value\" : \"Audit\"\n },\n \"vmssSystemUpdatesMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"webAppDisableRemoteDebuggingMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"systemConfigurationsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensureHTTPVersionLatestForFunctionAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityEnableMFAForReadPermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"containerBenchmarkMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"apiAppDisableRemoteDebuggingMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"vulnerabilityAssessmentOnServerMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"webAppRequireLatestTlsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"functionAppRequireLatestTlsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"kubernetesServiceVersionUpToDateMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"sqlDbVulnerabilityAssesmentMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"membersToIncludeInLocalAdministratorsGroup\" : { \n \"value\" : \"\"\n },\n \"membersToExcludeInLocalAdministratorsGroup\" : { \n \"value\" : \"\"\n },\n \"logAnalyticsWorkspaceIDForVMAgents\" : { \n \"value\" : \"\"\n },\n \"PHPLatestVersionForAppServices\" : { \n \"value\" : \"7.4\"\n },\n \"JavaLatestVersionForAppServices\" : { \n \"value\" : \"11\"\n },\n \"WindowsPythonLatestVersionForAppServices\" : { \n \"value\" : \"3.6\"\n },\n \"LinuxPythonLatestVersionForAppServices\" : { \n \"value\" : \"3.9\"\n },\n \"ensureDotNetFrameworkLatestForFunctionAppEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"sqlManagedInstanceAdvancedDataSecurityEmailsMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"vulnerabilityAssessmentMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"ensureDotNetFrameworkLatestForWebAppEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"sqlServerAdvancedDataSecurityEmailsMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"microsoftIaaSAntimalwareExtensionShouldBeDeployedOnWindowsServersEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"securityCenterStandardPricingTierShouldBeSelectedEffect\" : { \n \"value\" : \"Audit\"\n },\n \"theLogAnalyticsAgentShouldBeInstalledOnVirtualMachinesEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"ensurePHPVersionLatestForFunctionAppEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"securityContactPhoneNumberShouldBeProvidedForSubscriptionEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"threatDetectionTypesOnManagedInstanceMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"ensureDotNetFrameworkLatestForAPIAppEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"sqlServerAdvancedDataSecurityEmailAdminsMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"threatDetectionTypesOnServerMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"theLogAnalyticsAgentShouldBeInstalledOnVirtualMachineScaleSetsEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n }\n}', '', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('logAnalyticsWorkspaceResourceGroupName')), 'Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsWorkspaceName'))))), 'CMMC', createObject('id', '/providers/Microsoft.Authorization/policySetDefinitions/b5629c75-5c77-4422-87b9-2509e680f8de', 'parameters', json(replace('{\n \"logAnalyticsWorkspaceId-f47b5582-33ec-4c5c-87c0-b010a6b2e917\" : { \n \"value\" : \"\"\n },\n \"effect-09024ccc-0c5f-475e-9457-b7c0d9ed487b\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"MembersToExclude-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f\" :{\n \"value\": \"\"\n },\n \"MembersToInclude-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7\": {\n \"value\": \"\"\n },\n \"effect-0961003e-5a0a-4549-abde-af6a37f2724d\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-0b15565f-aa9e-48ba-8619-45960f2c314d\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-0e60b895-3786-45da-8377-9c6b4b6ac5f9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-17k78e20-9358-41c9-923c-fb736d382a12\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"PHPLatestVersion\" : { \n \"value\" : \"7.3\"\n },\n \"effect-22bee202-a82f-4305-9a2a-6d7f44d4dedb\" : { \n \"value\" : \"Audit\"\n },\n \"effect-26a828e1-e88f-464e-bbb3-c134a282b9de\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-34c877ad-507e-4c82-993e-3452a6e0ad3c\" : { \n \"value\" : \"Audit\"\n },\n \"effect-3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-404c3081-a854-4457-ae30-26a93ef643f9\" : { \n \"value\" : \"Audit\"\n },\n \"effect-47a6b606-51aa-4496-8bb7-64b11cf66adc\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-496223c3-ad65-4ecd-878a-bae78737e9ed\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"JavaLatestVersion\" : { \n \"value\" : \"11\"\n },\n \"effect-4f11b553-d42e-4e3a-89be-32ca364cad4c\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-5c607a2e-c700-4744-8254-d77e7c9eb5e4\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-5f76cf89-fbf2-47fd-a3f4-b891fa780b60\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-6b1cbf55-e8b6-442f-ba4c-7246b6381474\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\" : { \n \"value\" : \"Audit\"\n },\n \"effect-7008174a-fd10-4ef0-817e-fc820a951d73\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"LinuxPythonLatestVersion\" : { \n \"value\" : \"3.8\"\n },\n \"effect-7238174a-fd10-4ef0-817e-fc820a951d73\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-7261b898-8a84-4db8-9e04-18527132abb3\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-74c3584d-afae-46f7-a20a-6f8adba71a16\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-86b3d65f-7626-441e-b690-81a8b71cff60\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-88999f4c-376a-45c8-bcb3-4058f713cf39\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-8c122334-9d20-4eb8-89ea-ac9a705b74ae\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-9297c21d-2ed6-4474-b48f-163f75654ce3\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-991310cd-e9f3-47bc-b7b6-f57b557d07db\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-9b597639-28e4-48eb-b506-56b05d366257\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-9daedab3-fb2d-461e-b861-71790eead4f6\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-a4af4a39-4135-47fb-b175-47fbdf85311d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\" : { \n \"value\" : \"enabled\"\n },\n \"effect-a70ca396-0a34-413a-88e1-b956c1e683be\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-aa633080-8b72-40c4-a2d7-d00c03e80bed\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-af6cd1bd-1635-48cb-bde7-5b15693900b9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"resourceGroupName-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6\" : { \n \"value\" : \"NetworkWatcherRG\"\n },\n \"effect-b7ddfbdc-1260-477d-91fd-98bd9be789a6\" : { \n \"value\" : \"Audit\"\n },\n \"effect-c3f317a7-a95c-4547-b7e7-11017ebdf2fe\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-cb510bfd-1cba-4d9f-a230-cb0976f4bb71\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-e2c1c086-2d84-4019-bff3-c44ccd95113c\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-e3576e28-8b17-4677-84c3-db2990658d64\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-e8cbc669-f12d-49eb-93e7-9273119e9933\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-ebb62a0c-3560-49e1-89ed-27e074e9f8ad\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-efbde977-ba53-4479-b8e9-10b957924fbf\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-f6de0be7-9a8a-4b8a-b349-43cf02d22f7c\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-f8456c1c-aa66-4dfb-861a-25d127b775c9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-f9d614c5-c173-4d56-95a7-b4437057d193\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-fb893a29-21bb-418c-a157-e99480ec364c\" : { \n \"value\" : \"Audit\"\n },\n \"effect-feedbf84-6b99-488c-acc2-71c829aa5ffc\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-3b980d31-7904-4bb7-8575-5665739a8052\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-6e2593d9-add6-4083-9c9b-4b7d2188c899\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-12430be1-6cc8-4527-a9a8-e3d38f250096\" : { \n \"value\" : \"Audit\"\n },\n \"modeRequirement-12430be1-6cc8-4527-a9a8-e3d38f250096\" : { \n \"value\" : \"Detection\"\n },\n \"effect-425bea59-a659-4cbb-8d31-34499bd030b8\" : { \n \"value\" : \"Audit\"\n },\n \"modeRequirement-425bea59-a659-4cbb-8d31-34499bd030b8\" : { \n \"value\" : \"Detection\"\n },\n \"effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\" : { \n \"value\" : \"Audit\"\n },\n \"effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c\" : { \n \"value\" : \"Audit\"\n },\n \"effect-013e242c-8828-4970-87b3-ab247555486d\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-d38fc420-0735-4ef3-ac11-c806f651a570\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-a1181c5f-672a-477a-979a-7d58aa086233\" : { \n \"value\" : \"Audit\"\n },\n \"effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-4da35fc9-c9e7-4960-aec9-797fe7d9051d\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-523b5cd1-3e23-492f-a539-13118b6d1e3a\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-7fe3b40f-802b-4cdd-8bd4-fd799c948cc2\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-c25d9a16-bc35-4e15-a7e5-9db606bf9ed4\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b0f33259-77d7-4c9e-aac6-3aabcfae693c\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-037eea7a-bd0a-46c5-9a66-03aea78705d3\" : { \n \"value\" : \"Audit\"\n },\n \"effect-0725b4dd-7e76-479c-a735-68e7ee23d5ca\" : { \n \"value\" : \"Audit\"\n },\n \"effect-0820b7b9-23aa-4725-a1ce-ae4558f718e5\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-2c89a2e5-7285-40fe-afe0-ae8654b92fab\" : { \n \"value\" : \"Audit\"\n },\n \"effect-358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-5744710e-cc2f-4ee8-8809-3b11e89f4bc9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-ac4a19c2-fa67-49b4-8ae5-0b2e78c49457\" : { \n \"value\" : \"Audit\"\n },\n \"effect-c9d007d0-c057-4772-b18c-01e546713bcd\" : { \n \"value\" : \"Audit\"\n },\n \"effect-d0793b48-0edc-4296-a390-4c75d1bdfd71\" : { \n \"value\" : \"Audit\"\n },\n \"effect-e372f825-a257-4fb8-9175-797a8a8627d6\" : { \n \"value\" : \"Audit\"\n },\n \"effect-d158790f-bfb0-486c-8631-2dc6b4e8e6af\" : { \n \"value\" : \"Audit\"\n },\n \"effect-e802a67a-daf5-4436-9ea6-f6d821dd0c5d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-a451c1ef-c6ca-483d-87ed-f49761e3ffb5\" : { \n \"value\" : \"Audit\"\n },\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftSql-servers-firewallRules-delete\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-delete\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftClassicNetwork-networkSecurityGroups-delete\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-securityRules-delete\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftClassicNetwork-networkSecurityGroups-securityRules-delete\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-ae89ebca-1c92-4898-ac2c-9f63decb045c\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-d26f7642-7545-4e18-9b75-8c9bbdee3a9a\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-1a4e592a-6a6e-44a5-9814-e36264ca96e7\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-7796937f-307b-4598-941c-67d3a05ebfe7\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-c5447c04-a4d7-4ba8-a263-c9ee321a6858\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-41388f1c-2db0-4c25-95b2-35d7f5ccbfa9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b02aacc0-b073-424e-8298-42b22829ee0a\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-0ec47710-77ff-4a3d-9181-6aa50af424d0\" : { \n \"value\" : \"Audit\"\n },\n \"effect-48af4db5-9b8b-401c-8e74-076be876a430\" : { \n \"value\" : \"Audit\"\n },\n \"effect-82339799-d096-41ae-8538-b108becf0970\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-bb91dfba-c30d-4263-9add-9c2384e659a6\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-e71308d3-144b-4262-b144-efdc3cc90517\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-2bdd0062-9d75-436e-89df-487dd8e4b3c7\" : { \n \"value\" : \"Disabled\"\n },\n \"effect-4733ea7b-a883-42fe-8cac-97454c2a9e4a\" : { \n \"value\" : \"Audit\"\n },\n \"effect-67121cc7-ff39-4ab8-b7e3-95b84dab487d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-6fac406b-40ca-413b-bf8e-0bf964659c25\" : { \n \"value\" : \"Audit\"\n },\n \"effect-81e74cea-30fd-40d5-802f-d72103c2aaaa\" : { \n \"value\" : \"Audit\"\n },\n \"effect-c349d81b-9985-44ae-a8da-ff98d108ede8\" : { \n \"value\" : \"Audit\"\n },\n \"effect-f4b53539-8df9-40e4-86c6-6b607703bd4e\" : { \n \"value\" : \"Audit\"\n },\n \"effect-ec068d99-e9c7-401f-8cef-5bdde4e6ccf1\" : { \n \"value\" : \"Audit\"\n },\n \"effect-048248b0-55cd-46da-b1ff-39efd52db260\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-0d134df8-db83-46fb-ad72-fe0c9428c8dd\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-2c89a2e5-7285-40fe-afe0-ae8654b92fb2\" : { \n \"value\" : \"Audit\"\n },\n \"effect-3657f5a0-770e-44a3-b44e-9431ba1e9735\" : { \n \"value\" : \"Audit\"\n },\n \"effect-5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\" : { \n \"value\" : \"Audit\"\n },\n \"effect-617c02be-7f02-4efd-8836-3180d47b6c68\" : { \n \"value\" : \"Audit\"\n },\n \"effect-7d7be79c-23ba-4033-84dd-45e2a5ccdd67\" : { \n \"value\" : \"Audit\"\n },\n \"effect-87ba29ef-1ab3-4d82-b763-87fcd4f531f7\" : { \n \"value\" : \"audit\"\n },\n \"effect-f7d52b2d-e161-4dfa-a82b-55e564167385\" : { \n \"value\" : \"Audit\"\n },\n \"effect-c43e4a30-77cb-48ab-a4dd-93f175c63b57\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1f314764-cb73-4fc9-b863-8eca98ac36e9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-123a3936-f020-408a-ba0c-47873faf1534\" : { \n \"value\" : \"AuditIfNotExists\"\n }\n}\n', '', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('logAnalyticsWorkspaceResourceGroupName')), 'Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsWorkspaceName')), '2021-06-01').customerId))))[variables('modifiedAssignment')].id]", + "parameters": "[createObject('NIST', createObject('id', '/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f', 'parameters', json(replace(' {\n \"listOfMembersToExcludeFromWindowsVMAdministratorsGroup\": \n {\n \"value\": \"admin\"\n },\n \"listOfMembersToIncludeInWindowsVMAdministratorsGroup\": \n {\n \"value\": \"azureuser\"\n },\n \"logAnalyticsWorkspaceIdforVMReporting\": \n {\n \"value\": \"\"\n },\n \"IncludeArcMachines\": \n {\n \"value\": \"true\"\n },\n \"MinimumTLSVersion-5752e6d6-1206-46d8-8ab1-ecc2f71a8112\": \n {\n \"value\": \"1.2\"\n },\n \"NotAvailableMachineState-bed48b13-6647-468e-aa2f-1af1d3f4dd40\": \n {\n \"value\": \"Compliant\"\n },\n \"requiredRetentionDays\": \n {\n \"value\": \"365\"\n },\n \"resourceGroupName-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6\": \n {\n \"value\": \"NetworkWatcherRG\"\n }\n }', '', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('logAnalyticsWorkspaceResourceGroupName')), 'Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsWorkspaceName'))))), 'IL5', createObject('id', '/providers/Microsoft.Authorization/policySetDefinitions/f9a961fa-3241-4b20-adc4-bbf8ad9d7197', 'parameters', json(replace('{\n \"IncludeArcMachines\" : { \n \"value\" : \"false\"\n },\n \"NotAvailableMachineState-bed48b13-6647-468e-aa2f-1af1d3f4dd40\" : { \n \"value\" : \"Compliant\"\n },\n \"MinimumTLSVersionForWindowsServers\" : { \n \"value\" : \"1.2\"\n },\n \"requiredRetentionDays\" : { \n \"value\" : \"365\"\n },\n \"effect-febd0533-8e55-448f-b837-bd0e06f16469\" : { \n \"value\" : \"audit\"\n },\n \"allowedContainerImagesRegex-febd0533-8e55-448f-b837-bd0e06f16469\" : { \n \"value\" : \"^(.+){0}$\"\n },\n \"effect-95edb821-ddaf-4404-9732-666045e056b4\" : { \n \"value\" : \"audit\"\n },\n \"effect-440b515e-a580-421e-abeb-b159a61ddcbc\" : { \n \"value\" : \"audit\"\n },\n \"effect-233a2a17-77ca-4fb1-9b6b-69223d272a44\" : { \n \"value\" : \"audit\"\n },\n \"effect-e345eecc-fa47-480f-9e88-67dcc122b164\" : { \n \"value\" : \"audit\"\n },\n \"cpuLimit-e345eecc-fa47-480f-9e88-67dcc122b164\" : { \n \"value\" : \"0\"\n },\n \"memoryLimit-e345eecc-fa47-480f-9e88-67dcc122b164\" : { \n \"value\" : \"0\"\n },\n \"effect-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \n \"value\" : \"audit\"\n },\n \"runAsUserRule-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \n \"value\" : \"MustRunAsNonRoot\"\n },\n \"runAsGroupRule-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \n \"value\" : \"RunAsAny\"\n },\n \"supplementalGroupsRule-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \n \"value\" : \"RunAsAny\"\n },\n \"fsGroupRule-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \n \"value\" : \"RunAsAny\"\n },\n \"effect-1c6e92c9-99f0-4e55-9cf2-0c234dc48f99\" : { \n \"value\" : \"audit\"\n },\n \"effect-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8\" : { \n \"value\" : \"audit\"\n },\n \"effect-df49d893-a74c-421d-bc95-c663042e5b80\" : { \n \"value\" : \"audit\"\n },\n \"effect-1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\" : { \n \"value\" : \"audit\"\n },\n \"effect-c26596ff-4d70-4e6a-9a30-c2506bd2f80c\" : { \n \"value\" : \"audit\"\n },\n \"effect-511f5417-5d12-434d-ab2e-816901e72a5e\" : { \n \"value\" : \"audit\"\n },\n \"effect-82985f06-dc18-4a48-bc1c-b9f4f0098cfe\" : { \n \"value\" : \"audit\"\n },\n \"effect-098fc59e-46c7-4d99-9b16-64990e543d75\" : { \n \"value\" : \"audit\"\n },\n \"NetworkWatcherResourceGroupName\" : { \n \"value\" : \"NetworkWatcherRG\"\n },\n \"setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\" : { \n \"value\" : \"enabled\"\n },\n \"aadAuthenticationInServiceFabricMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"effect-71ef260a-8f18-47b7-abcb-62d0673d94dc\" : { \n \"value\" : \"Audit\"\n },\n \"effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c\" : { \n \"value\" : \"Audit\"\n },\n \"effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\" : { \n \"value\" : \"Audit\"\n },\n \"effect-862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\" : { \n \"value\" : \"Audit\"\n },\n \"effect-d9da03a1-f3c3-412a-9709-947156872263\" : { \n \"value\" : \"Audit\"\n },\n \"effect-617c02be-7f02-4efd-8836-3180d47b6c68\" : { \n \"value\" : \"Audit\"\n },\n \"effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-ec068d99-e9c7-401f-8cef-5bdde4e6ccf1\" : { \n \"value\" : \"Audit\"\n },\n \"effect-c349d81b-9985-44ae-a8da-ff98d108ede8\" : { \n \"value\" : \"Audit\"\n },\n \"effect-3657f5a0-770e-44a3-b44e-9431ba1e9735\" : { \n \"value\" : \"Audit\"\n },\n \"effect-b4ac1030-89c5-4697-8e00-28b5ba6a8811\" : { \n \"value\" : \"audit\"\n },\n \"effect-ea0dfaed-95fb-448c-934e-d6e713ce393d\" : { \n \"value\" : \"audit\"\n },\n \"effect-4733ea7b-a883-42fe-8cac-97454c2a9e4a\" : { \n \"value\" : \"Audit\"\n },\n \"effect-f4b53539-8df9-40e4-86c6-6b607703bd4e\" : { \n \"value\" : \"Audit\"\n },\n \"effect-41425d9f-d1a5-499a-9932-f8ed8453932c\" : { \n \"value\" : \"Audit\"\n },\n \"effect-fc4d8e41-e223-45ea-9bf5-eada37891d87\" : { \n \"value\" : \"Audit\"\n },\n \"effect-86efb160-8de7-451d-bc08-5d475b0aadae\" : { \n \"value\" : \"Audit\"\n },\n \"effect-4ec52d6d-beb7-40c4-9a9e-fe753254690e\" : { \n \"value\" : \"Audit\"\n },\n \"effect-64d314f6-6062-4780-a861-c23e8951bee5\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1fd32ebd-e4c3-4e13-a54a-d7422d4d95f6\" : { \n \"value\" : \"Audit\"\n },\n \"effect-fa298e57-9444-42ba-bf04-86e8470e32c7\" : { \n \"value\" : \"audit\"\n },\n \"effect-67121cc7-ff39-4ab8-b7e3-95b84dab487d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1f905d99-2ab7-462c-a6b0-f709acca6c8f\" : { \n \"value\" : \"audit\"\n },\n \"effect-5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\" : { \n \"value\" : \"Audit\"\n },\n \"effect-ba769a63-b8cc-4b2d-abf6-ac33c7204be8\" : { \n \"value\" : \"Audit\"\n },\n \"effect-81e74cea-30fd-40d5-802f-d72103c2aaaa\" : { \n \"value\" : \"Audit\"\n },\n \"effect-0aa61e00-0a01-4a3c-9945-e93cffedf0e6\" : { \n \"value\" : \"Audit\"\n },\n \"effect-47031206-ce96-41f8-861b-6a915f3de284\" : { \n \"value\" : \"Audit\"\n },\n \"effect-87ba29ef-1ab3-4d82-b763-87fcd4f531f7\" : { \n \"value\" : \"audit\"\n },\n \"effect-51522a96-0869-4791-82f3-981000c2c67f\" : { \n \"value\" : \"audit\"\n },\n \"effect-b5ec538c-daa0-4006-8596-35468b9148e8\" : { \n \"value\" : \"Audit\"\n },\n \"effect-56a5ee18-2ae6-4810-86f7-18e39ce5629b\" : { \n \"value\" : \"Audit\"\n },\n \"effect-2e94d99a-8a36-4563-bc77-810d8893b671\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1fafeaf6-7927-4059-a50a-8eb2a7a6f2b5\" : { \n \"value\" : \"Audit\"\n },\n \"effect-99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1f68a601-6e6d-4e42-babf-3f643a047ea2\" : { \n \"value\" : \"audit\"\n },\n \"effect-f7d52b2d-e161-4dfa-a82b-55e564167385\" : { \n \"value\" : \"Audit\"\n },\n \"effect-7d7be79c-23ba-4033-84dd-45e2a5ccdd67\" : { \n \"value\" : \"Audit\"\n },\n \"effect-ca91455f-eace-4f96-be59-e6e2c35b4816\" : { \n \"value\" : \"Audit\"\n },\n \"effect-702dd420-7fcc-42c5-afe8-4026edd20fe0\" : { \n \"value\" : \"Audit\"\n },\n \"diagnosticsLogsInRedisCacheMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"secureTransferToStorageAccountMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"effect-d0793b48-0edc-4296-a390-4c75d1bdfd71\" : { \n \"value\" : \"Audit\"\n },\n \"effect-7d092e0a-7acd-40d2-a975-dca21cae48c4\" : { \n \"value\" : \"Audit\"\n },\n \"effect-2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\" : { \n \"value\" : \"Audit\"\n },\n \"disableUnrestrictedNetworkToStorageAccountMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"effect-55615ac9-af46-4a59-874e-391cc3dfb490\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1b8ca024-1d5c-4dec-8995-b1a932b41780\" : { \n \"value\" : \"Audit\"\n },\n \"effect-037eea7a-bd0a-46c5-9a66-03aea78705d3\" : { \n \"value\" : \"Audit\"\n },\n \"effect-53503636-bcc9-4748-9663-5348217f160f\" : { \n \"value\" : \"Audit\"\n },\n \"effect-40cec1dd-a100-4920-b15b-3024fe8901ab\" : { \n \"value\" : \"Audit\"\n },\n \"effect-0725b4dd-7e76-479c-a735-68e7ee23d5ca\" : { \n \"value\" : \"Audit\"\n },\n \"effect-a049bf77-880b-470f-ba6d-9f21c530cf83\" : { \n \"value\" : \"Audit\"\n },\n \"effect-ee980b6d-0eca-4501-8d54-f6290fd512c3\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1d84d5fb-01f6-4d12-ba4f-4a26081d403d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-37e0d2fe-28a5-43d6-a273-67d37d1f5606\" : { \n \"value\" : \"Audit\"\n },\n \"identityDesignateMoreThanOneOwnerMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"diskEncryptionMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"emailNotificationToSubscriptionOwnerHighSeverityAlertsEnabledEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"functionAppDisableRemoteDebuggingMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"sqlDbEncryptionMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensurePHPVersionLatestForAPIAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"aadAuthenticationInSqlServerMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"vmssEndpointProtectionMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"vmssOsVulnerabilitiesMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"adaptiveApplicationControlsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"geoRedundantBackupShouldBeEnabledForAzureDatabaseForPostgreSQLEffect\" : { \n \"value\" : \"Audit\"\n },\n \"ensureJavaVersionLatestForWebAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityDesignateLessThanOwnersMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"securityContactEmailAddressForSubscriptionEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"webAppRestrictCORSAccessMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityRemoveDeprecatedAccountMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"functionAppEnforceHttpsMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"ensurePythonVersionLatestForWebAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensurePythonVersionLatestForFunctionAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensurePHPVersionLatestForWebAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensurePythonVersionLatestForAPIAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMySQLEffect\" : { \n \"value\" : \"Audit\"\n },\n \"systemUpdatesMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensureJavaVersionLatestForAPIAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensureHTTPVersionLatestForWebAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"apiAppRequireLatestTlsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityEnableMFAForWritePermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensureHTTPVersionLatestForAPIAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensureJavaVersionLatestForFunctionAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"nextGenerationFirewallMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"useRbacRulesMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"webAppEnforceHttpsMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"sqlServerAuditingMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"vnetEnableDDoSProtectionMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityEnableMFAForOwnerPermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"sqlServerAdvancedDataSecurityMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"sqlManagedInstanceAdvancedDataSecurityMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"endpointProtectionMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"jitNetworkAccessMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"apiAppEnforceHttpsMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"geoRedundantStorageShouldBeEnabledForStorageAccountsEffect\" : { \n \"value\" : \"Audit\"\n },\n \"vmssSystemUpdatesMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"webAppDisableRemoteDebuggingMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"systemConfigurationsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensureHTTPVersionLatestForFunctionAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityEnableMFAForReadPermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"containerBenchmarkMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"apiAppDisableRemoteDebuggingMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"vulnerabilityAssessmentOnServerMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"webAppRequireLatestTlsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"functionAppRequireLatestTlsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"kubernetesServiceVersionUpToDateMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"sqlDbVulnerabilityAssesmentMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"membersToIncludeInLocalAdministratorsGroup\" : { \n \"value\" : \"\"\n },\n \"membersToExcludeInLocalAdministratorsGroup\" : { \n \"value\" : \"\"\n },\n \"logAnalyticsWorkspaceIDForVMAgents\" : { \n \"value\" : \"\"\n },\n \"PHPLatestVersionForAppServices\" : { \n \"value\" : \"7.4\"\n },\n \"JavaLatestVersionForAppServices\" : { \n \"value\" : \"11\"\n },\n \"WindowsPythonLatestVersionForAppServices\" : { \n \"value\" : \"3.6\"\n },\n \"LinuxPythonLatestVersionForAppServices\" : { \n \"value\" : \"3.9\"\n },\n \"ensureDotNetFrameworkLatestForFunctionAppEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"sqlManagedInstanceAdvancedDataSecurityEmailsMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"vulnerabilityAssessmentMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"ensureDotNetFrameworkLatestForWebAppEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"sqlServerAdvancedDataSecurityEmailsMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"microsoftIaaSAntimalwareExtensionShouldBeDeployedOnWindowsServersEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"securityCenterStandardPricingTierShouldBeSelectedEffect\" : { \n \"value\" : \"Audit\"\n },\n \"theLogAnalyticsAgentShouldBeInstalledOnVirtualMachinesEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"ensurePHPVersionLatestForFunctionAppEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"securityContactPhoneNumberShouldBeProvidedForSubscriptionEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"threatDetectionTypesOnManagedInstanceMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"ensureDotNetFrameworkLatestForAPIAppEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"sqlServerAdvancedDataSecurityEmailAdminsMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"threatDetectionTypesOnServerMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"theLogAnalyticsAgentShouldBeInstalledOnVirtualMachineScaleSetsEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n }\n}', '', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('logAnalyticsWorkspaceResourceGroupName')), 'Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsWorkspaceName'))))), 'CMMC', createObject('id', '/providers/Microsoft.Authorization/policySetDefinitions/b5629c75-5c77-4422-87b9-2509e680f8de', 'parameters', json(replace('{\n \"logAnalyticsWorkspaceId-f47b5582-33ec-4c5c-87c0-b010a6b2e917\" : { \n \"value\" : \"\"\n },\n \"effect-09024ccc-0c5f-475e-9457-b7c0d9ed487b\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"MembersToExclude-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f\" :{\n \"value\": \"\"\n },\n \"MembersToInclude-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7\": {\n \"value\": \"\"\n },\n \"effect-0961003e-5a0a-4549-abde-af6a37f2724d\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-0b15565f-aa9e-48ba-8619-45960f2c314d\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-0e60b895-3786-45da-8377-9c6b4b6ac5f9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-17k78e20-9358-41c9-923c-fb736d382a12\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"PHPLatestVersion\" : { \n \"value\" : \"7.3\"\n },\n \"effect-22bee202-a82f-4305-9a2a-6d7f44d4dedb\" : { \n \"value\" : \"Audit\"\n },\n \"effect-26a828e1-e88f-464e-bbb3-c134a282b9de\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-34c877ad-507e-4c82-993e-3452a6e0ad3c\" : { \n \"value\" : \"Audit\"\n },\n \"effect-3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-404c3081-a854-4457-ae30-26a93ef643f9\" : { \n \"value\" : \"Audit\"\n },\n \"effect-47a6b606-51aa-4496-8bb7-64b11cf66adc\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-496223c3-ad65-4ecd-878a-bae78737e9ed\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"JavaLatestVersion\" : { \n \"value\" : \"11\"\n },\n \"effect-4f11b553-d42e-4e3a-89be-32ca364cad4c\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-5c607a2e-c700-4744-8254-d77e7c9eb5e4\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-5f76cf89-fbf2-47fd-a3f4-b891fa780b60\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-6b1cbf55-e8b6-442f-ba4c-7246b6381474\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\" : { \n \"value\" : \"Audit\"\n },\n \"effect-7008174a-fd10-4ef0-817e-fc820a951d73\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"LinuxPythonLatestVersion\" : { \n \"value\" : \"3.8\"\n },\n \"effect-7238174a-fd10-4ef0-817e-fc820a951d73\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-7261b898-8a84-4db8-9e04-18527132abb3\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-74c3584d-afae-46f7-a20a-6f8adba71a16\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-86b3d65f-7626-441e-b690-81a8b71cff60\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-88999f4c-376a-45c8-bcb3-4058f713cf39\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-8c122334-9d20-4eb8-89ea-ac9a705b74ae\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-9297c21d-2ed6-4474-b48f-163f75654ce3\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-991310cd-e9f3-47bc-b7b6-f57b557d07db\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-9b597639-28e4-48eb-b506-56b05d366257\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-9daedab3-fb2d-461e-b861-71790eead4f6\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-a4af4a39-4135-47fb-b175-47fbdf85311d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\" : { \n \"value\" : \"enabled\"\n },\n \"effect-a70ca396-0a34-413a-88e1-b956c1e683be\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-aa633080-8b72-40c4-a2d7-d00c03e80bed\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-af6cd1bd-1635-48cb-bde7-5b15693900b9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"resourceGroupName-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6\" : { \n \"value\" : \"NetworkWatcherRG\"\n },\n \"effect-b7ddfbdc-1260-477d-91fd-98bd9be789a6\" : { \n \"value\" : \"Audit\"\n },\n \"effect-c3f317a7-a95c-4547-b7e7-11017ebdf2fe\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-cb510bfd-1cba-4d9f-a230-cb0976f4bb71\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-e2c1c086-2d84-4019-bff3-c44ccd95113c\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-e3576e28-8b17-4677-84c3-db2990658d64\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-e8cbc669-f12d-49eb-93e7-9273119e9933\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-ebb62a0c-3560-49e1-89ed-27e074e9f8ad\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-efbde977-ba53-4479-b8e9-10b957924fbf\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-f6de0be7-9a8a-4b8a-b349-43cf02d22f7c\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-f8456c1c-aa66-4dfb-861a-25d127b775c9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-f9d614c5-c173-4d56-95a7-b4437057d193\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-fb893a29-21bb-418c-a157-e99480ec364c\" : { \n \"value\" : \"Audit\"\n },\n \"effect-feedbf84-6b99-488c-acc2-71c829aa5ffc\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-3b980d31-7904-4bb7-8575-5665739a8052\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-6e2593d9-add6-4083-9c9b-4b7d2188c899\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-12430be1-6cc8-4527-a9a8-e3d38f250096\" : { \n \"value\" : \"Audit\"\n },\n \"modeRequirement-12430be1-6cc8-4527-a9a8-e3d38f250096\" : { \n \"value\" : \"Detection\"\n },\n \"effect-425bea59-a659-4cbb-8d31-34499bd030b8\" : { \n \"value\" : \"Audit\"\n },\n \"modeRequirement-425bea59-a659-4cbb-8d31-34499bd030b8\" : { \n \"value\" : \"Detection\"\n },\n \"effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\" : { \n \"value\" : \"Audit\"\n },\n \"effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c\" : { \n \"value\" : \"Audit\"\n },\n \"effect-013e242c-8828-4970-87b3-ab247555486d\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-d38fc420-0735-4ef3-ac11-c806f651a570\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-a1181c5f-672a-477a-979a-7d58aa086233\" : { \n \"value\" : \"Audit\"\n },\n \"effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-4da35fc9-c9e7-4960-aec9-797fe7d9051d\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-523b5cd1-3e23-492f-a539-13118b6d1e3a\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-7fe3b40f-802b-4cdd-8bd4-fd799c948cc2\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-c25d9a16-bc35-4e15-a7e5-9db606bf9ed4\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b0f33259-77d7-4c9e-aac6-3aabcfae693c\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-037eea7a-bd0a-46c5-9a66-03aea78705d3\" : { \n \"value\" : \"Audit\"\n },\n \"effect-0725b4dd-7e76-479c-a735-68e7ee23d5ca\" : { \n \"value\" : \"Audit\"\n },\n \"effect-0820b7b9-23aa-4725-a1ce-ae4558f718e5\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-2c89a2e5-7285-40fe-afe0-ae8654b92fab\" : { \n \"value\" : \"Audit\"\n },\n \"effect-358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-5744710e-cc2f-4ee8-8809-3b11e89f4bc9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-ac4a19c2-fa67-49b4-8ae5-0b2e78c49457\" : { \n \"value\" : \"Audit\"\n },\n \"effect-c9d007d0-c057-4772-b18c-01e546713bcd\" : { \n \"value\" : \"Audit\"\n },\n \"effect-d0793b48-0edc-4296-a390-4c75d1bdfd71\" : { \n \"value\" : \"Audit\"\n },\n \"effect-e372f825-a257-4fb8-9175-797a8a8627d6\" : { \n \"value\" : \"Audit\"\n },\n \"effect-d158790f-bfb0-486c-8631-2dc6b4e8e6af\" : { \n \"value\" : \"Audit\"\n },\n \"effect-e802a67a-daf5-4436-9ea6-f6d821dd0c5d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-a451c1ef-c6ca-483d-87ed-f49761e3ffb5\" : { \n \"value\" : \"Audit\"\n },\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftSql-servers-firewallRules-delete\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-delete\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftClassicNetwork-networkSecurityGroups-delete\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-securityRules-delete\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftClassicNetwork-networkSecurityGroups-securityRules-delete\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-ae89ebca-1c92-4898-ac2c-9f63decb045c\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-d26f7642-7545-4e18-9b75-8c9bbdee3a9a\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-1a4e592a-6a6e-44a5-9814-e36264ca96e7\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-7796937f-307b-4598-941c-67d3a05ebfe7\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-c5447c04-a4d7-4ba8-a263-c9ee321a6858\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-41388f1c-2db0-4c25-95b2-35d7f5ccbfa9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b02aacc0-b073-424e-8298-42b22829ee0a\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-0ec47710-77ff-4a3d-9181-6aa50af424d0\" : { \n \"value\" : \"Audit\"\n },\n \"effect-48af4db5-9b8b-401c-8e74-076be876a430\" : { \n \"value\" : \"Audit\"\n },\n \"effect-82339799-d096-41ae-8538-b108becf0970\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-bb91dfba-c30d-4263-9add-9c2384e659a6\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-e71308d3-144b-4262-b144-efdc3cc90517\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-2bdd0062-9d75-436e-89df-487dd8e4b3c7\" : { \n \"value\" : \"Disabled\"\n },\n \"effect-4733ea7b-a883-42fe-8cac-97454c2a9e4a\" : { \n \"value\" : \"Audit\"\n },\n \"effect-67121cc7-ff39-4ab8-b7e3-95b84dab487d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-6fac406b-40ca-413b-bf8e-0bf964659c25\" : { \n \"value\" : \"Audit\"\n },\n \"effect-81e74cea-30fd-40d5-802f-d72103c2aaaa\" : { \n \"value\" : \"Audit\"\n },\n \"effect-c349d81b-9985-44ae-a8da-ff98d108ede8\" : { \n \"value\" : \"Audit\"\n },\n \"effect-f4b53539-8df9-40e4-86c6-6b607703bd4e\" : { \n \"value\" : \"Audit\"\n },\n \"effect-ec068d99-e9c7-401f-8cef-5bdde4e6ccf1\" : { \n \"value\" : \"Audit\"\n },\n \"effect-048248b0-55cd-46da-b1ff-39efd52db260\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-0d134df8-db83-46fb-ad72-fe0c9428c8dd\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-2c89a2e5-7285-40fe-afe0-ae8654b92fb2\" : { \n \"value\" : \"Audit\"\n },\n \"effect-3657f5a0-770e-44a3-b44e-9431ba1e9735\" : { \n \"value\" : \"Audit\"\n },\n \"effect-5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\" : { \n \"value\" : \"Audit\"\n },\n \"effect-617c02be-7f02-4efd-8836-3180d47b6c68\" : { \n \"value\" : \"Audit\"\n },\n \"effect-7d7be79c-23ba-4033-84dd-45e2a5ccdd67\" : { \n \"value\" : \"Audit\"\n },\n \"effect-87ba29ef-1ab3-4d82-b763-87fcd4f531f7\" : { \n \"value\" : \"audit\"\n },\n \"effect-f7d52b2d-e161-4dfa-a82b-55e564167385\" : { \n \"value\" : \"Audit\"\n },\n \"effect-c43e4a30-77cb-48ab-a4dd-93f175c63b57\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1f314764-cb73-4fc9-b863-8eca98ac36e9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-123a3936-f020-408a-ba0c-47873faf1534\" : { \n \"value\" : \"AuditIfNotExists\"\n }\n}\n', '', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('logAnalyticsWorkspaceResourceGroupName')), 'Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsWorkspaceName')), '2021-06-01').customerId))))[variables('modifiedAssignment')].parameters]" + }, + "identity": { + "type": "SystemAssigned" + } + } + ] + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc')))]", + "[subscriptionResourceId(parameters('operationsSubscriptionId'), 'Microsoft.Resources/deployments', format('deploy-operations-rg-{0}', parameters('nowUtc')))]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", + "name": "[format('assign-policy-{0}', parameters('identityResourceGroupName'))]", + "subscriptionId": "[parameters('identitySubscriptionId')]", + "resourceGroup": "[parameters('identityResourceGroupName')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "builtInAssignment": { + "value": "[parameters('policy')]" + }, + "logAnalyticsWorkspaceName": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc'))), '2019-10-01').outputs.name.value]" + }, + "logAnalyticsWorkspaceResourceGroupName": { + "value": "[reference(subscriptionResourceId(parameters('operationsSubscriptionId'), 'Microsoft.Resources/deployments', format('deploy-operations-rg-{0}', parameters('nowUtc'))), '2019-10-01').outputs.name.value]" + }, + "operationsSubscriptionId": { + "value": "[parameters('operationsSubscriptionId')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.4.613.9944", + "templateHash": "3675806177489000536" + } + }, + "parameters": { + "builtInAssignment": { + "type": "string", + "defaultValue": "" + }, + "logAnalyticsWorkspaceName": { + "type": "string" + }, + "logAnalyticsWorkspaceResourceGroupName": { + "type": "string" + }, + "operationsSubscriptionId": { + "type": "string" + } + }, + "functions": [], + "variables": { + "modifiedAssignment": "[if(and(equals(toLower(environment().name), toLower('AzureCloud')), equals(toLower(parameters('builtInAssignment')), toLower('IL5'))), 'NIST', parameters('builtInAssignment'))]", + "assignmentName": "[format('{0} {1}', variables('modifiedAssignment'), resourceGroup().name)]" + }, + "resources": [ + { + "condition": "[not(empty(variables('modifiedAssignment')))]", + "type": "Microsoft.Authorization/policyAssignments", + "apiVersion": "2020-09-01", + "name": "[variables('assignmentName')]", + "location": "[resourceGroup().location]", + "properties": { + "policyDefinitionId": "[createObject('NIST', createObject('id', '/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f', 'parameters', json(replace(' {\n \"listOfMembersToExcludeFromWindowsVMAdministratorsGroup\": \n {\n \"value\": \"admin\"\n },\n \"listOfMembersToIncludeInWindowsVMAdministratorsGroup\": \n {\n \"value\": \"azureuser\"\n },\n \"logAnalyticsWorkspaceIdforVMReporting\": \n {\n \"value\": \"\"\n },\n \"IncludeArcMachines\": \n {\n \"value\": \"true\"\n },\n \"MinimumTLSVersion-5752e6d6-1206-46d8-8ab1-ecc2f71a8112\": \n {\n \"value\": \"1.2\"\n },\n \"NotAvailableMachineState-bed48b13-6647-468e-aa2f-1af1d3f4dd40\": \n {\n \"value\": \"Compliant\"\n },\n \"requiredRetentionDays\": \n {\n \"value\": \"365\"\n },\n \"resourceGroupName-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6\": \n {\n \"value\": \"NetworkWatcherRG\"\n }\n }', '', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('logAnalyticsWorkspaceResourceGroupName')), 'Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsWorkspaceName'))))), 'IL5', createObject('id', '/providers/Microsoft.Authorization/policySetDefinitions/f9a961fa-3241-4b20-adc4-bbf8ad9d7197', 'parameters', json(replace('{\n \"IncludeArcMachines\" : { \n \"value\" : \"false\"\n },\n \"NotAvailableMachineState-bed48b13-6647-468e-aa2f-1af1d3f4dd40\" : { \n \"value\" : \"Compliant\"\n },\n \"MinimumTLSVersionForWindowsServers\" : { \n \"value\" : \"1.2\"\n },\n \"requiredRetentionDays\" : { \n \"value\" : \"365\"\n },\n \"effect-febd0533-8e55-448f-b837-bd0e06f16469\" : { \n \"value\" : \"audit\"\n },\n \"allowedContainerImagesRegex-febd0533-8e55-448f-b837-bd0e06f16469\" : { \n \"value\" : \"^(.