diff --git a/built-in-policies/policyDefinitions/Azure Government/Security Center/MDC_DfSQL_AMA_DefaultPipeline_Arc.json b/built-in-policies/policyDefinitions/Azure Government/Security Center/MDC_DfSQL_AMA_DefaultPipeline_Arc.json index f5a048194..b10041e29 100644 --- a/built-in-policies/policyDefinitions/Azure Government/Security Center/MDC_DfSQL_AMA_DefaultPipeline_Arc.json +++ b/built-in-policies/policyDefinitions/Azure Government/Security Center/MDC_DfSQL_AMA_DefaultPipeline_Arc.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "mode": "Indexed", "description": "Microsoft Defender for SQL collects events from the agent and uses them to provide security alerts and tailored hardening tasks (recommendations). Create a resource group, a Data Collection Rule and Log Analytics workspace in the same region as the machine.", - "version": "1.2.0", + "version": "1.3.0", "metadata": { "category": "Security Center", - "version": "1.2.0" + "version": "1.3.0" }, "parameters": { "effect": { @@ -212,7 +212,8 @@ "Microsoft-DefenderForSqlLogins", "Microsoft-DefenderForSqlTelemetry", "Microsoft-DefenderForSqlScanEvents", - "Microsoft-DefenderForSqlScanResults" + "Microsoft-DefenderForSqlScanResults", + "Microsoft-SqlAtpStatus-DefenderForSql" ], "extensionSettings": { "enableCollectionOfSqlQueriesForSecurityResearch": "[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]" @@ -235,7 +236,8 @@ "Microsoft-DefenderForSqlLogins", "Microsoft-DefenderForSqlTelemetry", "Microsoft-DefenderForSqlScanEvents", - "Microsoft-DefenderForSqlScanResults" + "Microsoft-DefenderForSqlScanResults", + "Microsoft-SqlAtpStatus-DefenderForSql" ], "destinations": [ "LogAnalyticsDest" @@ -315,6 +317,7 @@ } }, "versions": [ + "1.3.0", "1.2.0", "1.1.2", "1.1.1-PREVIEW" diff --git a/built-in-policies/policyDefinitions/Azure Government/Security Center/MDC_DfSQL_AMA_DefaultPipeline_VM.json b/built-in-policies/policyDefinitions/Azure Government/Security Center/MDC_DfSQL_AMA_DefaultPipeline_VM.json index 231f1c5db..8ad714b43 100644 --- a/built-in-policies/policyDefinitions/Azure Government/Security Center/MDC_DfSQL_AMA_DefaultPipeline_VM.json +++ b/built-in-policies/policyDefinitions/Azure Government/Security Center/MDC_DfSQL_AMA_DefaultPipeline_VM.json @@ -4,9 +4,9 @@ "policyType": "BuiltIn", "mode": "Indexed", "description": "Microsoft Defender for SQL collects events from the agent and uses them to provide security alerts and tailored hardening tasks (recommendations). Create a resource group, a Data Collection Rule and Log Analytics workspace in the same region as the machine.", - "version": "1.4.0", + "version": "1.5.0", "metadata": { - "version": "1.4.0", + "version": "1.5.0", "category": "Security Center" }, "parameters": { @@ -265,7 +265,8 @@ "Microsoft-DefenderForSqlLogins", "Microsoft-DefenderForSqlTelemetry", "Microsoft-DefenderForSqlScanEvents", - "Microsoft-DefenderForSqlScanResults" + "Microsoft-DefenderForSqlScanResults", + "Microsoft-SqlAtpStatus-DefenderForSql" ], "extensionSettings": { "enableCollectionOfSqlQueriesForSecurityResearch": "[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]" @@ -288,7 +289,8 @@ "Microsoft-DefenderForSqlLogins", "Microsoft-DefenderForSqlTelemetry", "Microsoft-DefenderForSqlScanEvents", - "Microsoft-DefenderForSqlScanResults" + "Microsoft-DefenderForSqlScanResults", + "Microsoft-SqlAtpStatus-DefenderForSql" ], "destinations": [ "LogAnalyticsDest" @@ -356,6 +358,7 @@ } }, "versions": [ + "1.5.0", "1.4.0", "1.3.0", "1.2.1", diff --git a/built-in-policies/policyDefinitions/Azure Government/Security Center/MDC_DfSQL_AMA_UserWorkspacePipeline_Arc.json b/built-in-policies/policyDefinitions/Azure Government/Security Center/MDC_DfSQL_AMA_UserWorkspacePipeline_Arc.json index 80119a0c0..baab021d5 100644 --- a/built-in-policies/policyDefinitions/Azure Government/Security Center/MDC_DfSQL_AMA_UserWorkspacePipeline_Arc.json +++ b/built-in-policies/policyDefinitions/Azure Government/Security Center/MDC_DfSQL_AMA_UserWorkspacePipeline_Arc.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "mode": "Indexed", "description": "Microsoft Defender for SQL collects events from the agent and uses them to provide security alerts and tailored hardening tasks (recommendations). Create a resource group and a Data Collection Rule in the same region as the user-defined Log Analytics workspace.", - "version": "1.4.0", + "version": "1.5.0", "metadata": { "category": "Security Center", - "version": "1.4.0" + "version": "1.5.0" }, "parameters": { "effect": { @@ -252,7 +252,8 @@ "Microsoft-DefenderForSqlLogins", "Microsoft-DefenderForSqlTelemetry", "Microsoft-DefenderForSqlScanEvents", - "Microsoft-DefenderForSqlScanResults" + "Microsoft-DefenderForSqlScanResults", + "Microsoft-SqlAtpStatus-DefenderForSql" ], "extensionSettings": { "enableCollectionOfSqlQueriesForSecurityResearch": "[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]" @@ -275,7 +276,8 @@ "Microsoft-DefenderForSqlLogins", "Microsoft-DefenderForSqlTelemetry", "Microsoft-DefenderForSqlScanEvents", - "Microsoft-DefenderForSqlScanResults" + "Microsoft-DefenderForSqlScanResults", + "Microsoft-SqlAtpStatus-DefenderForSql" ], "destinations": [ "LogAnalyticsDest" @@ -342,6 +344,7 @@ } }, "versions": [ + "1.5.0", "1.4.0", "1.3.0", "1.2.1", diff --git a/built-in-policies/policyDefinitions/Azure Government/Security Center/MDC_DfSQL_AMA_UserWorkspacePipeline_VM.json b/built-in-policies/policyDefinitions/Azure Government/Security Center/MDC_DfSQL_AMA_UserWorkspacePipeline_VM.json index d10043fd3..aef9a68d1 100644 --- a/built-in-policies/policyDefinitions/Azure Government/Security Center/MDC_DfSQL_AMA_UserWorkspacePipeline_VM.json +++ b/built-in-policies/policyDefinitions/Azure Government/Security Center/MDC_DfSQL_AMA_UserWorkspacePipeline_VM.json @@ -4,9 +4,9 @@ "policyType": "BuiltIn", "mode": "Indexed", "description": "Microsoft Defender for SQL collects events from the agent and uses them to provide security alerts and tailored hardening tasks (recommendations). Create a resource group and a Data Collection Rule in the same region as the user-defined Log Analytics workspace.", - "version": "1.5.0", + "version": "1.6.0", "metadata": { - "version": "1.5.0", + "version": "1.6.0", "category": "Security Center" }, "parameters": { @@ -311,7 +311,8 @@ "Microsoft-DefenderForSqlLogins", "Microsoft-DefenderForSqlTelemetry", "Microsoft-DefenderForSqlScanEvents", - "Microsoft-DefenderForSqlScanResults" + "Microsoft-DefenderForSqlScanResults", + "Microsoft-SqlAtpStatus-DefenderForSql" ], "extensionSettings": { "enableCollectionOfSqlQueriesForSecurityResearch": "[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]" @@ -334,7 +335,8 @@ "Microsoft-DefenderForSqlLogins", "Microsoft-DefenderForSqlTelemetry", "Microsoft-DefenderForSqlScanEvents", - "Microsoft-DefenderForSqlScanResults" + "Microsoft-DefenderForSqlScanResults", + "Microsoft-SqlAtpStatus-DefenderForSql" ], "destinations": [ "LogAnalyticsDest" @@ -401,6 +403,7 @@ } }, "versions": [ + "1.6.0", "1.5.0", "1.4.0", "1.3.0", diff --git a/built-in-policies/policyDefinitions/DevOpsInfrastructure/Subnet_Audit.json b/built-in-policies/policyDefinitions/DevOpsInfrastructure/Subnet_Audit.json new file mode 100644 index 000000000..b438119a0 --- /dev/null +++ b/built-in-policies/policyDefinitions/DevOpsInfrastructure/Subnet_Audit.json @@ -0,0 +1,51 @@ +{ + "properties": { + "displayName": "[Preview]: Microsoft Managed DevOps Pools should be provided with valid subnet resource in order to configure with own virtual network.", + "policyType": "BuiltIn", + "mode": "Indexed", + "description": "Disallows creating Pool resources if a valid subnet resource is not provided.", + "metadata": { + "version": "1.0.0-preview", + "category": "DevOpsInfrastructure", + "preview": true + }, + "version": "1.0.0-preview", + "parameters": { + "effect": { + "type": "String", + "metadata": { + "displayName": "Effect", + "description": "Enable or disable the execution of the policy" + }, + "allowedValues": [ + "Audit", + "Deny", + "Disabled" + ], + "defaultValue": "Audit" + } + }, + "policyRule": { + "if": { + "allOf": [ + { + "field": "type", + "equals": "Microsoft.DevOpsInfrastructure/pools" + }, + { + "field": "Microsoft.DevOpsInfrastructure/pools/fabricProfile.Vmss.networkProfile.subnetId", + "exists": "true" + } + ] + }, + "then": { + "effect": "[parameters('effect')]" + } + }, + "versions": [ + "1.0.0-PREVIEW" + ] + }, + "id": "/providers/Microsoft.Authorization/policyDefinitions/0d6d79a8-8406-4e87-814d-2dcd83b2c355", + "name": "0d6d79a8-8406-4e87-814d-2dcd83b2c355" +} \ No newline at end of file diff --git a/built-in-policies/policyDefinitions/Kubernetes/ASC_Azure_Defender_AKS_SecurityProfile_DINE.json b/built-in-policies/policyDefinitions/Kubernetes/ASC_Azure_Defender_AKS_SecurityProfile_DINE.json index 5e6f436da..c38a7ccd5 100644 --- a/built-in-policies/policyDefinitions/Kubernetes/ASC_Azure_Defender_AKS_SecurityProfile_DINE.json +++ b/built-in-policies/policyDefinitions/Kubernetes/ASC_Azure_Defender_AKS_SecurityProfile_DINE.json @@ -5,10 +5,10 @@ "mode": "Indexed", "description": "Microsoft Defender for Containers provides cloud-native Kubernetes security capabilities including environment hardening, workload protection, and run-time protection. When you enable the SecurityProfile.Defender on your Azure Kubernetes Service cluster, an agent is deployed to your cluster to collect security event data. Learn more about Microsoft Defender for Containers: https://docs.microsoft.com/azure/defender-for-cloud/defender-for-containers-introduction?tabs=defender-for-container-arch-aks.", "metadata": { - "version": "4.1.0", + "version": "4.2.0", "category": "Kubernetes" }, - "version": "4.1.0", + "version": "4.2.0", "parameters": { "effect": { "type": "String", @@ -116,6 +116,7 @@ "jioindiawest": "JINW", "koreacentral": "SE", "koreasouth": "PS", + "mexicocentral": "MXC", "northcentralus": "NCUS", "northeurope": "NEU", "norwayeast": "NOE", @@ -127,6 +128,7 @@ "southcentralus": "SCUS", "southeastasia": "SEA", "southindia": "MA", + "spaincentral": "ESC", "swedencentral": "SEC", "switzerlandnorth": "CHN", "switzerlandwest": "CHW", @@ -297,6 +299,7 @@ } }, "versions": [ + "4.2.0", "4.1.0", "4.0.4" ] diff --git a/built-in-policies/policyDefinitions/Security Center/MDC_DfSQL_AMA_DefaultPipeline_Arc.json b/built-in-policies/policyDefinitions/Security Center/MDC_DfSQL_AMA_DefaultPipeline_Arc.json index c74c02ede..0b3dd067d 100644 --- a/built-in-policies/policyDefinitions/Security Center/MDC_DfSQL_AMA_DefaultPipeline_Arc.json +++ b/built-in-policies/policyDefinitions/Security Center/MDC_DfSQL_AMA_DefaultPipeline_Arc.