Built-in Policy Release 402c3140 (#1332)

Co-authored-by: Azure Policy Bot <azgovpolicy@microsoft.com>
Azure · Jun 6, 2024 · 14a820c · 14a820c
1 parent 5db8926
commit 14a820c
Show file tree

Hide file tree

Showing 58 changed files with 2,441 additions and 1,244 deletions.
diff --git a/...yDefinitions/Azure Government/Kubernetes/ASC_Azure_Defender_AKS_SecurityProfile_DINE.json b/...yDefinitions/Azure Government/Kubernetes/ASC_Azure_Defender_AKS_SecurityProfile_DINE.json
@@ -5,10 +5,10 @@
     "mode": "Indexed",
     "description": "Microsoft Defender for Containers provides cloud-native Kubernetes security capabilities including environment hardening, workload protection, and run-time protection. When you enable the SecurityProfile.Defender on your Azure Kubernetes Service cluster, an agent is deployed to your cluster to collect security event data. Learn more about Microsoft Defender for Containers: https://docs.microsoft.com/azure/defender-for-cloud/defender-for-containers-introduction?tabs=defender-for-container-arch-aks.",
     "metadata": {
-      "version": "4.1.0",
+      "version": "4.2.0",
       "category": "Kubernetes"
     },
-    "version": "4.1.0",
+    "version": "4.2.0",
     "parameters": {
       "effect": {
         "type": "String",
@@ -91,7 +91,8 @@
                 "variables": {
                   "locationLongNameToShortMap": {
                     "usgovvirginia": "USGV",
-                    "usgovarizona": "USGA"
+                    "usgovarizona": "USGA",
+                    "usgovtexas": "SN"
                   },
                   "alternativeLocation": {
                     "usgovtexas": "usgovarizona"
@@ -249,6 +250,7 @@
       }
     },
     "versions": [
+      "4.2.0",
       "4.1.0"
     ]
   },

diff --git a/...icyDefinitions/Azure Update Manager/AzUpdateMgmtCenter_CustomerManagedSchedules_DINE.json b/...icyDefinitions/Azure Update Manager/AzUpdateMgmtCenter_CustomerManagedSchedules_DINE.json
diff --git a/...ies/policyDefinitions/Azure Update Manager/AzUpdateMgmtCenter_ScheduledPatching_DINE.json b/...ies/policyDefinitions/Azure Update Manager/AzUpdateMgmtCenter_ScheduledPatching_DINE.json
diff --git a/built-in-policies/policyDefinitions/Cosmos DB/Cosmos_NetworkRulesExist_Audit.json b/built-in-policies/policyDefinitions/Cosmos DB/Cosmos_NetworkRulesExist_Audit.json
@@ -5,10 +5,10 @@
     "mode": "All",
     "description": "Firewall rules should be defined on your Azure Cosmos DB accounts to prevent traffic from unauthorized sources. Accounts that have at least one IP rule defined with the virtual network filter enabled are deemed compliant. Accounts disabling public access are also deemed compliant.",
     "metadata": {
-      "version": "2.0.0",
+      "version": "2.1.0",
       "category": "Cosmos DB"
     },
-    "version": "2.0.0",
+    "version": "2.1.0",
     "parameters": {
       "effect": {
         "type": "String",
@@ -82,6 +82,20 @@
                     "equals": ""
                   }
                 ]
+              },
+              {
+                "anyOf": [
+                  {
+                    "count": {
+                      "field": "Microsoft.DocumentDB/databaseAccounts/privateEndpointConnections[*]",
+                      "where": {
+                        "field": "Microsoft.DocumentDB/databaseAccounts/privateEndpointConnections[*].privateLinkServiceConnectionState.status",
+                        "equals": "Approved"
+                      }
+                    },
+                    "less": 1
+                  }
+                ]
               }
             ]
           }
@@ -92,6 +106,7 @@
       }
     },
     "versions": [
+      "2.1.0",
       "2.0.0"
     ]
   },