+){0}$\"\n },\n \"effect-95edb821-ddaf-4404-9732-666045e056b4\" : { \n \"value\" : \"audit\"\n },\n \"effect-440b515e-a580-421e-abeb-b159a61ddcbc\" : { \n \"value\" : \"audit\"\n },\n \"effect-233a2a17-77ca-4fb1-9b6b-69223d272a44\" : { \n \"value\" : \"audit\"\n },\n \"effect-e345eecc-fa47-480f-9e88-67dcc122b164\" : { \n \"value\" : \"audit\"\n },\n \"cpuLimit-e345eecc-fa47-480f-9e88-67dcc122b164\" : { \n \"value\" : \"0\"\n },\n \"memoryLimit-e345eecc-fa47-480f-9e88-67dcc122b164\" : { \n \"value\" : \"0\"\n },\n \"effect-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \n \"value\" : \"audit\"\n },\n \"runAsUserRule-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \n \"value\" : \"MustRunAsNonRoot\"\n },\n \"runAsGroupRule-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \n \"value\" : \"RunAsAny\"\n },\n \"supplementalGroupsRule-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \n \"value\" : \"RunAsAny\"\n },\n \"fsGroupRule-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \n \"value\" : \"RunAsAny\"\n },\n \"effect-1c6e92c9-99f0-4e55-9cf2-0c234dc48f99\" : { \n \"value\" : \"audit\"\n },\n \"effect-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8\" : { \n \"value\" : \"audit\"\n },\n \"effect-df49d893-a74c-421d-bc95-c663042e5b80\" : { \n \"value\" : \"audit\"\n },\n \"effect-1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\" : { \n \"value\" : \"audit\"\n },\n \"effect-c26596ff-4d70-4e6a-9a30-c2506bd2f80c\" : { \n \"value\" : \"audit\"\n },\n \"effect-511f5417-5d12-434d-ab2e-816901e72a5e\" : { \n \"value\" : \"audit\"\n },\n \"effect-82985f06-dc18-4a48-bc1c-b9f4f0098cfe\" : { \n \"value\" : \"audit\"\n },\n \"effect-098fc59e-46c7-4d99-9b16-64990e543d75\" : { \n \"value\" : \"audit\"\n },\n \"NetworkWatcherResourceGroupName\" : { \n \"value\" : \"NetworkWatcherRG\"\n },\n \"setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\" : { \n \"value\" : \"enabled\"\n },\n \"aadAuthenticationInServiceFabricMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"effect-71ef260a-8f18-47b7-abcb-62d0673d94dc\" : { \n \"value\" : \"Audit\"\n },\n \"effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c\" : { \n \"value\" : \"Audit\"\n },\n \"effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\" : { \n \"value\" : \"Audit\"\n },\n \"effect-862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\" : { \n \"value\" : \"Audit\"\n },\n \"effect-d9da03a1-f3c3-412a-9709-947156872263\" : { \n \"value\" : \"Audit\"\n },\n \"effect-617c02be-7f02-4efd-8836-3180d47b6c68\" : { \n \"value\" : \"Audit\"\n },\n \"effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-ec068d99-e9c7-401f-8cef-5bdde4e6ccf1\" : { \n \"value\" : \"Audit\"\n },\n \"effect-c349d81b-9985-44ae-a8da-ff98d108ede8\" : { \n \"value\" : \"Audit\"\n },\n \"effect-3657f5a0-770e-44a3-b44e-9431ba1e9735\" : { \n \"value\" : \"Audit\"\n },\n \"effect-b4ac1030-89c5-4697-8e00-28b5ba6a8811\" : { \n \"value\" : \"audit\"\n },\n \"effect-ea0dfaed-95fb-448c-934e-d6e713ce393d\" : { \n \"value\" : \"audit\"\n },\n \"effect-4733ea7b-a883-42fe-8cac-97454c2a9e4a\" : { \n \"value\" : \"Audit\"\n },\n \"effect-f4b53539-8df9-40e4-86c6-6b607703bd4e\" : { \n \"value\" : \"Audit\"\n },\n \"effect-41425d9f-d1a5-499a-9932-f8ed8453932c\" : { \n \"value\" : \"Audit\"\n },\n \"effect-fc4d8e41-e223-45ea-9bf5-eada37891d87\" : { \n \"value\" : \"Audit\"\n },\n \"effect-86efb160-8de7-451d-bc08-5d475b0aadae\" : { \n \"value\" : \"Audit\"\n },\n \"effect-4ec52d6d-beb7-40c4-9a9e-fe753254690e\" : { \n \"value\" : \"Audit\"\n },\n \"effect-64d314f6-6062-4780-a861-c23e8951bee5\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1fd32ebd-e4c3-4e13-a54a-d7422d4d95f6\" : { \n \"value\" : \"Audit\"\n },\n \"effect-fa298e57-9444-42ba-bf04-86e8470e32c7\" : { \n \"value\" : \"audit\"\n },\n \"effect-67121cc7-ff39-4ab8-b7e3-95b84dab487d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1f905d99-2ab7-462c-a6b0-f709acca6c8f\" : { \n \"value\" : \"audit\"\n },\n \"effect-5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\" : { \n \"value\" : \"Audit\"\n },\n \"effect-ba769a63-b8cc-4b2d-abf6-ac33c7204be8\" : { \n \"value\" : \"Audit\"\n },\n \"effect-81e74cea-30fd-40d5-802f-d72103c2aaaa\" : { \n \"value\" : \"Audit\"\n },\n \"effect-0aa61e00-0a01-4a3c-9945-e93cffedf0e6\" : { \n \"value\" : \"Audit\"\n },\n \"effect-47031206-ce96-41f8-861b-6a915f3de284\" : { \n \"value\" : \"Audit\"\n },\n \"effect-87ba29ef-1ab3-4d82-b763-87fcd4f531f7\" : { \n \"value\" : \"audit\"\n },\n \"effect-51522a96-0869-4791-82f3-981000c2c67f\" : { \n \"value\" : \"audit\"\n },\n \"effect-b5ec538c-daa0-4006-8596-35468b9148e8\" : { \n \"value\" : \"Audit\"\n },\n \"effect-56a5ee18-2ae6-4810-86f7-18e39ce5629b\" : { \n \"value\" : \"Audit\"\n },\n \"effect-2e94d99a-8a36-4563-bc77-810d8893b671\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1fafeaf6-7927-4059-a50a-8eb2a7a6f2b5\" : { \n \"value\" : \"Audit\"\n },\n \"effect-99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1f68a601-6e6d-4e42-babf-3f643a047ea2\" : { \n \"value\" : \"audit\"\n },\n \"effect-f7d52b2d-e161-4dfa-a82b-55e564167385\" : { \n \"value\" : \"Audit\"\n },\n \"effect-7d7be79c-23ba-4033-84dd-45e2a5ccdd67\" : { \n \"value\" : \"Audit\"\n },\n \"effect-ca91455f-eace-4f96-be59-e6e2c35b4816\" : { \n \"value\" : \"Audit\"\n },\n \"effect-702dd420-7fcc-42c5-afe8-4026edd20fe0\" : { \n \"value\" : \"Audit\"\n },\n \"diagnosticsLogsInRedisCacheMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"secureTransferToStorageAccountMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"effect-d0793b48-0edc-4296-a390-4c75d1bdfd71\" : { \n \"value\" : \"Audit\"\n },\n \"effect-7d092e0a-7acd-40d2-a975-dca21cae48c4\" : { \n \"value\" : \"Audit\"\n },\n \"effect-2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\" : { \n \"value\" : \"Audit\"\n },\n \"disableUnrestrictedNetworkToStorageAccountMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"effect-55615ac9-af46-4a59-874e-391cc3dfb490\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1b8ca024-1d5c-4dec-8995-b1a932b41780\" : { \n \"value\" : \"Audit\"\n },\n \"effect-037eea7a-bd0a-46c5-9a66-03aea78705d3\" : { \n \"value\" : \"Audit\"\n },\n \"effect-53503636-bcc9-4748-9663-5348217f160f\" : { \n \"value\" : \"Audit\"\n },\n \"effect-40cec1dd-a100-4920-b15b-3024fe8901ab\" : { \n \"value\" : \"Audit\"\n },\n \"effect-0725b4dd-7e76-479c-a735-68e7ee23d5ca\" : { \n \"value\" : \"Audit\"\n },\n \"effect-a049bf77-880b-470f-ba6d-9f21c530cf83\" : { \n \"value\" : \"Audit\"\n },\n \"effect-ee980b6d-0eca-4501-8d54-f6290fd512c3\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1d84d5fb-01f6-4d12-ba4f-4a26081d403d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-37e0d2fe-28a5-43d6-a273-67d37d1f5606\" : { \n \"value\" : \"Audit\"\n },\n \"identityDesignateMoreThanOneOwnerMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"diskEncryptionMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"emailNotificationToSubscriptionOwnerHighSeverityAlertsEnabledEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"functionAppDisableRemoteDebuggingMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"sqlDbEncryptionMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensurePHPVersionLatestForAPIAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"aadAuthenticationInSqlServerMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"vmssEndpointProtectionMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"vmssOsVulnerabilitiesMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"adaptiveApplicationControlsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"geoRedundantBackupShouldBeEnabledForAzureDatabaseForPostgreSQLEffect\" : { \n \"value\" : \"Audit\"\n },\n \"ensureJavaVersionLatestForWebAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityDesignateLessThanOwnersMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"securityContactEmailAddressForSubscriptionEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"webAppRestrictCORSAccessMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityRemoveDeprecatedAccountMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"functionAppEnforceHttpsMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"ensurePythonVersionLatestForWebAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensurePythonVersionLatestForFunctionAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensurePHPVersionLatestForWebAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensurePythonVersionLatestForAPIAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMySQLEffect\" : { \n \"value\" : \"Audit\"\n },\n \"systemUpdatesMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensureJavaVersionLatestForAPIAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensureHTTPVersionLatestForWebAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"apiAppRequireLatestTlsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityEnableMFAForWritePermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensureHTTPVersionLatestForAPIAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensureJavaVersionLatestForFunctionAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"nextGenerationFirewallMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"useRbacRulesMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"webAppEnforceHttpsMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"sqlServerAuditingMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"vnetEnableDDoSProtectionMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityEnableMFAForOwnerPermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"sqlServerAdvancedDataSecurityMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"sqlManagedInstanceAdvancedDataSecurityMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"endpointProtectionMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"jitNetworkAccessMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"apiAppEnforceHttpsMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"geoRedundantStorageShouldBeEnabledForStorageAccountsEffect\" : { \n \"value\" : \"Audit\"\n },\n \"vmssSystemUpdatesMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"webAppDisableRemoteDebuggingMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"systemConfigurationsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensureHTTPVersionLatestForFunctionAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityEnableMFAForReadPermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"containerBenchmarkMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"apiAppDisableRemoteDebuggingMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"vulnerabilityAssessmentOnServerMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"webAppRequireLatestTlsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"functionAppRequireLatestTlsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"kubernetesServiceVersionUpToDateMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"sqlDbVulnerabilityAssesmentMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"membersToIncludeInLocalAdministratorsGroup\" : { \n \"value\" : \"\"\n },\n \"membersToExcludeInLocalAdministratorsGroup\" : { \n \"value\" : \"\"\n },\n \"logAnalyticsWorkspaceIDForVMAgents\" : { \n \"value\" : \"\"\n },\n \"PHPLatestVersionForAppServices\" : { \n \"value\" : \"7.4\"\n },\n \"JavaLatestVersionForAppServices\" : { \n \"value\" : \"11\"\n },\n \"WindowsPythonLatestVersionForAppServices\" : { \n \"value\" : \"3.6\"\n },\n \"LinuxPythonLatestVersionForAppServices\" : { \n \"value\" : \"3.9\"\n },\n \"ensureDotNetFrameworkLatestForFunctionAppEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"sqlManagedInstanceAdvancedDataSecurityEmailsMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"vulnerabilityAssessmentMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"ensureDotNetFrameworkLatestForWebAppEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"sqlServerAdvancedDataSecurityEmailsMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"microsoftIaaSAntimalwareExtensionShouldBeDeployedOnWindowsServersEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"securityCenterStandardPricingTierShouldBeSelectedEffect\" : { \n \"value\" : \"Audit\"\n },\n \"theLogAnalyticsAgentShouldBeInstalledOnVirtualMachinesEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"ensurePHPVersionLatestForFunctionAppEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"securityContactPhoneNumberShouldBeProvidedForSubscriptionEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"threatDetectionTypesOnManagedInstanceMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"ensureDotNetFrameworkLatestForAPIAppEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"sqlServerAdvancedDataSecurityEmailAdminsMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"threatDetectionTypesOnServerMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"theLogAnalyticsAgentShouldBeInstalledOnVirtualMachineScaleSetsEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n }\n}', '', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('logAnalyticsWorkspaceResourceGroupName')), 'Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsWorkspaceName'))))), 'CMMC', createObject('id', '/providers/Microsoft.Authorization/policySetDefinitions/b5629c75-5c77-4422-87b9-2509e680f8de', 'parameters', json(replace('{\n \"logAnalyticsWorkspaceId-f47b5582-33ec-4c5c-87c0-b010a6b2e917\" : { \n \"value\" : \"\"\n },\n \"effect-09024ccc-0c5f-475e-9457-b7c0d9ed487b\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"MembersToExclude-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f\" :{\n \"value\": \"\"\n },\n \"MembersToInclude-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7\": {\n \"value\": \"\"\n },\n \"effect-0961003e-5a0a-4549-abde-af6a37f2724d\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-0b15565f-aa9e-48ba-8619-45960f2c314d\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-0e60b895-3786-45da-8377-9c6b4b6ac5f9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-17k78e20-9358-41c9-923c-fb736d382a12\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"PHPLatestVersion\" : { \n \"value\" : \"7.3\"\n },\n \"effect-22bee202-a82f-4305-9a2a-6d7f44d4dedb\" : { \n \"value\" : \"Audit\"\n },\n \"effect-26a828e1-e88f-464e-bbb3-c134a282b9de\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-34c877ad-507e-4c82-993e-3452a6e0ad3c\" : { \n \"value\" : \"Audit\"\n },\n \"effect-3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-404c3081-a854-4457-ae30-26a93ef643f9\" : { \n \"value\" : \"Audit\"\n },\n \"effect-47a6b606-51aa-4496-8bb7-64b11cf66adc\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-496223c3-ad65-4ecd-878a-bae78737e9ed\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"JavaLatestVersion\" : { \n \"value\" : \"11\"\n },\n \"effect-4f11b553-d42e-4e3a-89be-32ca364cad4c\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-5c607a2e-c700-4744-8254-d77e7c9eb5e4\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-5f76cf89-fbf2-47fd-a3f4-b891fa780b60\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-6b1cbf55-e8b6-442f-ba4c-7246b6381474\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\" : { \n \"value\" : \"Audit\"\n },\n \"effect-7008174a-fd10-4ef0-817e-fc820a951d73\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"LinuxPythonLatestVersion\" : { \n \"value\" : \"3.8\"\n },\n \"effect-7238174a-fd10-4ef0-817e-fc820a951d73\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-7261b898-8a84-4db8-9e04-18527132abb3\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-74c3584d-afae-46f7-a20a-6f8adba71a16\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-86b3d65f-7626-441e-b690-81a8b71cff60\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-88999f4c-376a-45c8-bcb3-4058f713cf39\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-8c122334-9d20-4eb8-89ea-ac9a705b74ae\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-9297c21d-2ed6-4474-b48f-163f75654ce3\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-991310cd-e9f3-47bc-b7b6-f57b557d07db\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-9b597639-28e4-48eb-b506-56b05d366257\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-9daedab3-fb2d-461e-b861-71790eead4f6\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-a4af4a39-4135-47fb-b175-47fbdf85311d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\" : { \n \"value\" : \"enabled\"\n },\n \"effect-a70ca396-0a34-413a-88e1-b956c1e683be\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-aa633080-8b72-40c4-a2d7-d00c03e80bed\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-af6cd1bd-1635-48cb-bde7-5b15693900b9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"resourceGroupName-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6\" : { \n \"value\" : \"NetworkWatcherRG\"\n },\n \"effect-b7ddfbdc-1260-477d-91fd-98bd9be789a6\" : { \n \"value\" : \"Audit\"\n },\n \"effect-c3f317a7-a95c-4547-b7e7-11017ebdf2fe\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-cb510bfd-1cba-4d9f-a230-cb0976f4bb71\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-e2c1c086-2d84-4019-bff3-c44ccd95113c\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-e3576e28-8b17-4677-84c3-db2990658d64\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-e8cbc669-f12d-49eb-93e7-9273119e9933\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-ebb62a0c-3560-49e1-89ed-27e074e9f8ad\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-efbde977-ba53-4479-b8e9-10b957924fbf\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-f6de0be7-9a8a-4b8a-b349-43cf02d22f7c\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-f8456c1c-aa66-4dfb-861a-25d127b775c9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-f9d614c5-c173-4d56-95a7-b4437057d193\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-fb893a29-21bb-418c-a157-e99480ec364c\" : { \n \"value\" : \"Audit\"\n },\n \"effect-feedbf84-6b99-488c-acc2-71c829aa5ffc\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-3b980d31-7904-4bb7-8575-5665739a8052\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-6e2593d9-add6-4083-9c9b-4b7d2188c899\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-12430be1-6cc8-4527-a9a8-e3d38f250096\" : { \n \"value\" : \"Audit\"\n },\n \"modeRequirement-12430be1-6cc8-4527-a9a8-e3d38f250096\" : { \n \"value\" : \"Detection\"\n },\n \"effect-425bea59-a659-4cbb-8d31-34499bd030b8\" : { \n \"value\" : \"Audit\"\n },\n \"modeRequirement-425bea59-a659-4cbb-8d31-34499bd030b8\" : { \n \"value\" : \"Detection\"\n },\n \"effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\" : { \n \"value\" : \"Audit\"\n },\n \"effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c\" : { \n \"value\" : \"Audit\"\n },\n \"effect-013e242c-8828-4970-87b3-ab247555486d\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-d38fc420-0735-4ef3-ac11-c806f651a570\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-a1181c5f-672a-477a-979a-7d58aa086233\" : { \n \"value\" : \"Audit\"\n },\n \"effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-4da35fc9-c9e7-4960-aec9-797fe7d9051d\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-523b5cd1-3e23-492f-a539-13118b6d1e3a\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-7fe3b40f-802b-4cdd-8bd4-fd799c948cc2\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-c25d9a16-bc35-4e15-a7e5-9db606bf9ed4\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b0f33259-77d7-4c9e-aac6-3aabcfae693c\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-037eea7a-bd0a-46c5-9a66-03aea78705d3\" : { \n \"value\" : \"Audit\"\n },\n \"effect-0725b4dd-7e76-479c-a735-68e7ee23d5ca\" : { \n \"value\" : \"Audit\"\n },\n \"effect-0820b7b9-23aa-4725-a1ce-ae4558f718e5\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-2c89a2e5-7285-40fe-afe0-ae8654b92fab\" : { \n \"value\" : \"Audit\"\n },\n \"effect-358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-5744710e-cc2f-4ee8-8809-3b11e89f4bc9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-ac4a19c2-fa67-49b4-8ae5-0b2e78c49457\" : { \n \"value\" : \"Audit\"\n },\n \"effect-c9d007d0-c057-4772-b18c-01e546713bcd\" : { \n \"value\" : \"Audit\"\n },\n \"effect-d0793b48-0edc-4296-a390-4c75d1bdfd71\" : { \n \"value\" : \"Audit\"\n },\n \"effect-e372f825-a257-4fb8-9175-797a8a8627d6\" : { \n \"value\" : \"Audit\"\n },\n \"effect-d158790f-bfb0-486c-8631-2dc6b4e8e6af\" : { \n \"value\" : \"Audit\"\n },\n \"effect-e802a67a-daf5-4436-9ea6-f6d821dd0c5d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-a451c1ef-c6ca-483d-87ed-f49761e3ffb5\" : { \n \"value\" : \"Audit\"\n },\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftSql-servers-firewallRules-delete\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-delete\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftClassicNetwork-networkSecurityGroups-delete\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-securityRules-delete\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftClassicNetwork-networkSecurityGroups-securityRules-delete\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-ae89ebca-1c92-4898-ac2c-9f63decb045c\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-d26f7642-7545-4e18-9b75-8c9bbdee3a9a\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-1a4e592a-6a6e-44a5-9814-e36264ca96e7\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-7796937f-307b-4598-941c-67d3a05ebfe7\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-c5447c04-a4d7-4ba8-a263-c9ee321a6858\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-41388f1c-2db0-4c25-95b2-35d7f5ccbfa9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b02aacc0-b073-424e-8298-42b22829ee0a\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-0ec47710-77ff-4a3d-9181-6aa50af424d0\" : { \n \"value\" : \"Audit\"\n },\n \"effect-48af4db5-9b8b-401c-8e74-076be876a430\" : { \n \"value\" : \"Audit\"\n },\n \"effect-82339799-d096-41ae-8538-b108becf0970\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-bb91dfba-c30d-4263-9add-9c2384e659a6\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-e71308d3-144b-4262-b144-efdc3cc90517\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-2bdd0062-9d75-436e-89df-487dd8e4b3c7\" : { \n \"value\" : \"Disabled\"\n },\n \"effect-4733ea7b-a883-42fe-8cac-97454c2a9e4a\" : { \n \"value\" : \"Audit\"\n },\n \"effect-67121cc7-ff39-4ab8-b7e3-95b84dab487d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-6fac406b-40ca-413b-bf8e-0bf964659c25\" : { \n \"value\" : \"Audit\"\n },\n \"effect-81e74cea-30fd-40d5-802f-d72103c2aaaa\" : { \n \"value\" : \"Audit\"\n },\n \"effect-c349d81b-9985-44ae-a8da-ff98d108ede8\" : { \n \"value\" : \"Audit\"\n },\n \"effect-f4b53539-8df9-40e4-86c6-6b607703bd4e\" : { \n \"value\" : \"Audit\"\n },\n \"effect-ec068d99-e9c7-401f-8cef-5bdde4e6ccf1\" : { \n \"value\" : \"Audit\"\n },\n \"effect-048248b0-55cd-46da-b1ff-39efd52db260\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-0d134df8-db83-46fb-ad72-fe0c9428c8dd\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-2c89a2e5-7285-40fe-afe0-ae8654b92fb2\" : { \n \"value\" : \"Audit\"\n },\n \"effect-3657f5a0-770e-44a3-b44e-9431ba1e9735\" : { \n \"value\" : \"Audit\"\n },\n \"effect-5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\" : { \n \"value\" : \"Audit\"\n },\n \"effect-617c02be-7f02-4efd-8836-3180d47b6c68\" : { \n \"value\" : \"Audit\"\n },\n \"effect-7d7be79c-23ba-4033-84dd-45e2a5ccdd67\" : { \n \"value\" : \"Audit\"\n },\n \"effect-87ba29ef-1ab3-4d82-b763-87fcd4f531f7\" : { \n \"value\" : \"audit\"\n },\n \"effect-f7d52b2d-e161-4dfa-a82b-55e564167385\" : { \n \"value\" : \"Audit\"\n },\n \"effect-c43e4a30-77cb-48ab-a4dd-93f175c63b57\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1f314764-cb73-4fc9-b863-8eca98ac36e9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-123a3936-f020-408a-ba0c-47873faf1534\" : { \n \"value\" : \"AuditIfNotExists\"\n }\n}\n', '', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('logAnalyticsWorkspaceResourceGroupName')), 'Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsWorkspaceName')), '2021-06-01').customerId))))[variables('modifiedAssignment')].id]", + "parameters": "[createObject('NIST', createObject('id', '/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f', 'parameters', json(replace(' {\n \"listOfMembersToExcludeFromWindowsVMAdministratorsGroup\": \n {\n \"value\": \"admin\"\n },\n \"listOfMembersToIncludeInWindowsVMAdministratorsGroup\": \n {\n \"value\": \"azureuser\"\n },\n \"logAnalyticsWorkspaceIdforVMReporting\": \n {\n \"value\": \"\"\n },\n \"IncludeArcMachines\": \n {\n \"value\": \"true\"\n },\n \"MinimumTLSVersion-5752e6d6-1206-46d8-8ab1-ecc2f71a8112\": \n {\n \"value\": \"1.2\"\n },\n \"NotAvailableMachineState-bed48b13-6647-468e-aa2f-1af1d3f4dd40\": \n {\n \"value\": \"Compliant\"\n },\n \"requiredRetentionDays\": \n {\n \"value\": \"365\"\n },\n \"resourceGroupName-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6\": \n {\n \"value\": \"NetworkWatcherRG\"\n }\n }', '', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('logAnalyticsWorkspaceResourceGroupName')), 'Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsWorkspaceName'))))), 'IL5', createObject('id', '/providers/Microsoft.Authorization/policySetDefinitions/f9a961fa-3241-4b20-adc4-bbf8ad9d7197', 'parameters', json(replace('{\n \"IncludeArcMachines\" : { \n \"value\" : \"false\"\n },\n \"NotAvailableMachineState-bed48b13-6647-468e-aa2f-1af1d3f4dd40\" : { \n \"value\" : \"Compliant\"\n },\n \"MinimumTLSVersionForWindowsServers\" : { \n \"value\" : \"1.2\"\n },\n \"requiredRetentionDays\" : { \n \"value\" : \"365\"\n },\n \"effect-febd0533-8e55-448f-b837-bd0e06f16469\" : { \n \"value\" : \"audit\"\n },\n \"allowedContainerImagesRegex-febd0533-8e55-448f-b837-bd0e06f16469\" : { \n \"value\" : \"^(.+){0}$\"\n },\n \"effect-95edb821-ddaf-4404-9732-666045e056b4\" : { \n \"value\" : \"audit\"\n },\n \"effect-440b515e-a580-421e-abeb-b159a61ddcbc\" : { \n \"value\" : \"audit\"\n },\n \"effect-233a2a17-77ca-4fb1-9b6b-69223d272a44\" : { \n \"value\" : \"audit\"\n },\n \"effect-e345eecc-fa47-480f-9e88-67dcc122b164\" : { \n \"value\" : \"audit\"\n },\n \"cpuLimit-e345eecc-fa47-480f-9e88-67dcc122b164\" : { \n \"value\" : \"0\"\n },\n \"memoryLimit-e345eecc-fa47-480f-9e88-67dcc122b164\" : { \n \"value\" : \"0\"\n },\n \"effect-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \n \"value\" : \"audit\"\n },\n \"runAsUserRule-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \n \"value\" : \"MustRunAsNonRoot\"\n },\n \"runAsGroupRule-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \n \"value\" : \"RunAsAny\"\n },\n \"supplementalGroupsRule-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \n \"value\" : \"RunAsAny\"\n },\n \"fsGroupRule-f06ddb64-5fa3-4b77-b166-acb36f7f6042\" : { \n \"value\" : \"RunAsAny\"\n },\n \"effect-1c6e92c9-99f0-4e55-9cf2-0c234dc48f99\" : { \n \"value\" : \"audit\"\n },\n \"effect-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8\" : { \n \"value\" : \"audit\"\n },\n \"effect-df49d893-a74c-421d-bc95-c663042e5b80\" : { \n \"value\" : \"audit\"\n },\n \"effect-1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d\" : { \n \"value\" : \"audit\"\n },\n \"effect-c26596ff-4d70-4e6a-9a30-c2506bd2f80c\" : { \n \"value\" : \"audit\"\n },\n \"effect-511f5417-5d12-434d-ab2e-816901e72a5e\" : { \n \"value\" : \"audit\"\n },\n \"effect-82985f06-dc18-4a48-bc1c-b9f4f0098cfe\" : { \n \"value\" : \"audit\"\n },\n \"effect-098fc59e-46c7-4d99-9b16-64990e543d75\" : { \n \"value\" : \"audit\"\n },\n \"NetworkWatcherResourceGroupName\" : { \n \"value\" : \"NetworkWatcherRG\"\n },\n \"setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\" : { \n \"value\" : \"enabled\"\n },\n \"aadAuthenticationInServiceFabricMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"effect-71ef260a-8f18-47b7-abcb-62d0673d94dc\" : { \n \"value\" : \"Audit\"\n },\n \"effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c\" : { \n \"value\" : \"Audit\"\n },\n \"effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\" : { \n \"value\" : \"Audit\"\n },\n \"effect-862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb\" : { \n \"value\" : \"Audit\"\n },\n \"effect-d9da03a1-f3c3-412a-9709-947156872263\" : { \n \"value\" : \"Audit\"\n },\n \"effect-617c02be-7f02-4efd-8836-3180d47b6c68\" : { \n \"value\" : \"Audit\"\n },\n \"effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-ec068d99-e9c7-401f-8cef-5bdde4e6ccf1\" : { \n \"value\" : \"Audit\"\n },\n \"effect-c349d81b-9985-44ae-a8da-ff98d108ede8\" : { \n \"value\" : \"Audit\"\n },\n \"effect-3657f5a0-770e-44a3-b44e-9431ba1e9735\" : { \n \"value\" : \"Audit\"\n },\n \"effect-b4ac1030-89c5-4697-8e00-28b5ba6a8811\" : { \n \"value\" : \"audit\"\n },\n \"effect-ea0dfaed-95fb-448c-934e-d6e713ce393d\" : { \n \"value\" : \"audit\"\n },\n \"effect-4733ea7b-a883-42fe-8cac-97454c2a9e4a\" : { \n \"value\" : \"Audit\"\n },\n \"effect-f4b53539-8df9-40e4-86c6-6b607703bd4e\" : { \n \"value\" : \"Audit\"\n },\n \"effect-41425d9f-d1a5-499a-9932-f8ed8453932c\" : { \n \"value\" : \"Audit\"\n },\n \"effect-fc4d8e41-e223-45ea-9bf5-eada37891d87\" : { \n \"value\" : \"Audit\"\n },\n \"effect-86efb160-8de7-451d-bc08-5d475b0aadae\" : { \n \"value\" : \"Audit\"\n },\n \"effect-4ec52d6d-beb7-40c4-9a9e-fe753254690e\" : { \n \"value\" : \"Audit\"\n },\n \"effect-64d314f6-6062-4780-a861-c23e8951bee5\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1fd32ebd-e4c3-4e13-a54a-d7422d4d95f6\" : { \n \"value\" : \"Audit\"\n },\n \"effect-fa298e57-9444-42ba-bf04-86e8470e32c7\" : { \n \"value\" : \"audit\"\n },\n \"effect-67121cc7-ff39-4ab8-b7e3-95b84dab487d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1f905d99-2ab7-462c-a6b0-f709acca6c8f\" : { \n \"value\" : \"audit\"\n },\n \"effect-5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\" : { \n \"value\" : \"Audit\"\n },\n \"effect-ba769a63-b8cc-4b2d-abf6-ac33c7204be8\" : { \n \"value\" : \"Audit\"\n },\n \"effect-81e74cea-30fd-40d5-802f-d72103c2aaaa\" : { \n \"value\" : \"Audit\"\n },\n \"effect-0aa61e00-0a01-4a3c-9945-e93cffedf0e6\" : { \n \"value\" : \"Audit\"\n },\n \"effect-47031206-ce96-41f8-861b-6a915f3de284\" : { \n \"value\" : \"Audit\"\n },\n \"effect-87ba29ef-1ab3-4d82-b763-87fcd4f531f7\" : { \n \"value\" : \"audit\"\n },\n \"effect-51522a96-0869-4791-82f3-981000c2c67f\" : { \n \"value\" : \"audit\"\n },\n \"effect-b5ec538c-daa0-4006-8596-35468b9148e8\" : { \n \"value\" : \"Audit\"\n },\n \"effect-56a5ee18-2ae6-4810-86f7-18e39ce5629b\" : { \n \"value\" : \"Audit\"\n },\n \"effect-2e94d99a-8a36-4563-bc77-810d8893b671\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1fafeaf6-7927-4059-a50a-8eb2a7a6f2b5\" : { \n \"value\" : \"Audit\"\n },\n \"effect-99e9ccd8-3db9-4592-b0d1-14b1715a4d8a\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1f68a601-6e6d-4e42-babf-3f643a047ea2\" : { \n \"value\" : \"audit\"\n },\n \"effect-f7d52b2d-e161-4dfa-a82b-55e564167385\" : { \n \"value\" : \"Audit\"\n },\n \"effect-7d7be79c-23ba-4033-84dd-45e2a5ccdd67\" : { \n \"value\" : \"Audit\"\n },\n \"effect-ca91455f-eace-4f96-be59-e6e2c35b4816\" : { \n \"value\" : \"Audit\"\n },\n \"effect-702dd420-7fcc-42c5-afe8-4026edd20fe0\" : { \n \"value\" : \"Audit\"\n },\n \"diagnosticsLogsInRedisCacheMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"secureTransferToStorageAccountMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"effect-d0793b48-0edc-4296-a390-4c75d1bdfd71\" : { \n \"value\" : \"Audit\"\n },\n \"effect-7d092e0a-7acd-40d2-a975-dca21cae48c4\" : { \n \"value\" : \"Audit\"\n },\n \"effect-2a1a9cdf-e04d-429a-8416-3bfb72a1b26f\" : { \n \"value\" : \"Audit\"\n },\n \"disableUnrestrictedNetworkToStorageAccountMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"effect-55615ac9-af46-4a59-874e-391cc3dfb490\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1b8ca024-1d5c-4dec-8995-b1a932b41780\" : { \n \"value\" : \"Audit\"\n },\n \"effect-037eea7a-bd0a-46c5-9a66-03aea78705d3\" : { \n \"value\" : \"Audit\"\n },\n \"effect-53503636-bcc9-4748-9663-5348217f160f\" : { \n \"value\" : \"Audit\"\n },\n \"effect-40cec1dd-a100-4920-b15b-3024fe8901ab\" : { \n \"value\" : \"Audit\"\n },\n \"effect-0725b4dd-7e76-479c-a735-68e7ee23d5ca\" : { \n \"value\" : \"Audit\"\n },\n \"effect-a049bf77-880b-470f-ba6d-9f21c530cf83\" : { \n \"value\" : \"Audit\"\n },\n \"effect-ee980b6d-0eca-4501-8d54-f6290fd512c3\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1d84d5fb-01f6-4d12-ba4f-4a26081d403d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-37e0d2fe-28a5-43d6-a273-67d37d1f5606\" : { \n \"value\" : \"Audit\"\n },\n \"identityDesignateMoreThanOneOwnerMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"diskEncryptionMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"emailNotificationToSubscriptionOwnerHighSeverityAlertsEnabledEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"functionAppDisableRemoteDebuggingMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"sqlDbEncryptionMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"vulnerabilityAssessmentOnManagedInstanceMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensurePHPVersionLatestForAPIAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"aadAuthenticationInSqlServerMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"vmssEndpointProtectionMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"vmssOsVulnerabilitiesMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"adaptiveApplicationControlsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"geoRedundantBackupShouldBeEnabledForAzureDatabaseForPostgreSQLEffect\" : { \n \"value\" : \"Audit\"\n },\n \"ensureJavaVersionLatestForWebAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityDesignateLessThanOwnersMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"securityContactEmailAddressForSubscriptionEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"webAppRestrictCORSAccessMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityRemoveExternalAccountWithWritePermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityRemoveExternalAccountWithReadPermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityRemoveDeprecatedAccountMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"functionAppEnforceHttpsMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"ensurePythonVersionLatestForWebAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensurePythonVersionLatestForFunctionAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensurePHPVersionLatestForWebAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensurePythonVersionLatestForAPIAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"geoRedundantBackupShouldBeEnabledForAzureDatabaseForMySQLEffect\" : { \n \"value\" : \"Audit\"\n },\n \"systemUpdatesMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensureJavaVersionLatestForAPIAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensureHTTPVersionLatestForWebAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"apiAppRequireLatestTlsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityEnableMFAForWritePermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensureHTTPVersionLatestForAPIAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensureJavaVersionLatestForFunctionAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"nextGenerationFirewallMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"useRbacRulesMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"webAppEnforceHttpsMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"sqlServerAuditingMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"vnetEnableDDoSProtectionMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityEnableMFAForOwnerPermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"sqlServerAdvancedDataSecurityMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"sqlManagedInstanceAdvancedDataSecurityMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"endpointProtectionMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"jitNetworkAccessMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"apiAppEnforceHttpsMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"geoRedundantStorageShouldBeEnabledForStorageAccountsEffect\" : { \n \"value\" : \"Audit\"\n },\n \"vmssSystemUpdatesMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"webAppDisableRemoteDebuggingMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"systemConfigurationsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"ensureHTTPVersionLatestForFunctionAppEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityEnableMFAForReadPermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"containerBenchmarkMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"apiAppDisableRemoteDebuggingMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"vulnerabilityAssessmentOnServerMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"webAppRequireLatestTlsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"functionAppRequireLatestTlsMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"kubernetesServiceVersionUpToDateMonitoringEffect\" : { \n \"value\" : \"Audit\"\n },\n \"sqlDbVulnerabilityAssesmentMonitoringEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"membersToIncludeInLocalAdministratorsGroup\" : { \n \"value\" : \"\"\n },\n \"membersToExcludeInLocalAdministratorsGroup\" : { \n \"value\" : \"\"\n },\n \"logAnalyticsWorkspaceIDForVMAgents\" : { \n \"value\" : \"\"\n },\n \"PHPLatestVersionForAppServices\" : { \n \"value\" : \"7.4\"\n },\n \"JavaLatestVersionForAppServices\" : { \n \"value\" : \"11\"\n },\n \"WindowsPythonLatestVersionForAppServices\" : { \n \"value\" : \"3.6\"\n },\n \"LinuxPythonLatestVersionForAppServices\" : { \n \"value\" : \"3.9\"\n },\n \"ensureDotNetFrameworkLatestForFunctionAppEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"sqlManagedInstanceAdvancedDataSecurityEmailsMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"vulnerabilityAssessmentMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"ensureDotNetFrameworkLatestForWebAppEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"sqlServerAdvancedDataSecurityEmailsMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"microsoftIaaSAntimalwareExtensionShouldBeDeployedOnWindowsServersEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"securityCenterStandardPricingTierShouldBeSelectedEffect\" : { \n \"value\" : \"Audit\"\n },\n \"theLogAnalyticsAgentShouldBeInstalledOnVirtualMachinesEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"ensurePHPVersionLatestForFunctionAppEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"securityContactPhoneNumberShouldBeProvidedForSubscriptionEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"threatDetectionTypesOnManagedInstanceMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"ensureDotNetFrameworkLatestForAPIAppEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"sqlServerAdvancedDataSecurityEmailAdminsMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"threatDetectionTypesOnServerMonitoringEffect\" : { \n \"value\" : \"Disabled\"\n },\n \"theLogAnalyticsAgentShouldBeInstalledOnVirtualMachineScaleSetsEffect\" : { \n \"value\" : \"AuditIfNotExists\"\n }\n}', '', extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('logAnalyticsWorkspaceResourceGroupName')), 'Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsWorkspaceName'))))), 'CMMC', createObject('id', '/providers/Microsoft.Authorization/policySetDefinitions/b5629c75-5c77-4422-87b9-2509e680f8de', 'parameters', json(replace('{\n \"logAnalyticsWorkspaceId-f47b5582-33ec-4c5c-87c0-b010a6b2e917\" : { \n \"value\" : \"\"\n },\n \"effect-09024ccc-0c5f-475e-9457-b7c0d9ed487b\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"MembersToExclude-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f\" :{\n \"value\": \"\"\n },\n \"MembersToInclude-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7\": {\n \"value\": \"\"\n },\n \"effect-0961003e-5a0a-4549-abde-af6a37f2724d\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-0b15565f-aa9e-48ba-8619-45960f2c314d\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-0e60b895-3786-45da-8377-9c6b4b6ac5f9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-17k78e20-9358-41c9-923c-fb736d382a12\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"PHPLatestVersion\" : { \n \"value\" : \"7.3\"\n },\n \"effect-22bee202-a82f-4305-9a2a-6d7f44d4dedb\" : { \n \"value\" : \"Audit\"\n },\n \"effect-26a828e1-e88f-464e-bbb3-c134a282b9de\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-34c877ad-507e-4c82-993e-3452a6e0ad3c\" : { \n \"value\" : \"Audit\"\n },\n \"effect-3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-404c3081-a854-4457-ae30-26a93ef643f9\" : { \n \"value\" : \"Audit\"\n },\n \"effect-47a6b606-51aa-4496-8bb7-64b11cf66adc\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-496223c3-ad65-4ecd-878a-bae78737e9ed\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"JavaLatestVersion\" : { \n \"value\" : \"11\"\n },\n \"effect-4f11b553-d42e-4e3a-89be-32ca364cad4c\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-5c607a2e-c700-4744-8254-d77e7c9eb5e4\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-5f76cf89-fbf2-47fd-a3f4-b891fa780b60\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-6b1cbf55-e8b6-442f-ba4c-7246b6381474\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab\" : { \n \"value\" : \"Audit\"\n },\n \"effect-7008174a-fd10-4ef0-817e-fc820a951d73\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"LinuxPythonLatestVersion\" : { \n \"value\" : \"3.8\"\n },\n \"effect-7238174a-fd10-4ef0-817e-fc820a951d73\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-7261b898-8a84-4db8-9e04-18527132abb3\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-74c3584d-afae-46f7-a20a-6f8adba71a16\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-86b3d65f-7626-441e-b690-81a8b71cff60\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-88999f4c-376a-45c8-bcb3-4058f713cf39\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-8c122334-9d20-4eb8-89ea-ac9a705b74ae\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-9297c21d-2ed6-4474-b48f-163f75654ce3\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-991310cd-e9f3-47bc-b7b6-f57b557d07db\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-9b597639-28e4-48eb-b506-56b05d366257\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-9daedab3-fb2d-461e-b861-71790eead4f6\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-a4af4a39-4135-47fb-b175-47fbdf85311d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9\" : { \n \"value\" : \"enabled\"\n },\n \"effect-a70ca396-0a34-413a-88e1-b956c1e683be\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-aa633080-8b72-40c4-a2d7-d00c03e80bed\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-af6cd1bd-1635-48cb-bde7-5b15693900b9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"resourceGroupName-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6\" : { \n \"value\" : \"NetworkWatcherRG\"\n },\n \"effect-b7ddfbdc-1260-477d-91fd-98bd9be789a6\" : { \n \"value\" : \"Audit\"\n },\n \"effect-c3f317a7-a95c-4547-b7e7-11017ebdf2fe\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-cb510bfd-1cba-4d9f-a230-cb0976f4bb71\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-e2c1c086-2d84-4019-bff3-c44ccd95113c\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-e3576e28-8b17-4677-84c3-db2990658d64\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-e8cbc669-f12d-49eb-93e7-9273119e9933\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-e9c8d085-d9cc-4b17-9cdc-059f1f01f19e\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-ebb62a0c-3560-49e1-89ed-27e074e9f8ad\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-efbde977-ba53-4479-b8e9-10b957924fbf\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-f6de0be7-9a8a-4b8a-b349-43cf02d22f7c\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-f8456c1c-aa66-4dfb-861a-25d127b775c9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-f9d614c5-c173-4d56-95a7-b4437057d193\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-fb893a29-21bb-418c-a157-e99480ec364c\" : { \n \"value\" : \"Audit\"\n },\n \"effect-feedbf84-6b99-488c-acc2-71c829aa5ffc\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-3b980d31-7904-4bb7-8575-5665739a8052\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-6e2593d9-add6-4083-9c9b-4b7d2188c899\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-12430be1-6cc8-4527-a9a8-e3d38f250096\" : { \n \"value\" : \"Audit\"\n },\n \"modeRequirement-12430be1-6cc8-4527-a9a8-e3d38f250096\" : { \n \"value\" : \"Detection\"\n },\n \"effect-425bea59-a659-4cbb-8d31-34499bd030b8\" : { \n \"value\" : \"Audit\"\n },\n \"modeRequirement-425bea59-a659-4cbb-8d31-34499bd030b8\" : { \n \"value\" : \"Detection\"\n },\n \"effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66\" : { \n \"value\" : \"Audit\"\n },\n \"effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c\" : { \n \"value\" : \"Audit\"\n },\n \"effect-013e242c-8828-4970-87b3-ab247555486d\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-d38fc420-0735-4ef3-ac11-c806f651a570\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-a1181c5f-672a-477a-979a-7d58aa086233\" : { \n \"value\" : \"Audit\"\n },\n \"effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-4da35fc9-c9e7-4960-aec9-797fe7d9051d\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-523b5cd1-3e23-492f-a539-13118b6d1e3a\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-7fe3b40f-802b-4cdd-8bd4-fd799c948cc2\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-c25d9a16-bc35-4e15-a7e5-9db606bf9ed4\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b0f33259-77d7-4c9e-aac6-3aabcfae693c\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-037eea7a-bd0a-46c5-9a66-03aea78705d3\" : { \n \"value\" : \"Audit\"\n },\n \"effect-0725b4dd-7e76-479c-a735-68e7ee23d5ca\" : { \n \"value\" : \"Audit\"\n },\n \"effect-0820b7b9-23aa-4725-a1ce-ae4558f718e5\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-2c89a2e5-7285-40fe-afe0-ae8654b92fab\" : { \n \"value\" : \"Audit\"\n },\n \"effect-358c20a6-3f9e-4f0e-97ff-c6ce485e2aac\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-5744710e-cc2f-4ee8-8809-3b11e89f4bc9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-ac4a19c2-fa67-49b4-8ae5-0b2e78c49457\" : { \n \"value\" : \"Audit\"\n },\n \"effect-c9d007d0-c057-4772-b18c-01e546713bcd\" : { \n \"value\" : \"Audit\"\n },\n \"effect-d0793b48-0edc-4296-a390-4c75d1bdfd71\" : { \n \"value\" : \"Audit\"\n },\n \"effect-e372f825-a257-4fb8-9175-797a8a8627d6\" : { \n \"value\" : \"Audit\"\n },\n \"effect-d158790f-bfb0-486c-8631-2dc6b4e8e6af\" : { \n \"value\" : \"Audit\"\n },\n \"effect-e802a67a-daf5-4436-9ea6-f6d821dd0c5d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-a451c1ef-c6ca-483d-87ed-f49761e3ffb5\" : { \n \"value\" : \"Audit\"\n },\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftSql-servers-firewallRules-delete\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-delete\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftClassicNetwork-networkSecurityGroups-delete\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-securityRules-delete\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftClassicNetwork-networkSecurityGroups-securityRules-delete\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-ae89ebca-1c92-4898-ac2c-9f63decb045c\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-d26f7642-7545-4e18-9b75-8c9bbdee3a9a\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-1a4e592a-6a6e-44a5-9814-e36264ca96e7\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-7796937f-307b-4598-941c-67d3a05ebfe7\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-c5447c04-a4d7-4ba8-a263-c9ee321a6858\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-41388f1c-2db0-4c25-95b2-35d7f5ccbfa9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-b02aacc0-b073-424e-8298-42b22829ee0a\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-0ec47710-77ff-4a3d-9181-6aa50af424d0\" : { \n \"value\" : \"Audit\"\n },\n \"effect-48af4db5-9b8b-401c-8e74-076be876a430\" : { \n \"value\" : \"Audit\"\n },\n \"effect-82339799-d096-41ae-8538-b108becf0970\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-bb91dfba-c30d-4263-9add-9c2384e659a6\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-e71308d3-144b-4262-b144-efdc3cc90517\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-2bdd0062-9d75-436e-89df-487dd8e4b3c7\" : { \n \"value\" : \"Disabled\"\n },\n \"effect-4733ea7b-a883-42fe-8cac-97454c2a9e4a\" : { \n \"value\" : \"Audit\"\n },\n \"effect-67121cc7-ff39-4ab8-b7e3-95b84dab487d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-6fac406b-40ca-413b-bf8e-0bf964659c25\" : { \n \"value\" : \"Audit\"\n },\n \"effect-81e74cea-30fd-40d5-802f-d72103c2aaaa\" : { \n \"value\" : \"Audit\"\n },\n \"effect-c349d81b-9985-44ae-a8da-ff98d108ede8\" : { \n \"value\" : \"Audit\"\n },\n \"effect-f4b53539-8df9-40e4-86c6-6b607703bd4e\" : { \n \"value\" : \"Audit\"\n },\n \"effect-ec068d99-e9c7-401f-8cef-5bdde4e6ccf1\" : { \n \"value\" : \"Audit\"\n },\n \"effect-048248b0-55cd-46da-b1ff-39efd52db260\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-0d134df8-db83-46fb-ad72-fe0c9428c8dd\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-2c89a2e5-7285-40fe-afe0-ae8654b92fb2\" : { \n \"value\" : \"Audit\"\n },\n \"effect-3657f5a0-770e-44a3-b44e-9431ba1e9735\" : { \n \"value\" : \"Audit\"\n },\n \"effect-5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580\" : { \n \"value\" : \"Audit\"\n },\n \"effect-617c02be-7f02-4efd-8836-3180d47b6c68\" : { \n \"value\" : \"Audit\"\n },\n \"effect-7d7be79c-23ba-4033-84dd-45e2a5ccdd67\" : { \n \"value\" : \"Audit\"\n },\n \"effect-87ba29ef-1ab3-4d82-b763-87fcd4f531f7\" : { \n \"value\" : \"audit\"\n },\n \"effect-f7d52b2d-e161-4dfa-a82b-55e564167385\" : { \n \"value\" : \"Audit\"\n },\n \"effect-c43e4a30-77cb-48ab-a4dd-93f175c63b57\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d\" : { \n \"value\" : \"Audit\"\n },\n \"effect-1f314764-cb73-4fc9-b863-8eca98ac36e9\" : { \n \"value\" : \"AuditIfNotExists\"\n },\n \"effect-123a3936-f020-408a-ba0c-47873faf1534\" : { \n \"value\" : \"AuditIfNotExists\"\n }\n}\n', '', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('logAnalyticsWorkspaceResourceGroupName')), 'Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsWorkspaceName')), '2021-06-01').customerId))))[variables('modifiedAssignment')].parameters]" + }, + "identity": { + "type": "SystemAssigned" + } + } + ] + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc')))]", + "[subscriptionResourceId(parameters('operationsSubscriptionId'), 'Microsoft.Resources/deployments', format('deploy-operations-rg-{0}', parameters('nowUtc')))]" + ] + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", + "name": "deploy-hub-sub-activity-logging", + "subscriptionId": "[parameters('hubSubscriptionId')]", + "location": "[deployment().location]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "diagnosticSettingName": { + "value": "[format('log-hub-sub-activity-to-{0}', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc'))), '2019-10-01').outputs.name.value)]" + }, + "logAnalyticsWorkspaceId": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc'))), '2019-10-01').outputs.id.value]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.4.613.9944", + "templateHash": "10501865331857601559" + } + }, + "parameters": { + "diagnosticSettingName": { + "type": "string" + }, + "logAnalyticsWorkspaceId": { + "type": "string" + } + }, + "functions": [], + "resources": [ + { + "type": "Microsoft.Insights/diagnosticSettings", + "apiVersion": "2021-05-01-preview", + "name": "[parameters('diagnosticSettingName')]", + "properties": { + "workspaceId": "[parameters('logAnalyticsWorkspaceId')]", + "logs": [ + { + "category": "Administrative", + "enabled": true + }, + { + "category": "Security", + "enabled": true + }, + { + "category": "ServiceHealth", + "enabled": true + }, + { + "category": "Alert", + "enabled": true + }, + { + "category": "Recommendation", + "enabled": true + }, + { + "category": "Policy", + "enabled": true + }, + { + "category": "Autoscale", + "enabled": true + }, + { + "category": "ResourceHealth", + "enabled": true + } + ] + } + } + ] + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc')))]" + ] + }, + { + "condition": "[not(equals(parameters('hubSubscriptionId'), parameters('operationsSubscriptionId')))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", + "name": "deploy-operations-sub-activity-logging", + "subscriptionId": "[parameters('operationsSubscriptionId')]", + "location": "[deployment().location]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "diagnosticSettingName": { + "value": "[format('log-operations-sub-activity-to-{0}', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc'))), '2019-10-01').outputs.name.value)]" + }, + "logAnalyticsWorkspaceId": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc'))), '2019-10-01').outputs.id.value]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.4.613.9944", + "templateHash": "10501865331857601559" + } + }, + "parameters": { + "diagnosticSettingName": { + "type": "string" + }, + "logAnalyticsWorkspaceId": { + "type": "string" + } + }, + "functions": [], + "resources": [ + { + "type": "Microsoft.Insights/diagnosticSettings", + "apiVersion": "2021-05-01-preview", + "name": "[parameters('diagnosticSettingName')]", + "properties": { + "workspaceId": "[parameters('logAnalyticsWorkspaceId')]", + "logs": [ + { + "category": "Administrative", + "enabled": true + }, + { + "category": "Security", + "enabled": true + }, + { + "category": "ServiceHealth", + "enabled": true + }, + { + "category": "Alert", + "enabled": true + }, + { + "category": "Recommendation", + "enabled": true + }, + { + "category": "Policy", + "enabled": true + }, + { + "category": "Autoscale", + "enabled": true + }, + { + "category": "ResourceHealth", + "enabled": true + } + ] + } + } + ] + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc')))]" + ] + }, + { + "condition": "[not(equals(parameters('hubSubscriptionId'), parameters('identitySubscriptionId')))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", + "name": "deploy-identity-sub-activity-logging", + "subscriptionId": "[parameters('identitySubscriptionId')]", + "location": "[deployment().location]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "diagnosticSettingName": { + "value": "[format('log-identity-sub-activity-to-{0}', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc'))), '2019-10-01').outputs.name.value)]" + }, + "logAnalyticsWorkspaceId": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc'))), '2019-10-01').outputs.id.value]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.4.613.9944", + "templateHash": "10501865331857601559" + } + }, + "parameters": { + "diagnosticSettingName": { + "type": "string" + }, + "logAnalyticsWorkspaceId": { + "type": "string" + } + }, + "functions": [], + "resources": [ + { + "type": "Microsoft.Insights/diagnosticSettings", + "apiVersion": "2021-05-01-preview", + "name": "[parameters('diagnosticSettingName')]", + "properties": { + "workspaceId": "[parameters('logAnalyticsWorkspaceId')]", + "logs": [ + { + "category": "Administrative", + "enabled": true + }, + { + "category": "Security", + "enabled": true + }, + { + "category": "ServiceHealth", + "enabled": true + }, + { + "category": "Alert", + "enabled": true + }, + { + "category": "Recommendation", + "enabled": true + }, + { + "category": "Policy", + "enabled": true + }, + { + "category": "Autoscale", + "enabled": true + }, + { + "category": "ResourceHealth", + "enabled": true + } + ] + } + } + ] + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc')))]" + ] + }, + { + "condition": "[not(equals(parameters('hubSubscriptionId'), parameters('sharedServicesSubscriptionId')))]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", + "name": "deploy-sharedServices-sub-activity-logging", + "subscriptionId": "[parameters('sharedServicesSubscriptionId')]", + "location": "[deployment().location]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "diagnosticSettingName": { + "value": "[format('log-sharedServices-sub-activity-to-{0}', reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc'))), '2019-10-01').outputs.name.value)]" + }, + "logAnalyticsWorkspaceId": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc'))), '2019-10-01').outputs.id.value]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.4.613.9944", + "templateHash": "10501865331857601559" + } + }, + "parameters": { + "diagnosticSettingName": { + "type": "string" + }, + "logAnalyticsWorkspaceId": { + "type": "string" + } + }, + "functions": [], + "resources": [ + { + "type": "Microsoft.Insights/diagnosticSettings", + "apiVersion": "2021-05-01-preview", + "name": "[parameters('diagnosticSettingName')]", + "properties": { + "workspaceId": "[parameters('logAnalyticsWorkspaceId')]", + "logs": [ + { + "category": "Administrative", + "enabled": true + }, + { + "category": "Security", + "enabled": true + }, + { + "category": "ServiceHealth", + "enabled": true + }, + { + "category": "Alert", + "enabled": true + }, + { + "category": "Recommendation", + "enabled": true + }, + { + "category": "Policy", + "enabled": true + }, + { + "category": "Autoscale", + "enabled": true + }, + { + "category": "ResourceHealth", + "enabled": true + } + ] + } + } + ] + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('operationsSubscriptionId'), parameters('operationsResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-laws-{0}', parameters('nowUtc')))]" + ] + }, + { + "condition": "[parameters('deployRemoteAccess')]", + "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", + "name": "[format('deploy-remote-access-{0}', parameters('nowUtc'))]", + "subscriptionId": "[parameters('hubSubscriptionId')]", + "resourceGroup": "[parameters('hubResourceGroupName')]", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "location": { + "value": "[parameters('hubLocation')]" + }, + "hubVirtualNetworkName": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), parameters('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-hub-{0}', parameters('nowUtc'))), '2019-10-01').outputs.virtualNetworkName.value]" + }, + "hubSubnetResourceId": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), parameters('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-hub-{0}', parameters('nowUtc'))), '2019-10-01').outputs.subnetResourceId.value]" + }, + "hubNetworkSecurityGroupResourceId": { + "value": "[reference(extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), parameters('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-hub-{0}', parameters('nowUtc'))), '2019-10-01').outputs.networkSecurityGroupResourceId.value]" + }, + "bastionHostName": { + "value": "[parameters('bastionHostName')]" + }, + "bastionHostSubnetAddressPrefix": { + "value": "[parameters('bastionHostSubnetAddressPrefix')]" + }, + "bastionHostPublicIPAddressName": { + "value": "[parameters('bastionHostPublicIPAddressName')]" + }, + "bastionHostPublicIPAddressSkuName": { + "value": "[parameters('bastionHostPublicIPAddressSkuName')]" + }, + "bastionHostPublicIPAddressAllocationMethod": { + "value": "[parameters('bastionHostPublicIPAddressAllocationMethod')]" + }, + "bastionHostPublicIPAddressAvailabilityZones": { + "value": "[parameters('bastionHostPublicIPAddressAvailabilityZones')]" + }, + "bastionHostIPConfigurationName": { + "value": "[parameters('bastionHostIPConfigurationName')]" + }, + "linuxNetworkInterfaceIpConfigurationName": { + "value": "[parameters('linuxNetworkInterfaceIpConfigurationName')]" + }, + "linuxNetworkInterfacePrivateIPAddressAllocationMethod": { + "value": "[parameters('linuxNetworkInterfacePrivateIPAddressAllocationMethod')]" + }, + "linuxVmName": { + "value": "[parameters('linuxVmName')]" + }, + "linuxVmSize": { + "value": "[parameters('linuxVmSize')]" + }, + "linuxVmOsDiskCreateOption": { + "value": "[parameters('linuxVmOsDiskCreateOption')]" + }, + "linuxVmOsDiskType": { + "value": "[parameters('linuxVmOsDiskType')]" + }, + "linuxVmImagePublisher": { + "value": "[parameters('linuxVmImagePublisher')]" + }, + "linuxVmImageOffer": { + "value": "[parameters('linuxVmImageOffer')]" + }, + "linuxVmImageSku": { + "value": "[parameters('linuxVmImageSku')]" + }, + "linuxVmImageVersion": { + "value": "[parameters('linuxVmImageVersion')]" + }, + "linuxVmAdminUsername": { + "value": "[parameters('linuxVmAdminUsername')]" + }, + "linuxVmAuthenticationType": { + "value": "[parameters('linuxVmAuthenticationType')]" + }, + "linuxVmAdminPasswordOrKey": { + "value": "[parameters('linuxVmAdminPasswordOrKey')]" + }, + "linuxVmNetworkInterfaceName": { + "value": "[parameters('linuxVmNetworkInterfaceName')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.4.613.9944", + "templateHash": "15146003623826486692" + } + }, + "parameters": { + "location": { + "type": "string" + }, + "tags": { + "type": "object", + "defaultValue": {} + }, + "hubVirtualNetworkName": { + "type": "string" + }, + "hubSubnetResourceId": { + "type": "string" + }, + "hubNetworkSecurityGroupResourceId": { + "type": "string" + }, + "bastionHostName": { + "type": "string" + }, + "bastionHostSubnetAddressPrefix": { + "type": "string" + }, + "bastionHostPublicIPAddressName": { + "type": "string" + }, + "bastionHostPublicIPAddressSkuName": { + "type": "string" + }, + "bastionHostPublicIPAddressAllocationMethod": { + "type": "string" + }, + "bastionHostPublicIPAddressAvailabilityZones": { + "type": "array" + }, + "bastionHostIPConfigurationName": { + "type": "string" + }, + "linuxVmName": { + "type": "string" + }, + "linuxVmSize": { + "type": "string" + }, + "linuxVmOsDiskCreateOption": { + "type": "string" + }, + "linuxVmOsDiskType": { + "type": "string" + }, + "linuxVmImagePublisher": { + "type": "string" + }, + "linuxVmImageOffer": { + "type": "string" + }, + "linuxVmImageSku": { + "type": "string" + }, + "linuxVmImageVersion": { + "type": "string" + }, + "linuxVmAdminUsername": { + "type": "string" + }, + "linuxVmAuthenticationType": { + "type": "string", + "allowedValues": [ + "sshPublicKey", + "password" + ] + }, + "linuxVmAdminPasswordOrKey": { + "type": "secureString" + }, + "linuxVmNetworkInterfaceName": { + "type": "string" + }, + "linuxNetworkInterfaceIpConfigurationName": { + "type": "string" + }, + "linuxNetworkInterfacePrivateIPAddressAllocationMethod": { + "type": "string" + } + }, + "functions": [], + "resources": [ + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", + "name": "remoteAccess-bastionHost", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "name": { + "value": "[parameters('bastionHostName')]" + }, + "location": { + "value": "[parameters('location')]" + }, + "tags": { + "value": "[parameters('tags')]" + }, + "virtualNetworkName": { + "value": "[parameters('hubVirtualNetworkName')]" + }, + "subnetAddressPrefix": { + "value": "[parameters('bastionHostSubnetAddressPrefix')]" + }, + "publicIPAddressName": { + "value": "[parameters('bastionHostPublicIPAddressName')]" + }, + "publicIPAddressSkuName": { + "value": "[parameters('bastionHostPublicIPAddressSkuName')]" + }, + "publicIPAddressAllocationMethod": { + "value": "[parameters('bastionHostPublicIPAddressAllocationMethod')]" + }, + "publicIPAddressAvailabilityZones": { + "value": "[parameters('bastionHostPublicIPAddressAvailabilityZones')]" + }, + "ipConfigurationName": { + "value": "[parameters('bastionHostIPConfigurationName')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.4.613.9944", + "templateHash": "10497818437168204965" + } + }, + "parameters": { + "name": { + "type": "string" + }, + "location": { + "type": "string" + }, + "tags": { + "type": "object", + "defaultValue": {} + }, + "virtualNetworkName": { + "type": "string" + }, + "subnetAddressPrefix": { + "type": "string" + }, + "publicIPAddressName": { + "type": "string" + }, + "publicIPAddressSkuName": { + "type": "string" + }, + "publicIPAddressAllocationMethod": { + "type": "string" + }, + "publicIPAddressAvailabilityZones": { + "type": "array" + }, + "ipConfigurationName": { + "type": "string" + } + }, + "functions": [], + "variables": { + "subnetName": "AzureBastionSubnet" + }, + "resources": [ + { + "type": "Microsoft.Network/publicIPAddresses", + "apiVersion": "2021-02-01", + "name": "[parameters('publicIPAddressName')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "sku": { + "name": "[parameters('publicIPAddressSkuName')]" + }, + "properties": { + "publicIPAllocationMethod": "[parameters('publicIPAddressAllocationMethod')]" + }, + "zones": "[parameters('publicIPAddressAvailabilityZones')]" + }, + { + "type": "Microsoft.Network/virtualNetworks/subnets", + "apiVersion": "2021-02-01", + "name": "[format('{0}/{1}', parameters('virtualNetworkName'), variables('subnetName'))]", + "properties": { + "addressPrefix": "[parameters('subnetAddressPrefix')]" + } + }, + { + "type": "Microsoft.Network/bastionHosts", + "apiVersion": "2021-02-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "properties": { + "ipConfigurations": [ + { + "name": "[parameters('ipConfigurationName')]", + "properties": { + "subnet": { + "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', split(format('{0}/{1}', parameters('virtualNetworkName'), variables('subnetName')), '/')[0], split(format('{0}/{1}', parameters('virtualNetworkName'), variables('subnetName')), '/')[1])]" + }, + "publicIPAddress": { + "id": "[resourceId('Microsoft.Network/publicIPAddresses', parameters('publicIPAddressName'))]" + } + } + } + ] + }, + "dependsOn": [ + "[resourceId('Microsoft.Network/publicIPAddresses', parameters('publicIPAddressName'))]", + "[resourceId('Microsoft.Network/virtualNetworks/subnets', split(format('{0}/{1}', parameters('virtualNetworkName'), variables('subnetName')), '/')[0], split(format('{0}/{1}', parameters('virtualNetworkName'), variables('subnetName')), '/')[1])]" + ] + } + ] + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", + "name": "remoteAccess-linuxNetworkInterface", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "name": { + "value": "[parameters('linuxVmNetworkInterfaceName')]" + }, + "location": { + "value": "[parameters('location')]" + }, + "tags": { + "value": "[parameters('tags')]" + }, + "ipConfigurationName": { + "value": "[parameters('linuxNetworkInterfaceIpConfigurationName')]" + }, + "networkSecurityGroupId": { + "value": "[parameters('hubNetworkSecurityGroupResourceId')]" + }, + "privateIPAddressAllocationMethod": { + "value": "[parameters('linuxNetworkInterfacePrivateIPAddressAllocationMethod')]" + }, + "subnetId": { + "value": "[parameters('hubSubnetResourceId')]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.4.613.9944", + "templateHash": "14459425343428091407" + } + }, + "parameters": { + "name": { + "type": "string" + }, + "location": { + "type": "string" + }, + "tags": { + "type": "object", + "defaultValue": {} + }, + "ipConfigurationName": { + "type": "string" + }, + "subnetId": { + "type": "string" + }, + "networkSecurityGroupId": { + "type": "string" + }, + "privateIPAddressAllocationMethod": { + "type": "string" + } + }, + "functions": [], + "resources": [ + { + "type": "Microsoft.Network/networkInterfaces", + "apiVersion": "2021-02-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "properties": { + "ipConfigurations": [ + { + "name": "[parameters('ipConfigurationName')]", + "properties": { + "subnet": { + "id": "[parameters('subnetId')]" + }, + "privateIPAllocationMethod": "[parameters('privateIPAddressAllocationMethod')]" + } + } + ], + "networkSecurityGroup": { + "id": "[parameters('networkSecurityGroupId')]" + } + } + } + ], + "outputs": { + "id": { + "type": "string", + "value": "[resourceId('Microsoft.Network/networkInterfaces', parameters('name'))]" + }, + "name": { + "type": "string", + "value": "[parameters('name')]" + } + } + } + } + }, + { + "type": "Microsoft.Resources/deployments", + "apiVersion": "2019-10-01", + "name": "remoteAccess-linuxVirtualMachine", + "properties": { + "expressionEvaluationOptions": { + "scope": "inner" + }, + "mode": "Incremental", + "parameters": { + "name": { + "value": "[parameters('linuxVmName')]" + }, + "location": { + "value": "[parameters('location')]" + }, + "tags": { + "value": "[parameters('tags')]" + }, + "vmSize": { + "value": "[parameters('linuxVmSize')]" + }, + "osDiskCreateOption": { + "value": "[parameters('linuxVmOsDiskCreateOption')]" + }, + "osDiskType": { + "value": "[parameters('linuxVmOsDiskType')]" + }, + "vmImagePublisher": { + "value": "[parameters('linuxVmImagePublisher')]" + }, + "vmImageOffer": { + "value": "[parameters('linuxVmImageOffer')]" + }, + "vmImageSku": { + "value": "[parameters('linuxVmImageSku')]" + }, + "vmImageVersion": { + "value": "[parameters('linuxVmImageVersion')]" + }, + "adminUsername": { + "value": "[parameters('linuxVmAdminUsername')]" + }, + "authenticationType": { + "value": "[parameters('linuxVmAuthenticationType')]" + }, + "adminPasswordOrKey": { + "value": "[parameters('linuxVmAdminPasswordOrKey')]" + }, + "networkInterfaceName": { + "value": "[reference(resourceId('Microsoft.Resources/deployments', 'remoteAccess-linuxNetworkInterface'), '2019-10-01').outputs.name.value]" + } + }, + "template": { + "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#", + "contentVersion": "1.0.0.0", + "metadata": { + "_generator": { + "name": "bicep", + "version": "0.4.613.9944", + "templateHash": "16223346466626986050" + } + }, + "parameters": { + "name": { + "type": "string" + }, + "location": { + "type": "string" + }, + "tags": { + "type": "object", + "defaultValue": {} + }, + "networkInterfaceName": { + "type": "string" + }, + "vmSize": { + "type": "string" + }, + "osDiskCreateOption": { + "type": "string" + }, + "osDiskType": { + "type": "string" + }, + "vmImagePublisher": { + "type": "string" + }, + "vmImageOffer": { + "type": "string" + }, + "vmImageSku": { + "type": "string" + }, + "vmImageVersion": { + "type": "string" + }, + "adminUsername": { + "type": "string" + }, + "authenticationType": { + "type": "string", + "allowedValues": [ + "sshPublicKey", + "password" + ] + }, + "adminPasswordOrKey": { + "type": "secureString" + } + }, + "functions": [], + "variables": { + "linuxConfiguration": { + "disablePasswordAuthentication": true, + "ssh": { + "publicKeys": [ + { + "path": "[format('/home/{0}/.ssh/authorized_keys', parameters('adminUsername'))]", + "keyData": "[parameters('adminPasswordOrKey')]" + } + ] + } + } + }, + "resources": [ + { + "type": "Microsoft.Compute/virtualMachines", + "apiVersion": "2020-06-01", + "name": "[parameters('name')]", + "location": "[parameters('location')]", + "tags": "[parameters('tags')]", + "properties": { + "hardwareProfile": { + "vmSize": "[parameters('vmSize')]" + }, + "storageProfile": { + "osDisk": { + "createOption": "[parameters('osDiskCreateOption')]", + "managedDisk": { + "storageAccountType": "[parameters('osDiskType')]" + } + }, + "imageReference": { + "publisher": "[parameters('vmImagePublisher')]", + "offer": "[parameters('vmImageOffer')]", + "sku": "[parameters('vmImageSku')]", + "version": "[parameters('vmImageVersion')]" + } + }, + "networkProfile": { + "networkInterfaces": [ + { + "id": "[resourceId('Microsoft.Network/networkInterfaces', parameters('networkInterfaceName'))]" + } + ] + }, + "osProfile": { + "computerName": "[parameters('name')]", + "adminUsername": "[parameters('adminUsername')]", + "adminPassword": "[parameters('adminPasswordOrKey')]", + "linuxConfiguration": "[if(equals(parameters('authenticationType'), 'password'), null(), variables('linuxConfiguration'))]" + } + } + } + ], + "outputs": { + "adminUsername": { + "type": "string", + "value": "[parameters('adminUsername')]" + }, + "authenticationType": { + "type": "string", + "value": "[parameters('authenticationType')]" + } + } + } + }, + "dependsOn": [ + "[resourceId('Microsoft.Resources/deployments', 'remoteAccess-linuxNetworkInterface')]" + ] + } + ] + } + }, + "dependsOn": [ + "[extensionResourceId(format('/subscriptions/{0}/resourceGroups/{1}', parameters('hubSubscriptionId'), parameters('hubResourceGroupName')), 'Microsoft.Resources/deployments', format('deploy-hub-{0}', parameters('nowUtc')))]" + ] } ], "outputs": { diff --git a/src/bicep/examples/remoteAccess/modules/bastionHost.bicep b/src/bicep/modules/bastionHost.bicep similarity index 100% rename from src/bicep/examples/remoteAccess/modules/bastionHost.bicep rename to src/bicep/modules/bastionHost.bicep diff --git a/src/bicep/modules/centralLogging.bicep b/src/bicep/modules/centralLogging.bicep new file mode 100644 index 000000000..c19e7d0c0 --- /dev/null +++ b/src/bicep/modules/centralLogging.bicep @@ -0,0 +1,48 @@ +// scope +targetScope = 'subscription' + +param diagnosticSettingName string +param logAnalyticsWorkspaceId string + +//// Central activity logging to LAWS +resource centralLoggingDiagnosticSettings 'Microsoft.Insights/diagnosticSettings@2021-05-01-preview' = { + name: diagnosticSettingName + properties: { + workspaceId: logAnalyticsWorkspaceId + logs: [ + { + category: 'Administrative' + enabled: true + } + { + category: 'Security' + enabled: true + } + { + category: 'ServiceHealth' + enabled: true + } + { + category: 'Alert' + enabled: true + } + { + category: 'Recommendation' + enabled: true + } + { + category: 'Policy' + enabled: true + } + { + category: 'Autoscale' + enabled: true + } + { + category: 'ResourceHealth' + enabled: true + } + ] + } + +} diff --git a/src/bicep/examples/remoteAccess/modules/linuxVirtualMachine.bicep b/src/bicep/modules/linuxVirtualMachine.bicep similarity index 68% rename from src/bicep/examples/remoteAccess/modules/linuxVirtualMachine.bicep rename to src/bicep/modules/linuxVirtualMachine.bicep index f8b0d58d4..7afc4ad25 100644 --- a/src/bicep/examples/remoteAccess/modules/linuxVirtualMachine.bicep +++ b/src/bicep/modules/linuxVirtualMachine.bicep @@ -2,11 +2,11 @@ param name string param location string param tags object = {} -param vmSize string +param networkInterfaceName string +param vmSize string param osDiskCreateOption string param osDiskType string - param vmImagePublisher string param vmImageOffer string param vmImageSku string @@ -17,16 +17,10 @@ param adminUsername string 'sshPublicKey' 'password' ]) -param authenticationType string = 'password' +param authenticationType string @secure() param adminPasswordOrKey string -param networkInterfaceName string -param networkInterfaceIpConfigurationName string -param networkInterfaceSubnetId string -param networkInterfaceNetworkSecurityGroupId string -param networkInterfacePrivateIPAddressAllocationMethod string - var linuxConfiguration = { disablePasswordAuthentication: true ssh: { @@ -39,24 +33,15 @@ var linuxConfiguration = { } } -module networkInterface './networkInterface.bicep' = { - name: 'networkInterface' - - params: { - name: networkInterfaceName - location: location - tags: tags - - ipConfigurationName: networkInterfaceIpConfigurationName - subnetId: networkInterfaceSubnetId - networkSecurityGroupId: networkInterfaceNetworkSecurityGroupId - privateIPAddressAllocationMethod: networkInterfacePrivateIPAddressAllocationMethod - } +resource networkInterface 'Microsoft.Network/networkInterfaces@2021-02-01' existing = { + name: networkInterfaceName } resource virtualMachine 'Microsoft.Compute/virtualMachines@2020-06-01' = { name: name location: location + tags: tags + properties: { hardwareProfile: { vmSize: vmSize @@ -78,7 +63,7 @@ resource virtualMachine 'Microsoft.Compute/virtualMachines@2020-06-01' = { networkProfile: { networkInterfaces: [ { - id: networkInterface.outputs.id + id: networkInterface.id } ] } diff --git a/src/bicep/modules/logAnalyticsWorkspace.bicep b/src/bicep/modules/logAnalyticsWorkspace.bicep index 1e492f66a..89d00827c 100644 --- a/src/bicep/modules/logAnalyticsWorkspace.bicep +++ b/src/bicep/modules/logAnalyticsWorkspace.bicep @@ -4,6 +4,7 @@ param tags object = {} param retentionInDays int = 30 param skuName string = 'PerGB2018' param workspaceCappingDailyQuotaGb int = -1 +param deploySentinel bool = false resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2021-06-01' = { name: name @@ -20,5 +21,15 @@ resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2021-06 } } +//// sentinel +module sentinelSolution './sentinelSolution.bicep' = if (deploySentinel) { + name: 'sentinelSolution' + params: { + workspaceName: logAnalyticsWorkspace.name + workspaceLocation: location + tags: tags + } +} + output id string = logAnalyticsWorkspace.id output name string = logAnalyticsWorkspace.name diff --git a/src/bicep/examples/remoteAccess/modules/networkInterface.bicep b/src/bicep/modules/networkInterface.bicep similarity index 94% rename from src/bicep/examples/remoteAccess/modules/networkInterface.bicep rename to src/bicep/modules/networkInterface.bicep index 7254995aa..b94decb03 100644 --- a/src/bicep/examples/remoteAccess/modules/networkInterface.bicep +++ b/src/bicep/modules/networkInterface.bicep @@ -3,11 +3,8 @@ param location string param tags object = {} param ipConfigurationName string - param subnetId string - param networkSecurityGroupId string - param privateIPAddressAllocationMethod string resource networkInterface 'Microsoft.Network/networkInterfaces@2021-02-01' = { @@ -34,3 +31,4 @@ resource networkInterface 'Microsoft.Network/networkInterfaces@2021-02-01' = { } output id string = networkInterface.id +output name string = networkInterface.name diff --git a/src/bicep/modules/policies/CMMC-policyAssignmentParameters.json b/src/bicep/modules/policies/CMMC-policyAssignmentParameters.json new file mode 100644 index 000000000..1aafef0e5 --- /dev/null +++ b/src/bicep/modules/policies/CMMC-policyAssignmentParameters.json @@ -0,0 +1,410 @@ +{ + "logAnalyticsWorkspaceId-f47b5582-33ec-4c5c-87c0-b010a6b2e917" : { + "value" : "" + }, + "effect-09024ccc-0c5f-475e-9457-b7c0d9ed487b" : { + "value" : "AuditIfNotExists" + }, + "MembersToExclude-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f" :{ + "value": "" + }, + "MembersToInclude-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7": { + "value": "" + }, + "effect-0961003e-5a0a-4549-abde-af6a37f2724d" : { + "value" : "AuditIfNotExists" + }, + "effect-0b15565f-aa9e-48ba-8619-45960f2c314d" : { + "value" : "AuditIfNotExists" + }, + "effect-0e60b895-3786-45da-8377-9c6b4b6ac5f9" : { + "value" : "AuditIfNotExists" + }, + "effect-17k78e20-9358-41c9-923c-fb736d382a12" : { + "value" : "AuditIfNotExists" + }, + "effect-1bc1795e-d44a-4d48-9b3b-6fff0fd5f9ba" : { + "value" : "AuditIfNotExists" + }, + "PHPLatestVersion" : { + "value" : "7.3" + }, + "effect-22bee202-a82f-4305-9a2a-6d7f44d4dedb" : { + "value" : "Audit" + }, + "effect-26a828e1-e88f-464e-bbb3-c134a282b9de" : { + "value" : "AuditIfNotExists" + }, + "effect-34c877ad-507e-4c82-993e-3452a6e0ad3c" : { + "value" : "Audit" + }, + "effect-3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4" : { + "value" : "AuditIfNotExists" + }, + "effect-404c3081-a854-4457-ae30-26a93ef643f9" : { + "value" : "Audit" + }, + "effect-47a6b606-51aa-4496-8bb7-64b11cf66adc" : { + "value" : "AuditIfNotExists" + }, + "effect-496223c3-ad65-4ecd-878a-bae78737e9ed" : { + "value" : "AuditIfNotExists" + }, + "JavaLatestVersion" : { + "value" : "11" + }, + "effect-4f11b553-d42e-4e3a-89be-32ca364cad4c" : { + "value" : "AuditIfNotExists" + }, + "effect-4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7" : { + "value" : "AuditIfNotExists" + }, + "effect-5c607a2e-c700-4744-8254-d77e7c9eb5e4" : { + "value" : "AuditIfNotExists" + }, + "effect-5f76cf89-fbf2-47fd-a3f4-b891fa780b60" : { + "value" : "AuditIfNotExists" + }, + "effect-6b1cbf55-e8b6-442f-ba4c-7246b6381474" : { + "value" : "AuditIfNotExists" + }, + "effect-6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab" : { + "value" : "Audit" + }, + "effect-7008174a-fd10-4ef0-817e-fc820a951d73" : { + "value" : "AuditIfNotExists" + }, + "LinuxPythonLatestVersion" : { + "value" : "3.8" + }, + "effect-7238174a-fd10-4ef0-817e-fc820a951d73" : { + "value" : "AuditIfNotExists" + }, + "effect-7261b898-8a84-4db8-9e04-18527132abb3" : { + "value" : "AuditIfNotExists" + }, + "effect-74c3584d-afae-46f7-a20a-6f8adba71a16" : { + "value" : "AuditIfNotExists" + }, + "effect-86b3d65f-7626-441e-b690-81a8b71cff60" : { + "value" : "AuditIfNotExists" + }, + "effect-88999f4c-376a-45c8-bcb3-4058f713cf39" : { + "value" : "AuditIfNotExists" + }, + "effect-8c122334-9d20-4eb8-89ea-ac9a705b74ae" : { + "value" : "AuditIfNotExists" + }, + "effect-8cb6aa8b-9e41-4f4e-aa25-089a7ac2581e" : { + "value" : "AuditIfNotExists" + }, + "effect-9297c21d-2ed6-4474-b48f-163f75654ce3" : { + "value" : "AuditIfNotExists" + }, + "effect-991310cd-e9f3-47bc-b7b6-f57b557d07db" : { + "value" : "AuditIfNotExists" + }, + "effect-9b597639-28e4-48eb-b506-56b05d366257" : { + "value" : "AuditIfNotExists" + }, + "effect-9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc" : { + "value" : "AuditIfNotExists" + }, + "effect-9daedab3-fb2d-461e-b861-71790eead4f6" : { + "value" : "AuditIfNotExists" + }, + "effect-a4af4a39-4135-47fb-b175-47fbdf85311d" : { + "value" : "Audit" + }, + "effect-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9" : { + "value" : "AuditIfNotExists" + }, + "setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9" : { + "value" : "enabled" + }, + "effect-a70ca396-0a34-413a-88e1-b956c1e683be" : { + "value" : "AuditIfNotExists" + }, + "effect-aa633080-8b72-40c4-a2d7-d00c03e80bed" : { + "value" : "AuditIfNotExists" + }, + "effect-abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9" : { + "value" : "AuditIfNotExists" + }, + "effect-abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9" : { + "value" : "AuditIfNotExists" + }, + "effect-af6cd1bd-1635-48cb-bde7-5b15693900b9" : { + "value" : "AuditIfNotExists" + }, + "resourceGroupName-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6" : { + "value" : "NetworkWatcherRG" + }, + "effect-b7ddfbdc-1260-477d-91fd-98bd9be789a6" : { + "value" : "Audit" + }, + "effect-c3f317a7-a95c-4547-b7e7-11017ebdf2fe" : { + "value" : "AuditIfNotExists" + }, + "effect-cb510bfd-1cba-4d9f-a230-cb0976f4bb71" : { + "value" : "AuditIfNotExists" + }, + "effect-e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15" : { + "value" : "AuditIfNotExists" + }, + "effect-e2c1c086-2d84-4019-bff3-c44ccd95113c" : { + "value" : "AuditIfNotExists" + }, + "effect-e3576e28-8b17-4677-84c3-db2990658d64" : { + "value" : "AuditIfNotExists" + }, + "effect-e8cbc669-f12d-49eb-93e7-9273119e9933" : { + "value" : "AuditIfNotExists" + }, + "effect-e9c8d085-d9cc-4b17-9cdc-059f1f01f19e" : { + "value" : "AuditIfNotExists" + }, + "effect-ebb62a0c-3560-49e1-89ed-27e074e9f8ad" : { + "value" : "AuditIfNotExists" + }, + "effect-efbde977-ba53-4479-b8e9-10b957924fbf" : { + "value" : "AuditIfNotExists" + }, + "effect-f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b" : { + "value" : "AuditIfNotExists" + }, + "effect-f6de0be7-9a8a-4b8a-b349-43cf02d22f7c" : { + "value" : "AuditIfNotExists" + }, + "effect-f8456c1c-aa66-4dfb-861a-25d127b775c9" : { + "value" : "AuditIfNotExists" + }, + "effect-f9d614c5-c173-4d56-95a7-b4437057d193" : { + "value" : "AuditIfNotExists" + }, + "effect-fb893a29-21bb-418c-a157-e99480ec364c" : { + "value" : "Audit" + }, + "effect-feedbf84-6b99-488c-acc2-71c829aa5ffc" : { + "value" : "AuditIfNotExists" + }, + "effect-3b980d31-7904-4bb7-8575-5665739a8052" : { + "value" : "AuditIfNotExists" + }, + "effect-6e2593d9-add6-4083-9c9b-4b7d2188c899" : { + "value" : "AuditIfNotExists" + }, + "effect-b607c5de-e7d9-4eee-9e5c-83f1bcee4fa0" : { + "value" : "AuditIfNotExists" + }, + "effect-12430be1-6cc8-4527-a9a8-e3d38f250096" : { + "value" : "Audit" + }, + "modeRequirement-12430be1-6cc8-4527-a9a8-e3d38f250096" : { + "value" : "Detection" + }, + "effect-425bea59-a659-4cbb-8d31-34499bd030b8" : { + "value" : "Audit" + }, + "modeRequirement-425bea59-a659-4cbb-8d31-34499bd030b8" : { + "value" : "Detection" + }, + "effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66" : { + "value" : "Audit" + }, + "effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c" : { + "value" : "Audit" + }, + "effect-013e242c-8828-4970-87b3-ab247555486d" : { + "value" : "AuditIfNotExists" + }, + "effect-d38fc420-0735-4ef3-ac11-c806f651a570" : { + "value" : "AuditIfNotExists" + }, + "effect-a1181c5f-672a-477a-979a-7d58aa086233" : { + "value" : "Audit" + }, + "effect-308fbb08-4ab8-4e67-9b29-592e93fb94fa" : { + "value" : "AuditIfNotExists" + }, + "effect-4da35fc9-c9e7-4960-aec9-797fe7d9051d" : { + "value" : "AuditIfNotExists" + }, + "effect-523b5cd1-3e23-492f-a539-13118b6d1e3a" : { + "value" : "AuditIfNotExists" + }, + "effect-7fe3b40f-802b-4cdd-8bd4-fd799c948cc2" : { + "value" : "AuditIfNotExists" + }, + "effect-c25d9a16-bc35-4e15-a7e5-9db606bf9ed4" : { + "value" : "AuditIfNotExists" + }, + "effect-b0f33259-77d7-4c9e-aac6-3aabcfae693c" : { + "value" : "AuditIfNotExists" + }, + "effect-037eea7a-bd0a-46c5-9a66-03aea78705d3" : { + "value" : "Audit" + }, + "effect-0725b4dd-7e76-479c-a735-68e7ee23d5ca" : { + "value" : "Audit" + }, + "effect-0820b7b9-23aa-4725-a1ce-ae4558f718e5" : { + "value" : "AuditIfNotExists" + }, + "effect-2c89a2e5-7285-40fe-afe0-ae8654b92fab" : { + "value" : "Audit" + }, + "effect-358c20a6-3f9e-4f0e-97ff-c6ce485e2aac" : { + "value" : "AuditIfNotExists" + }, + "effect-5744710e-cc2f-4ee8-8809-3b11e89f4bc9" : { + "value" : "AuditIfNotExists" + }, + "effect-ac4a19c2-fa67-49b4-8ae5-0b2e78c49457" : { + "value" : "Audit" + }, + "effect-c9d007d0-c057-4772-b18c-01e546713bcd" : { + "value" : "Audit" + }, + "effect-d0793b48-0edc-4296-a390-4c75d1bdfd71" : { + "value" : "Audit" + }, + "effect-e372f825-a257-4fb8-9175-797a8a8627d6" : { + "value" : "Audit" + }, + "effect-d158790f-bfb0-486c-8631-2dc6b4e8e6af" : { + "value" : "Audit" + }, + "effect-e802a67a-daf5-4436-9ea6-f6d821dd0c5d" : { + "value" : "Audit" + }, + "effect-a451c1ef-c6ca-483d-87ed-f49761e3ffb5" : { + "value" : "Audit" + }, + "effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftSql-servers-firewallRules-delete" : { + "value" : "AuditIfNotExists" + }, + "effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-delete" : { + "value" : "AuditIfNotExists" + }, + "effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftClassicNetwork-networkSecurityGroups-delete" : { + "value" : "AuditIfNotExists" + }, + "effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftNetwork-networkSecurityGroups-securityRules-delete" : { + "value" : "AuditIfNotExists" + }, + "effect-b954148f-4c11-4c38-8221-be76711e194a-MicrosoftClassicNetwork-networkSecurityGroups-securityRules-delete" : { + "value" : "AuditIfNotExists" + }, + "effect-ae89ebca-1c92-4898-ac2c-9f63decb045c" : { + "value" : "AuditIfNotExists" + }, + "effect-d26f7642-7545-4e18-9b75-8c9bbdee3a9a" : { + "value" : "AuditIfNotExists" + }, + "effect-1a4e592a-6a6e-44a5-9814-e36264ca96e7" : { + "value" : "AuditIfNotExists" + }, + "effect-7796937f-307b-4598-941c-67d3a05ebfe7" : { + "value" : "AuditIfNotExists" + }, + "effect-c5447c04-a4d7-4ba8-a263-c9ee321a6858" : { + "value" : "AuditIfNotExists" + }, + "effect-41388f1c-2db0-4c25-95b2-35d7f5ccbfa9" : { + "value" : "AuditIfNotExists" + }, + "effect-b02aacc0-b073-424e-8298-42b22829ee0a" : { + "value" : "AuditIfNotExists" + }, + "effect-057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9" : { + "value" : "AuditIfNotExists" + }, + "effect-0ec47710-77ff-4a3d-9181-6aa50af424d0" : { + "value" : "Audit" + }, + "effect-48af4db5-9b8b-401c-8e74-076be876a430" : { + "value" : "Audit" + }, + "effect-82339799-d096-41ae-8538-b108becf0970" : { + "value" : "Audit" + }, + "effect-1b7aa243-30e4-4c9e-bca8-d0d3022b634a" : { + "value" : "AuditIfNotExists" + }, + "effect-ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9" : { + "value" : "AuditIfNotExists" + }, + "effect-bb91dfba-c30d-4263-9add-9c2384e659a6" : { + "value" : "AuditIfNotExists" + }, + "effect-e71308d3-144b-4262-b144-efdc3cc90517" : { + "value" : "AuditIfNotExists" + }, + "effect-2bdd0062-9d75-436e-89df-487dd8e4b3c7" : { + "value" : "Disabled" + }, + "effect-4733ea7b-a883-42fe-8cac-97454c2a9e4a" : { + "value" : "Audit" + }, + "effect-67121cc7-ff39-4ab8-b7e3-95b84dab487d" : { + "value" : "Audit" + }, + "effect-6fac406b-40ca-413b-bf8e-0bf964659c25" : { + "value" : "Audit" + }, + "effect-81e74cea-30fd-40d5-802f-d72103c2aaaa" : { + "value" : "Audit" + }, + "effect-c349d81b-9985-44ae-a8da-ff98d108ede8" : { + "value" : "Audit" + }, + "effect-f4b53539-8df9-40e4-86c6-6b607703bd4e" : { + "value" : "Audit" + }, + "effect-ec068d99-e9c7-401f-8cef-5bdde4e6ccf1" : { + "value" : "Audit" + }, + "effect-048248b0-55cd-46da-b1ff-39efd52db260" : { + "value" : "AuditIfNotExists" + }, + "effect-0d134df8-db83-46fb-ad72-fe0c9428c8dd" : { + "value" : "AuditIfNotExists" + }, + "effect-2c89a2e5-7285-40fe-afe0-ae8654b92fb2" : { + "value" : "Audit" + }, + "effect-3657f5a0-770e-44a3-b44e-9431ba1e9735" : { + "value" : "Audit" + }, + "effect-5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580" : { + "value" : "Audit" + }, + "effect-617c02be-7f02-4efd-8836-3180d47b6c68" : { + "value" : "Audit" + }, + "effect-7d7be79c-23ba-4033-84dd-45e2a5ccdd67" : { + "value" : "Audit" + }, + "effect-87ba29ef-1ab3-4d82-b763-87fcd4f531f7" : { + "value" : "audit" + }, + "effect-f7d52b2d-e161-4dfa-a82b-55e564167385" : { + "value" : "Audit" + }, + "effect-c43e4a30-77cb-48ab-a4dd-93f175c63b57" : { + "value" : "AuditIfNotExists" + }, + "effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53" : { + "value" : "Audit" + }, + "effect-1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d" : { + "value" : "Audit" + }, + "effect-1f314764-cb73-4fc9-b863-8eca98ac36e9" : { + "value" : "AuditIfNotExists" + }, + "effect-123a3936-f020-408a-ba0c-47873faf1534" : { + "value" : "AuditIfNotExists" + } +} diff --git a/src/bicep/modules/policies/IL5-policyAssignmentParameters.json b/src/bicep/modules/policies/IL5-policyAssignmentParameters.json new file mode 100644 index 000000000..6306f2d6c --- /dev/null +++ b/src/bicep/modules/policies/IL5-policyAssignmentParameters.json @@ -0,0 +1,503 @@ +{ + "IncludeArcMachines" : { + "value" : "false" + }, + "NotAvailableMachineState-bed48b13-6647-468e-aa2f-1af1d3f4dd40" : { + "value" : "Compliant" + }, + "MinimumTLSVersionForWindowsServers" : { + "value" : "1.2" + }, + "requiredRetentionDays" : { + "value" : "365" + }, + "effect-febd0533-8e55-448f-b837-bd0e06f16469" : { + "value" : "audit" + }, + "allowedContainerImagesRegex-febd0533-8e55-448f-b837-bd0e06f16469" : { + "value" : "^(.+){0}$" + }, + "effect-95edb821-ddaf-4404-9732-666045e056b4" : { + "value" : "audit" + }, + "effect-440b515e-a580-421e-abeb-b159a61ddcbc" : { + "value" : "audit" + }, + "effect-233a2a17-77ca-4fb1-9b6b-69223d272a44" : { + "value" : "audit" + }, + "effect-e345eecc-fa47-480f-9e88-67dcc122b164" : { + "value" : "audit" + }, + "cpuLimit-e345eecc-fa47-480f-9e88-67dcc122b164" : { + "value" : "0" + }, + "memoryLimit-e345eecc-fa47-480f-9e88-67dcc122b164" : { + "value" : "0" + }, + "effect-f06ddb64-5fa3-4b77-b166-acb36f7f6042" : { + "value" : "audit" + }, + "runAsUserRule-f06ddb64-5fa3-4b77-b166-acb36f7f6042" : { + "value" : "MustRunAsNonRoot" + }, + "runAsGroupRule-f06ddb64-5fa3-4b77-b166-acb36f7f6042" : { + "value" : "RunAsAny" + }, + "supplementalGroupsRule-f06ddb64-5fa3-4b77-b166-acb36f7f6042" : { + "value" : "RunAsAny" + }, + "fsGroupRule-f06ddb64-5fa3-4b77-b166-acb36f7f6042" : { + "value" : "RunAsAny" + }, + "effect-1c6e92c9-99f0-4e55-9cf2-0c234dc48f99" : { + "value" : "audit" + }, + "effect-47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8" : { + "value" : "audit" + }, + "effect-df49d893-a74c-421d-bc95-c663042e5b80" : { + "value" : "audit" + }, + "effect-1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d" : { + "value" : "audit" + }, + "effect-c26596ff-4d70-4e6a-9a30-c2506bd2f80c" : { + "value" : "audit" + }, + "effect-511f5417-5d12-434d-ab2e-816901e72a5e" : { + "value" : "audit" + }, + "effect-82985f06-dc18-4a48-bc1c-b9f4f0098cfe" : { + "value" : "audit" + }, + "effect-098fc59e-46c7-4d99-9b16-64990e543d75" : { + "value" : "audit" + }, + "NetworkWatcherResourceGroupName" : { + "value" : "NetworkWatcherRG" + }, + "setting-a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9" : { + "value" : "enabled" + }, + "aadAuthenticationInServiceFabricMonitoringEffect" : { + "value" : "Audit" + }, + "effect-71ef260a-8f18-47b7-abcb-62d0673d94dc" : { + "value" : "Audit" + }, + "effect-055aa869-bc98-4af8-bafc-23f1ab6ffe2c" : { + "value" : "Audit" + }, + "effect-564feb30-bf6a-4854-b4bb-0d2d2d1e6c66" : { + "value" : "Audit" + }, + "effect-862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb" : { + "value" : "Audit" + }, + "effect-d9da03a1-f3c3-412a-9709-947156872263" : { + "value" : "Audit" + }, + "effect-617c02be-7f02-4efd-8836-3180d47b6c68" : { + "value" : "Audit" + }, + "effect-0b60c0b2-2dc2-4e1c-b5c9-abbed971de53" : { + "value" : "Audit" + }, + "effect-1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d" : { + "value" : "Audit" + }, + "effect-ec068d99-e9c7-401f-8cef-5bdde4e6ccf1" : { + "value" : "Audit" + }, + "effect-c349d81b-9985-44ae-a8da-ff98d108ede8" : { + "value" : "Audit" + }, + "effect-3657f5a0-770e-44a3-b44e-9431ba1e9735" : { + "value" : "Audit" + }, + "effect-b4ac1030-89c5-4697-8e00-28b5ba6a8811" : { + "value" : "audit" + }, + "effect-ea0dfaed-95fb-448c-934e-d6e713ce393d" : { + "value" : "audit" + }, + "effect-4733ea7b-a883-42fe-8cac-97454c2a9e4a" : { + "value" : "Audit" + }, + "effect-f4b53539-8df9-40e4-86c6-6b607703bd4e" : { + "value" : "Audit" + }, + "effect-41425d9f-d1a5-499a-9932-f8ed8453932c" : { + "value" : "Audit" + }, + "effect-fc4d8e41-e223-45ea-9bf5-eada37891d87" : { + "value" : "Audit" + }, + "effect-86efb160-8de7-451d-bc08-5d475b0aadae" : { + "value" : "Audit" + }, + "effect-4ec52d6d-beb7-40c4-9a9e-fe753254690e" : { + "value" : "Audit" + }, + "effect-64d314f6-6062-4780-a861-c23e8951bee5" : { + "value" : "Audit" + }, + "effect-1fd32ebd-e4c3-4e13-a54a-d7422d4d95f6" : { + "value" : "Audit" + }, + "effect-fa298e57-9444-42ba-bf04-86e8470e32c7" : { + "value" : "audit" + }, + "effect-67121cc7-ff39-4ab8-b7e3-95b84dab487d" : { + "value" : "Audit" + }, + "effect-1f905d99-2ab7-462c-a6b0-f709acca6c8f" : { + "value" : "audit" + }, + "effect-5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580" : { + "value" : "Audit" + }, + "effect-ba769a63-b8cc-4b2d-abf6-ac33c7204be8" : { + "value" : "Audit" + }, + "effect-81e74cea-30fd-40d5-802f-d72103c2aaaa" : { + "value" : "Audit" + }, + "effect-0aa61e00-0a01-4a3c-9945-e93cffedf0e6" : { + "value" : "Audit" + }, + "effect-47031206-ce96-41f8-861b-6a915f3de284" : { + "value" : "Audit" + }, + "effect-87ba29ef-1ab3-4d82-b763-87fcd4f531f7" : { + "value" : "audit" + }, + "effect-51522a96-0869-4791-82f3-981000c2c67f" : { + "value" : "audit" + }, + "effect-b5ec538c-daa0-4006-8596-35468b9148e8" : { + "value" : "Audit" + }, + "effect-56a5ee18-2ae6-4810-86f7-18e39ce5629b" : { + "value" : "Audit" + }, + "effect-2e94d99a-8a36-4563-bc77-810d8893b671" : { + "value" : "Audit" + }, + "effect-1fafeaf6-7927-4059-a50a-8eb2a7a6f2b5" : { + "value" : "Audit" + }, + "effect-99e9ccd8-3db9-4592-b0d1-14b1715a4d8a" : { + "value" : "Audit" + }, + "effect-1f68a601-6e6d-4e42-babf-3f643a047ea2" : { + "value" : "audit" + }, + "effect-f7d52b2d-e161-4dfa-a82b-55e564167385" : { + "value" : "Audit" + }, + "effect-7d7be79c-23ba-4033-84dd-45e2a5ccdd67" : { + "value" : "Audit" + }, + "effect-ca91455f-eace-4f96-be59-e6e2c35b4816" : { + "value" : "Audit" + }, + "effect-702dd420-7fcc-42c5-afe8-4026edd20fe0" : { + "value" : "Audit" + }, + "diagnosticsLogsInRedisCacheMonitoringEffect" : { + "value" : "Audit" + }, + "secureTransferToStorageAccountMonitoringEffect" : { + "value" : "Audit" + }, + "effect-d0793b48-0edc-4296-a390-4c75d1bdfd71" : { + "value" : "Audit" + }, + "effect-7d092e0a-7acd-40d2-a975-dca21cae48c4" : { + "value" : "Audit" + }, + "effect-2a1a9cdf-e04d-429a-8416-3bfb72a1b26f" : { + "value" : "Audit" + }, + "disableUnrestrictedNetworkToStorageAccountMonitoringEffect" : { + "value" : "Audit" + }, + "effect-55615ac9-af46-4a59-874e-391cc3dfb490" : { + "value" : "Audit" + }, + "effect-1b8ca024-1d5c-4dec-8995-b1a932b41780" : { + "value" : "Audit" + }, + "effect-037eea7a-bd0a-46c5-9a66-03aea78705d3" : { + "value" : "Audit" + }, + "effect-53503636-bcc9-4748-9663-5348217f160f" : { + "value" : "Audit" + }, + "effect-40cec1dd-a100-4920-b15b-3024fe8901ab" : { + "value" : "Audit" + }, + "effect-0725b4dd-7e76-479c-a735-68e7ee23d5ca" : { + "value" : "Audit" + }, + "effect-a049bf77-880b-470f-ba6d-9f21c530cf83" : { + "value" : "Audit" + }, + "effect-ee980b6d-0eca-4501-8d54-f6290fd512c3" : { + "value" : "Audit" + }, + "effect-1d84d5fb-01f6-4d12-ba4f-4a26081d403d" : { + "value" : "Audit" + }, + "effect-37e0d2fe-28a5-43d6-a273-67d37d1f5606" : { + "value" : "Audit" + }, + "identityDesignateMoreThanOneOwnerMonitoringEffect" : { + "value" : "AuditIfNotExists" + }, + "diskEncryptionMonitoringEffect" : { + "value" : "AuditIfNotExists" + }, + "emailNotificationToSubscriptionOwnerHighSeverityAlertsEnabledEffect" : { + "value" : "AuditIfNotExists" + }, + "functionAppDisableRemoteDebuggingMonitoringEffect" : { + "value" : "AuditIfNotExists" + }, + "sqlDbEncryptionMonitoringEffect" : { + "value" : "AuditIfNotExists" + }, + "vulnerabilityAssessmentOnManagedInstanceMonitoringEffect" : { + "value" : "AuditIfNotExists" + }, + "ensurePHPVersionLatestForAPIAppEffect" : { + "value" : "AuditIfNotExists" + }, + "aadAuthenticationInSqlServerMonitoringEffect" : { + "value" : "AuditIfNotExists" + }, + "vmssEndpointProtectionMonitoringEffect" : { + "value" : "AuditIfNotExists" + }, + "vmssOsVulnerabilitiesMonitoringEffect" : { + "value" : "AuditIfNotExists" + }, + "adaptiveApplicationControlsMonitoringEffect" : { + "value" : "AuditIfNotExists" + }, + "geoRedundantBackupShouldBeEnabledForAzureDatabaseForPostgreSQLEffect" : { + "value" : "Audit" + }, + "ensureJavaVersionLatestForWebAppEffect" : { + "value" : "AuditIfNotExists" + }, + "identityDesignateLessThanOwnersMonitoringEffect" : { + "value" : "AuditIfNotExists" + }, + "securityContactEmailAddressForSubscriptionEffect" : { + "value" : "AuditIfNotExists" + }, + "webAppRestrictCORSAccessMonitoringEffect" : { + "value" : "AuditIfNotExists" + }, + "identityRemoveExternalAccountWithWritePermissionsMonitoringEffect" : { + "value" : "AuditIfNotExists" + }, + "identityRemoveExternalAccountWithReadPermissionsMonitoringEffect" : { + "value" : "AuditIfNotExists" + }, + "identityRemoveDeprecatedAccountMonitoringEffect" : { + "value" : "AuditIfNotExists" + }, + "functionAppEnforceHttpsMonitoringEffect" : { + "value" : "Audit" + }, + "ensurePythonVersionLatestForWebAppEffect" : { + "value" : "AuditIfNotExists" + }, + "ensurePythonVersionLatestForFunctionAppEffect" : { + "value" : "AuditIfNotExists" + }, + "ensurePHPVersionLatestForWebAppEffect" : { + "value" : "AuditIfNotExists" + }, + "ensurePythonVersionLatestForAPIAppEffect" : { + "value" : "AuditIfNotExists" + }, + "geoRedundantBackupShouldBeEnabledForAzureDatabaseForMySQLEffect" : { + "value" : "Audit" + }, + "systemUpdatesMonitoringEffect" : { + "value" : "AuditIfNotExists" + }, + "ensureJavaVersionLatestForAPIAppEffect" : { + "value" : "AuditIfNotExists" + }, + "ensureHTTPVersionLatestForWebAppEffect" : { + "value" : "AuditIfNotExists" + }, + "apiAppRequireLatestTlsMonitoringEffect" : { + "value" : "AuditIfNotExists" + }, + "identityEnableMFAForWritePermissionsMonitoringEffect" : { + "value" : "AuditIfNotExists" + }, + "ensureHTTPVersionLatestForAPIAppEffect" : { + "value" : "AuditIfNotExists" + }, + "ensureJavaVersionLatestForFunctionAppEffect" : { + "value" : "AuditIfNotExists" + }, + "nextGenerationFirewallMonitoringEffect" : { + "value" : "AuditIfNotExists" + }, + "useRbacRulesMonitoringEffect" : { + "value" : "Audit" + }, + "webAppEnforceHttpsMonitoringEffect" : { + "value" : "Audit" + }, + "sqlServerAuditingMonitoringEffect" : { + "value" : "AuditIfNotExists" + }, + "vnetEnableDDoSProtectionMonitoringEffect" : { + "value" : "AuditIfNotExists" + }, + "identityEnableMFAForOwnerPermissionsMonitoringEffect" : { + "value" : "AuditIfNotExists" + }, + "sqlServerAdvancedDataSecurityMonitoringEffect" : { + "value" : "AuditIfNotExists" + }, + "sqlManagedInstanceAdvancedDataSecurityMonitoringEffect" : { + "value" : "AuditIfNotExists" + }, + "endpointProtectionMonitoringEffect" : { + "value" : "AuditIfNotExists" + }, + "jitNetworkAccessMonitoringEffect" : { + "value" : "AuditIfNotExists" + }, + "apiAppEnforceHttpsMonitoringEffect" : { + "value" : "Audit" + }, + "geoRedundantStorageShouldBeEnabledForStorageAccountsEffect" : { + "value" : "Audit" + }, + "vmssSystemUpdatesMonitoringEffect" : { + "value" : "AuditIfNotExists" + }, + "webAppDisableRemoteDebuggingMonitoringEffect" : { + "value" : "AuditIfNotExists" + }, + "longtermGeoRedundantBackupEnabledAzureSQLDatabasesEffect" : { + "value" : "AuditIfNotExists" + }, + "systemConfigurationsMonitoringEffect" : { + "value" : "AuditIfNotExists" + }, + "ensureHTTPVersionLatestForFunctionAppEffect" : { + "value" : "AuditIfNotExists" + }, + "identityEnableMFAForReadPermissionsMonitoringEffect" : { + "value" : "AuditIfNotExists" + }, + "containerBenchmarkMonitoringEffect" : { + "value" : "AuditIfNotExists" + }, + "apiAppDisableRemoteDebuggingMonitoringEffect" : { + "value" : "AuditIfNotExists" + }, + "identityRemoveDeprecatedAccountWithOwnerPermissionsMonitoringEffect" : { + "value" : "AuditIfNotExists" + }, + "vulnerabilityAssessmentOnServerMonitoringEffect" : { + "value" : "AuditIfNotExists" + }, + "webAppRequireLatestTlsMonitoringEffect" : { + "value" : "AuditIfNotExists" + }, + "identityRemoveExternalAccountWithOwnerPermissionsMonitoringEffect" : { + "value" : "AuditIfNotExists" + }, + "functionAppRequireLatestTlsMonitoringEffect" : { + "value" : "AuditIfNotExists" + }, + "kubernetesServiceVersionUpToDateMonitoringEffect" : { + "value" : "Audit" + }, + "sqlDbVulnerabilityAssesmentMonitoringEffect" : { + "value" : "AuditIfNotExists" + }, + "membersToIncludeInLocalAdministratorsGroup" : { + "value" : "" + }, + "membersToExcludeInLocalAdministratorsGroup" : { + "value" : "" + }, + "logAnalyticsWorkspaceIDForVMAgents" : { + "value" : "" + }, + "PHPLatestVersionForAppServices" : { + "value" : "7.4" + }, + "JavaLatestVersionForAppServices" : { + "value" : "11" + }, + "WindowsPythonLatestVersionForAppServices" : { + "value" : "3.6" + }, + "LinuxPythonLatestVersionForAppServices" : { + "value" : "3.9" + }, + "ensureDotNetFrameworkLatestForFunctionAppEffect" : { + "value" : "Disabled" + }, + "sqlManagedInstanceAdvancedDataSecurityEmailsMonitoringEffect" : { + "value" : "Disabled" + }, + "vulnerabilityAssessmentMonitoringEffect" : { + "value" : "Disabled" + }, + "ensureDotNetFrameworkLatestForWebAppEffect" : { + "value" : "Disabled" + }, + "sqlServerAdvancedDataSecurityEmailsMonitoringEffect" : { + "value" : "Disabled" + }, + "microsoftIaaSAntimalwareExtensionShouldBeDeployedOnWindowsServersEffect" : { + "value" : "Disabled" + }, + "securityCenterStandardPricingTierShouldBeSelectedEffect" : { + "value" : "Audit" + }, + "theLogAnalyticsAgentShouldBeInstalledOnVirtualMachinesEffect" : { + "value" : "Disabled" + }, + "ensurePHPVersionLatestForFunctionAppEffect" : { + "value" : "Disabled" + }, + "sqlManagedInstanceAdvancedDataSecurityEmailAdminsMonitoringEffect" : { + "value" : "Disabled" + }, + "securityContactPhoneNumberShouldBeProvidedForSubscriptionEffect" : { + "value" : "Disabled" + }, + "threatDetectionTypesOnManagedInstanceMonitoringEffect" : { + "value" : "Disabled" + }, + "ensureDotNetFrameworkLatestForAPIAppEffect" : { + "value" : "Disabled" + }, + "sqlServerAdvancedDataSecurityEmailAdminsMonitoringEffect" : { + "value" : "Disabled" + }, + "threatDetectionTypesOnServerMonitoringEffect" : { + "value" : "Disabled" + }, + "theLogAnalyticsAgentShouldBeInstalledOnVirtualMachineScaleSetsEffect" : { + "value" : "AuditIfNotExists" + } +} \ No newline at end of file diff --git a/src/bicep/modules/policies/NIST-policyAssignmentParameters.json b/src/bicep/modules/policies/NIST-policyAssignmentParameters.json new file mode 100644 index 000000000..cd7394726 --- /dev/null +++ b/src/bicep/modules/policies/NIST-policyAssignmentParameters.json @@ -0,0 +1,34 @@ + { + "listOfMembersToExcludeFromWindowsVMAdministratorsGroup": + { + "value": "admin" + }, + "listOfMembersToIncludeInWindowsVMAdministratorsGroup": + { + "value": "azureuser" + }, + "logAnalyticsWorkspaceIdforVMReporting": + { + "value": "" + }, + "IncludeArcMachines": + { + "value": "true" + }, + "MinimumTLSVersion-5752e6d6-1206-46d8-8ab1-ecc2f71a8112": + { + "value": "1.2" + }, + "NotAvailableMachineState-bed48b13-6647-468e-aa2f-1af1d3f4dd40": + { + "value": "Compliant" + }, + "requiredRetentionDays": + { + "value": "365" + }, + "resourceGroupName-b6e2945c-0b7b-40f5-9233-7a5323b5cdc6": + { + "value": "NetworkWatcherRG" + } + } \ No newline at end of file diff --git a/src/bicep/modules/policyAssignment.bicep b/src/bicep/modules/policyAssignment.bicep new file mode 100644 index 000000000..73e95cde3 --- /dev/null +++ b/src/bicep/modules/policyAssignment.bicep @@ -0,0 +1,40 @@ +param builtInAssignment string = '' +param logAnalyticsWorkspaceName string +param logAnalyticsWorkspaceResourceGroupName string +param operationsSubscriptionId string + +// Creating a symbolic name for an existing resource +resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2021-06-01' existing = { + name: logAnalyticsWorkspaceName + scope: resourceGroup(operationsSubscriptionId, logAnalyticsWorkspaceResourceGroupName) +} + +var policyDefinitionID = { + NIST: { + id: '/providers/Microsoft.Authorization/policySetDefinitions/cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f' + parameters: json(replace(loadTextContent('policies/NIST-policyAssignmentParameters.json'),'', logAnalyticsWorkspace.id)) + } + IL5: { + id: '/providers/Microsoft.Authorization/policySetDefinitions/f9a961fa-3241-4b20-adc4-bbf8ad9d7197' + parameters: json(replace(loadTextContent('policies/IL5-policyAssignmentParameters.json'),'', logAnalyticsWorkspace.id)) + } + CMMC: { + id: '/providers/Microsoft.Authorization/policySetDefinitions/b5629c75-5c77-4422-87b9-2509e680f8de' + parameters: json(replace(loadTextContent('policies/CMMC-policyAssignmentParameters.json'),'', logAnalyticsWorkspace.properties.customerId)) + } +} + +var modifiedAssignment = ( environment().name =~ 'AzureCloud' && builtInAssignment =~ 'IL5' ? 'NIST' : builtInAssignment ) +var assignmentName = '${modifiedAssignment} ${resourceGroup().name}' + +resource assignment 'Microsoft.Authorization/policyAssignments@2020-09-01' = if (!empty(modifiedAssignment)){ + name: assignmentName + location: resourceGroup().location + properties: { + policyDefinitionId: policyDefinitionID[modifiedAssignment].id + parameters: policyDefinitionID[modifiedAssignment].parameters + } + identity: { + type: 'SystemAssigned' + } +} diff --git a/src/bicep/modules/remoteAccess.bicep b/src/bicep/modules/remoteAccess.bicep new file mode 100644 index 000000000..00f5c3b5a --- /dev/null +++ b/src/bicep/modules/remoteAccess.bicep @@ -0,0 +1,97 @@ +param location string +param tags object = {} + +param hubVirtualNetworkName string +param hubSubnetResourceId string +param hubNetworkSecurityGroupResourceId string + +param bastionHostName string +param bastionHostSubnetAddressPrefix string +param bastionHostPublicIPAddressName string +param bastionHostPublicIPAddressSkuName string +param bastionHostPublicIPAddressAllocationMethod string +param bastionHostPublicIPAddressAvailabilityZones array +param bastionHostIPConfigurationName string + +param linuxVmName string +param linuxVmSize string +param linuxVmOsDiskCreateOption string +param linuxVmOsDiskType string +param linuxVmImagePublisher string +param linuxVmImageOffer string +param linuxVmImageSku string +param linuxVmImageVersion string +param linuxVmAdminUsername string + +@allowed([ + 'sshPublicKey' + 'password' +]) +param linuxVmAuthenticationType string +@secure() +param linuxVmAdminPasswordOrKey string + +param linuxVmNetworkInterfaceName string +param linuxNetworkInterfaceIpConfigurationName string +param linuxNetworkInterfacePrivateIPAddressAllocationMethod string + +resource hubVirtualNetwork 'Microsoft.Network/virtualNetworks@2021-02-01' existing = { + name: hubVirtualNetworkName +} + +module bastionHost './bastionHost.bicep' = { + name: 'remoteAccess-bastionHost' + + params: { + name: bastionHostName + location: location + tags: tags + + virtualNetworkName: hubVirtualNetwork.name + subnetAddressPrefix: bastionHostSubnetAddressPrefix + publicIPAddressName: bastionHostPublicIPAddressName + publicIPAddressSkuName: bastionHostPublicIPAddressSkuName + publicIPAddressAllocationMethod: bastionHostPublicIPAddressAllocationMethod + publicIPAddressAvailabilityZones: bastionHostPublicIPAddressAvailabilityZones + ipConfigurationName: bastionHostIPConfigurationName + } +} + +module linuxNetworkInterface './networkInterface.bicep' = { + name: 'remoteAccess-linuxNetworkInterface' + params: { + name: linuxVmNetworkInterfaceName + location: location + tags: tags + + ipConfigurationName: linuxNetworkInterfaceIpConfigurationName + networkSecurityGroupId: hubNetworkSecurityGroupResourceId + privateIPAddressAllocationMethod: linuxNetworkInterfacePrivateIPAddressAllocationMethod + subnetId: hubSubnetResourceId + } +} + +module linuxVirtualMachine './linuxVirtualMachine.bicep' = { + name: 'remoteAccess-linuxVirtualMachine' + params: { + name: linuxVmName + location: location + tags: tags + + vmSize: linuxVmSize + + osDiskCreateOption: linuxVmOsDiskCreateOption + osDiskType: linuxVmOsDiskType + + vmImagePublisher: linuxVmImagePublisher + vmImageOffer: linuxVmImageOffer + vmImageSku: linuxVmImageSku + vmImageVersion: linuxVmImageVersion + + adminUsername: linuxVmAdminUsername + authenticationType: linuxVmAuthenticationType + adminPasswordOrKey: linuxVmAdminPasswordOrKey + + networkInterfaceName: linuxNetworkInterface.outputs.name + } +} diff --git a/src/bicep/modules/sentinelSolution.bicep b/src/bicep/modules/sentinelSolution.bicep new file mode 100644 index 000000000..b01a6afef --- /dev/null +++ b/src/bicep/modules/sentinelSolution.bicep @@ -0,0 +1,22 @@ +param workspaceName string +param workspaceLocation string +param tags object = {} + +resource workspace 'Microsoft.OperationalInsights/workspaces@2020-08-01' existing = { + name: workspaceName +} + +resource sentinelSolution 'Microsoft.OperationsManagement/solutions@2015-11-01-preview'= { + name: 'SecurityInsights(${workspace.name})' + location: workspaceLocation + tags:tags + properties: { + workspaceResourceId: workspace.id + } + plan: { + name: 'SecurityInsights(${workspace.name})' + publisher: 'Microsoft' + product: 'OMSGallery/SecurityInsights' + promotionCode: '' + } +} diff --git a/src/docs/terraform/deployment.md b/src/docs/terraform/deployment.md index d923a259b..4fcb86035 100644 --- a/src/docs/terraform/deployment.md +++ b/src/docs/terraform/deployment.md @@ -127,6 +127,36 @@ The development container definition downloads the required Terraform plugin pro See the development container [README](/.devcontainer/README.md) for more details on building and running the container. +## Terraform Backends + +The default templates write a state file directly to disk locally to where you are executing terraform from. If you wish to change the output directory you can set the path directly in the terraform backend block located in the main.tf file via the path variable in the backend configuration block. + +```terraform +terraform { + backend "local" { + path = "relative/path/to/terraform.tfstate" + } + + required_version = ">= 1.0.3" + required_providers { + azurerm = { + source = "hashicorp/azurerm" + version = "= 2.71.0" + } + random = { + source = "hashicorp/random" + version = "= 3.1.0" + } + time = { + source = "hashicorp/time" + version = "0.7.2" + } + } +} +``` + +To find more information about setting the backend see [Local Backend](https://www.terraform.io/docs/language/settings/backends/local.html), if you wish to AzureRM backend please see [AzureRM Backend](https://www.terraform.io/docs/language/settings/backends/azurerm.html) + ## Deploying to Other Clouds The `azurerm` Terraform provider provides a mechanism for changing the Azure cloud in which to deploy Terraform modules. diff --git a/src/mlz.config.sample b/src/mlz.config.sample index 39f85d24c..0c233d802 100644 --- a/src/mlz.config.sample +++ b/src/mlz.config.sample @@ -5,7 +5,6 @@ tf_environment="{TF_ENVIRONMENT}" # https://www.terraform.io/docs/language/setti mlz_env_name="{MLZ_ENV_NAME}" # Unique name for MLZ environment mlz_config_subid="{MLZ_CONFIG_SUBID}" # Subscription ID for MissionLZ configuration resources mlz_config_location="{MLZ_CONFIG_LOCATION}" # Azure Region for deploying Mission LZ configuration resources -mlz_tenantid="{MLZ_TENANTID}" mlz_tier0_subid="{MLZ_TIER0_SUBID}" mlz_tier1_subid="{MLZ_TIER1_SUBID}" mlz_tier2_subid="{MLZ_TIER2_SUBID}" diff --git a/src/terraform/mlz/main.tf b/src/terraform/mlz/main.tf index e6aeec329..4c7ec6998 100644 --- a/src/terraform/mlz/main.tf +++ b/src/terraform/mlz/main.tf @@ -1,7 +1,7 @@ # Copyright (c) Microsoft Corporation. # Licensed under the MIT License. terraform { - backend "azurerm" {} + backend "local" {} required_version = "= 1.0.3" required_providers { @@ -23,10 +23,7 @@ terraform { provider "azurerm" { environment = var.tf_environment metadata_host = var.mlz_metadatahost - tenant_id = var.mlz_tenantid subscription_id = var.hub_subid - client_id = var.mlz_clientid - client_secret = var.mlz_clientsecret features { log_analytics_workspace { @@ -42,10 +39,7 @@ provider "azurerm" { alias = "hub" environment = var.tf_environment metadata_host = var.mlz_metadatahost - tenant_id = var.mlz_tenantid subscription_id = var.hub_subid - client_id = var.mlz_clientid - client_secret = var.mlz_clientsecret features { log_analytics_workspace { @@ -61,10 +55,7 @@ provider "azurerm" { alias = "tier0" environment = var.tf_environment metadata_host = var.mlz_metadatahost - tenant_id = var.mlz_tenantid subscription_id = var.tier0_subid - client_id = var.mlz_clientid - client_secret = var.mlz_clientsecret features { log_analytics_workspace { @@ -80,10 +71,7 @@ provider "azurerm" { alias = "tier1" environment = var.tf_environment metadata_host = var.mlz_metadatahost - tenant_id = var.mlz_tenantid subscription_id = var.tier1_subid - client_id = var.mlz_clientid - client_secret = var.mlz_clientsecret features { log_analytics_workspace { @@ -99,10 +87,7 @@ provider "azurerm" { alias = "tier2" environment = var.tf_environment metadata_host = var.mlz_metadatahost - tenant_id = var.mlz_tenantid subscription_id = var.tier2_subid - client_id = var.mlz_clientid - client_secret = var.mlz_clientsecret features { log_analytics_workspace { @@ -205,8 +190,8 @@ resource "azurerm_log_analytics_workspace" "laws" { } resource "azurerm_log_analytics_solution" "laws_sentinel" { - provider = azurerm.tier1 - count = var.create_sentinel ? 1 : 0 + provider = azurerm.tier1 + count = var.create_sentinel ? 1 : 0 solution_name = "SecurityInsights" location = azurerm_resource_group.tier1.location @@ -492,7 +477,6 @@ module "jumpbox" { location = var.mlz_location keyvault_name = var.jumpbox_keyvault_name - tenant_id = var.mlz_tenantid object_id = var.mlz_objectid windows_name = var.jumpbox_windows_vm_name diff --git a/src/terraform/mlz/minimum.tfvars.sample b/src/terraform/mlz/minimum.tfvars.sample index 844ba7b05..501dee6aa 100644 --- a/src/terraform/mlz/minimum.tfvars.sample +++ b/src/terraform/mlz/minimum.tfvars.sample @@ -1,10 +1,7 @@ tf_environment = "" deploymentname = "" -mlz_tenantid = "" mlz_location = "" mlz_metadatahost = "" -mlz_clientid = "" -mlz_clientsecret = "" mlz_objectid = "" hub_subid = "" diff --git a/src/terraform/mlz/mlz.tfvars.sample b/src/terraform/mlz/mlz.tfvars.sample index a4f2d048d..5f9920f2a 100644 --- a/src/terraform/mlz/mlz.tfvars.sample +++ b/src/terraform/mlz/mlz.tfvars.sample @@ -7,11 +7,8 @@ tf_environment ="{TF_ENVIRONMENT}" deploymentname ="{DEPLOYMENTNAME}" -mlz_tenantid ="{MLZ_TENANTID}" mlz_location ="{MLZ_LOCATION}" mlz_metadatahost ="{MLZ_METADATAHOST}" -mlz_clientid ="{MLZ_CLIENTID}" -mlz_clientsecret ="{MLZ_CLIENTSECRET}" mlz_objectid ="{MLZ_OBJECTID}" ################################# diff --git a/src/terraform/mlz/variables.tf b/src/terraform/mlz/variables.tf index 17aa7e9a6..0a128bbbb 100644 --- a/src/terraform/mlz/variables.tf +++ b/src/terraform/mlz/variables.tf @@ -13,10 +13,6 @@ variable "deploymentname" { description = "A name for the deployment" } -variable "mlz_tenantid" { - description = "The Azure tenant for the deployment" -} - variable "mlz_location" { description = "The Azure region for most Mission LZ resources" } @@ -25,14 +21,6 @@ variable "mlz_metadatahost" { description = "The metadata host for the Azure Cloud e.g. management.azure.com" } -variable "mlz_clientid" { - description = "The account to deploy with" -} - -variable "mlz_clientsecret" { - description = "The account to deploy with" -} - variable "mlz_objectid" { description = "The account to deploy with" } diff --git a/src/terraform/tier3/main.tf b/src/terraform/tier3/main.tf index 26dbdb9e2..f85ec2fb7 100644 --- a/src/terraform/tier3/main.tf +++ b/src/terraform/tier3/main.tf @@ -1,7 +1,8 @@ # Copyright (c) Microsoft Corporation. # Licensed under the MIT License. terraform { - backend "azurerm" {} + backend "local" {} + required_version = "= 1.0.3" required_providers { azurerm = { @@ -14,10 +15,7 @@ terraform { provider "azurerm" { environment = var.tf_environment metadata_host = var.mlz_metadatahost - tenant_id = var.mlz_tenantid subscription_id = var.hub_subid - client_id = var.mlz_clientid - client_secret = var.mlz_clientsecret features { log_analytics_workspace { @@ -33,10 +31,7 @@ provider "azurerm" { alias = "hub" environment = var.tf_environment metadata_host = var.mlz_metadatahost - tenant_id = var.mlz_tenantid subscription_id = var.hub_subid - client_id = var.mlz_clientid - client_secret = var.mlz_clientsecret features { log_analytics_workspace { @@ -52,10 +47,7 @@ provider "azurerm" { alias = "tier1" environment = var.tf_environment metadata_host = var.mlz_metadatahost - tenant_id = var.mlz_tenantid subscription_id = var.tier1_subid - client_id = var.mlz_clientid - client_secret = var.mlz_clientsecret features { log_analytics_workspace { @@ -71,10 +63,7 @@ provider "azurerm" { alias = "tier3" environment = var.tf_environment metadata_host = var.mlz_metadatahost - tenant_id = var.mlz_tenantid subscription_id = var.tier3_subid - client_id = var.mlz_clientid - client_secret = var.mlz_clientsecret features { log_analytics_workspace { diff --git a/src/terraform/tier3/minimum.tfvars.sample b/src/terraform/tier3/minimum.tfvars.sample index c4ab5490c..2abc2498e 100644 --- a/src/terraform/tier3/minimum.tfvars.sample +++ b/src/terraform/tier3/minimum.tfvars.sample @@ -1,10 +1,8 @@ tf_environment = "" deploymentname = "" -mlz_tenantid = "" mlz_location = "" mlz_metadatahost = "" -mlz_clientid = "" -mlz_clientsecret = "" + hub_subid = "" hub_rgname = "" diff --git a/src/terraform/tier3/tier3.tfvars.sample b/src/terraform/tier3/tier3.tfvars.sample index ba90190e7..eaf43bbf1 100644 --- a/src/terraform/tier3/tier3.tfvars.sample +++ b/src/terraform/tier3/tier3.tfvars.sample @@ -7,11 +7,8 @@ tf_environment = "{TF_ENVIRONMENT}" deploymentname = "{DEPLOYMENTNAME}" -mlz_tenantid = "{MLZ_TENANTID}" mlz_location = "{MLZ_LOCATION}" mlz_metadatahost = "{MLZ_METADATAHOST}" -mlz_clientid = "{MLZ_CLIENTID}" -mlz_clientsecret = "{MLZ_CLIENTSECRET}" mlz_objectid = "{MLZ_OBJECTID}" ################################# diff --git a/src/terraform/tier3/variables.tf b/src/terraform/tier3/variables.tf index 8a5240a74..568fe611c 100644 --- a/src/terraform/tier3/variables.tf +++ b/src/terraform/tier3/variables.tf @@ -12,10 +12,6 @@ variable "deploymentname" { description = "A name for the deployment" } -variable "mlz_tenantid" { - description = "The Azure tenant for the deployment" -} - variable "mlz_location" { description = "The Azure region for most Mission LZ resources" } @@ -24,14 +20,6 @@ variable "mlz_metadatahost" { description = "The metadata host for the Azure Cloud e.g. management.azure.com" } -variable "mlz_clientid" { - description = "The account to deploy with" -} - -variable "mlz_clientsecret" { - description = "The account to deploy with" -} - variable "mlz_objectid" { description = "The account to deploy with" }