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "mode": "Indexed", "description": "Microsoft Defender for SQL collects events from the agent and uses them to provide security alerts and tailored hardening tasks (recommendations). Create a resource group, a Data Collection Rule and Log Analytics workspace in the same region as the machine.", - "version": "1.4.0", + "version": "1.5.0", "metadata": { "category": "Security Center", - "version": "1.4.0" + "version": "1.5.0" }, "parameters": { "effect": { @@ -251,7 +251,8 @@ "Microsoft-DefenderForSqlLogins", "Microsoft-DefenderForSqlTelemetry", "Microsoft-DefenderForSqlScanEvents", - "Microsoft-DefenderForSqlScanResults" + "Microsoft-DefenderForSqlScanResults", + "Microsoft-SqlAtpStatus-DefenderForSql" ], "extensionSettings": { "enableCollectionOfSqlQueriesForSecurityResearch": "[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]" @@ -274,7 +275,8 @@ "Microsoft-DefenderForSqlLogins", "Microsoft-DefenderForSqlTelemetry", "Microsoft-DefenderForSqlScanEvents", - "Microsoft-DefenderForSqlScanResults" + "Microsoft-DefenderForSqlScanResults", + "Microsoft-SqlAtpStatus-DefenderForSql" ], "destinations": [ "LogAnalyticsDest" @@ -354,6 +356,7 @@ } }, "versions": [ + "1.5.0", "1.4.0", "1.3.0", "1.2.2", diff --git a/built-in-policies/policyDefinitions/Security Center/MDC_DfSQL_AMA_DefaultPipeline_VM.json b/built-in-policies/policyDefinitions/Security Center/MDC_DfSQL_AMA_DefaultPipeline_VM.json index 2c86c3b01..800312d6e 100644 --- a/built-in-policies/policyDefinitions/Security Center/MDC_DfSQL_AMA_DefaultPipeline_VM.json +++ b/built-in-policies/policyDefinitions/Security Center/MDC_DfSQL_AMA_DefaultPipeline_VM.json @@ -4,9 +4,9 @@ "policyType": "BuiltIn", "mode": "Indexed", "description": "Microsoft Defender for SQL collects events from the agent and uses them to provide security alerts and tailored hardening tasks (recommendations). Create a resource group, a Data Collection Rule and Log Analytics workspace in the same region as the machine.", - "version": "1.5.0", + "version": "1.6.0", "metadata": { - "version": "1.5.0", + "version": "1.6.0", "category": "Security Center" }, "parameters": { @@ -304,7 +304,8 @@ "Microsoft-DefenderForSqlLogins", "Microsoft-DefenderForSqlTelemetry", "Microsoft-DefenderForSqlScanEvents", - "Microsoft-DefenderForSqlScanResults" + "Microsoft-DefenderForSqlScanResults", + "Microsoft-SqlAtpStatus-DefenderForSql" ], "extensionSettings": { "enableCollectionOfSqlQueriesForSecurityResearch": "[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]" @@ -327,7 +328,8 @@ "Microsoft-DefenderForSqlLogins", "Microsoft-DefenderForSqlTelemetry", "Microsoft-DefenderForSqlScanEvents", - "Microsoft-DefenderForSqlScanResults" + "Microsoft-DefenderForSqlScanResults", + "Microsoft-SqlAtpStatus-DefenderForSql" ], "destinations": [ "LogAnalyticsDest" @@ -395,6 +397,7 @@ } }, "versions": [ + "1.6.0", "1.5.0", "1.4.0", "1.3.1", diff --git a/built-in-policies/policyDefinitions/Security Center/MDC_DfSQL_AMA_UserWorkspacePipeline_Arc.json b/built-in-policies/policyDefinitions/Security Center/MDC_DfSQL_AMA_UserWorkspacePipeline_Arc.json index 086dacd59..af7dda090 100644 --- a/built-in-policies/policyDefinitions/Security Center/MDC_DfSQL_AMA_UserWorkspacePipeline_Arc.json +++ b/built-in-policies/policyDefinitions/Security Center/MDC_DfSQL_AMA_UserWorkspacePipeline_Arc.json @@ -4,10 +4,10 @@ "policyType": "BuiltIn", "mode": "Indexed", "description": "Microsoft Defender for SQL collects events from the agent and uses them to provide security alerts and tailored hardening tasks (recommendations). Create a resource group and a Data Collection Rule in the same region as the user-defined Log Analytics workspace.", - "version": "1.6.0", + "version": "1.7.0", "metadata": { "category": "Security Center", - "version": "1.6.0" + "version": "1.7.0" }, "parameters": { "effect": { @@ -291,7 +291,8 @@ "Microsoft-DefenderForSqlLogins", "Microsoft-DefenderForSqlTelemetry", "Microsoft-DefenderForSqlScanEvents", - "Microsoft-DefenderForSqlScanResults" + "Microsoft-DefenderForSqlScanResults", + "Microsoft-SqlAtpStatus-DefenderForSql" ], "extensionSettings": { "enableCollectionOfSqlQueriesForSecurityResearch": "[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]" @@ -314,7 +315,8 @@ "Microsoft-DefenderForSqlLogins", "Microsoft-DefenderForSqlTelemetry", "Microsoft-DefenderForSqlScanEvents", - "Microsoft-DefenderForSqlScanResults" + "Microsoft-DefenderForSqlScanResults", + "Microsoft-SqlAtpStatus-DefenderForSql" ], "destinations": [ "LogAnalyticsDest" @@ -381,6 +383,7 @@ } }, "versions": [ + "1.7.0", "1.6.0", "1.5.0", "1.4.0", diff --git a/built-in-policies/policyDefinitions/Security Center/MDC_DfSQL_AMA_UserWorkspacePipeline_VM.json b/built-in-policies/policyDefinitions/Security Center/MDC_DfSQL_AMA_UserWorkspacePipeline_VM.json index 6e9021019..f370d2f31 100644 --- a/built-in-policies/policyDefinitions/Security Center/MDC_DfSQL_AMA_UserWorkspacePipeline_VM.json +++ b/built-in-policies/policyDefinitions/Security Center/MDC_DfSQL_AMA_UserWorkspacePipeline_VM.json @@ -4,9 +4,9 @@ "policyType": "BuiltIn", "mode": "Indexed", "description": "Microsoft Defender for SQL collects events from the agent and uses them to provide security alerts and tailored hardening tasks (recommendations). Create a resource group and a Data Collection Rule in the same region as the user-defined Log Analytics workspace.", - "version": "1.6.0", + "version": "1.7.0", "metadata": { - "version": "1.6.0", + "version": "1.7.0", "category": "Security Center" }, "parameters": { @@ -350,7 +350,8 @@ "Microsoft-DefenderForSqlLogins", "Microsoft-DefenderForSqlTelemetry", "Microsoft-DefenderForSqlScanEvents", - "Microsoft-DefenderForSqlScanResults" + "Microsoft-DefenderForSqlScanResults", + "Microsoft-SqlAtpStatus-DefenderForSql" ], "extensionSettings": { "enableCollectionOfSqlQueriesForSecurityResearch": "[parameters('enableCollectionOfSqlQueriesForSecurityResearch')]" @@ -373,7 +374,8 @@ "Microsoft-DefenderForSqlLogins", "Microsoft-DefenderForSqlTelemetry", "Microsoft-DefenderForSqlScanEvents", - "Microsoft-DefenderForSqlScanResults" + "Microsoft-DefenderForSqlScanResults", + "Microsoft-SqlAtpStatus-DefenderForSql" ], "destinations": [ "LogAnalyticsDest" @@ -440,6 +442,7 @@ } }, "versions": [ + "1.7.0", "1.6.0", "1.5.0", "1.4.0",