Skip to content

Built-in Policy Release 74b1e6d3 #1535

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
hanheuljo merged 1 commit into from
Jan 21, 2026
Merged

Built-in Policy Release 74b1e6d3 #1535

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 8 additions & 6 deletions built-in-policies/policyDefinitions/App Service/HostingEnvironment_LatestVersions_Audit.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,18 +1,19 @@
{
"properties": {
"displayName": "App Service Environment should be provisioned with latest versions",
"displayName": "[Deprecated]: App Service Environment should be provisioned with latest versions",
"policyType": "BuiltIn",
"mode": "Indexed",
"description": "Only allow App Service Environment version 2 or version 3 to be provisioned. Older versions of App Service Environment require manual management of Azure resources and have greater scaling limitations.",
"description": "Only allow App Service Environment version 2 or version 3 to be provisioned. This policy is deprecated because App Service Environment v1 and v2 are retired and no longer supported. Learn more about policy definition deprecation at aka.ms/policydefdeprecation.",
"metadata": {
"version": "1.0.0",
"category": "App Service"
"version": "1.1.0-deprecated",
"category": "App Service",
"deprecated": true
},
"version": "1.0.0",
"version": "1.1.0",
"parameters": {
"effect": {
"type": "string",
"defaultValue": "Audit",
"defaultValue": "Disabled",
"allowedValues": [
"Audit",
"Deny",
Expand Down Expand Up @@ -42,6 +43,7 @@
}
},
"versions": [
"1.1.0",
"1.0.0"
]
},
Expand Down
56 changes: 56 additions & 0 deletions ...olicies/policyDefinitions/Durable Task/DurableTaskSchedulerOpenIpAllowlist_AuditDeny.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
{
"properties": {
"displayName": "Durable Task schedulers should not allow open IP allowlists",
"description": "Deny Durable Task schedulers that include 0.0.0.0/0 in their IP allowlist to prevent exposure to the public internet. Remove the open entry so that only trusted networks can reach the scheduler.",
"policyType": "BuiltIn",
"mode": "Indexed",
"metadata": {
"version": "1.0.0",
"category": "Durable Task"
},
"version": "1.0.0",
"parameters": {
"effect": {
"type": "String",
"defaultValue": "Audit",
"allowedValues": [
"Audit",
"Deny",
"Disabled"
],
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
}
}
},
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.DurableTask/schedulers"
},
{
"count": {
"field": "Microsoft.DurableTask/schedulers/ipAllowlist[*]",
"where": {
"field": "Microsoft.DurableTask/schedulers/ipAllowlist[*]",
"equals": "0.0.0.0/0"
}
},
"greater": 0
}
]
},
"then": {
"effect": "[parameters('effect')]"
}
},
"versions": [
"1.0.0"
]
},
"id": "/providers/Microsoft.Authorization/policyDefinitions/d82527a7-91cd-409f-b96e-049600b16b9e",
"name": "d82527a7-91cd-409f-b96e-049600b16b9e"
}
14 changes: 12 additions & 2 deletions ...in-policies/policyDefinitions/Monitoring/AzureMonitor_AddSystemIdentity_Prerequisite.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,10 @@
"description": "Configure system-assigned managed identity to virtual machines hosted in Azure that are supported by Azure Monitor and do not have a system-assigned managed identity. A system-assigned managed identity is a prerequisite for all Azure Monitor assignments and must be added to machines before using any Azure Monitor extension. Target virtual machines must be in a supported location.",
"metadata": {
"category": "Monitoring",
"version": "6.1.0-preview",
"version": "6.2.0-preview",
"preview": true
},
"version": "6.1.0-preview",
"version": "6.2.0-preview",
"parameters": {
"effect": {
"type": "String",
Expand Down Expand Up @@ -67,25 +67,34 @@
"centralindia",
"centralus",
"centraluseuap",
"chilecentral",
"eastasia",
"eastus",
"eastus2",
"eastus2euap",
"francecentral",
"germanywestcentral",
"indonesiacentral",
"israelcentral",
"italynorth",
"japaneast",
"japanwest",
"jioindiawest",
"koreacentral",
"koreasouth",
"malaysiawest",
"mexicocentral",
"newzealandnorth",
"northcentralus",
"northeurope",
"norwayeast",
"polandcentral",
"qatarcentral",
"southafricanorth",
"southcentralus",
"southeastasia",
"southindia",
"spaincentral",
"swedencentral",
"switzerlandnorth",
"uaenorth",
Expand Down Expand Up @@ -716,6 +725,7 @@
}
},
"versions": [
"6.2.0-PREVIEW",
"6.1.0-PREVIEW",
"6.0.0-PREVIEW"
]
Expand Down
9 changes: 7 additions & 2 deletions built-in-policies/policyDefinitions/Monitoring/AzureMonitor_Agent_Linux_VMSS_Audit.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,10 @@
"mode": "Indexed",
"description": "Linux virtual machine scale sets should be monitored and secured through the deployed Azure Monitor Agent. The Azure Monitor Agent collects telemetry data from the guest OS. This policy will audit virtual machine scale sets with supported OS images in supported regions. Learn more: https://aka.ms/AMAOverview.",
"metadata": {
"version": "3.5.0",
"version": "3.6.0",
"category": "Monitoring"
},
"version": "3.5.0",
"version": "3.6.0",
"parameters": {
"effect": {
"type": "String",
Expand Down Expand Up @@ -64,6 +64,7 @@
"centralindia",
"centralus",
"centraluseuap",
"chilecentral",
"eastasia",
"eastus",
"eastus2",
Expand All @@ -72,6 +73,7 @@
"francesouth",
"germanynorth",
"germanywestcentral",
"indonesiacentral",
"israelcentral",
"italynorth",
"japaneast",
Expand All @@ -81,7 +83,9 @@
"koreacentral",
"koreasouth",
"malaysiasouth",
"malaysiawest",
"mexicocentral",
"newzealandnorth",
"northcentralus",
"northeurope",
"norwayeast",
Expand Down Expand Up @@ -563,6 +567,7 @@
}
},
"versions": [
"3.6.0",
"3.5.0",
"3.4.0",
"3.3.0",
Expand Down
9 changes: 7 additions & 2 deletions built-in-policies/policyDefinitions/Monitoring/AzureMonitor_Agent_Linux_VMSS_DINE.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,10 @@
"mode": "Indexed",
"description": "Automate the deployment of Azure Monitor Agent extension on your Linux virtual machine scale sets for collecting telemetry data from the guest OS. This policy will install the extension if the OS and region are supported and system-assigned managed identity is enabled, and skip install otherwise. Learn more: https://aka.ms/AMAOverview.",
"metadata": {
"version": "3.9.0",
"version": "3.10.0",
"category": "Monitoring"
},
"version": "3.9.0",
"version": "3.10.0",
"parameters": {
"effect": {
"type": "String",
Expand Down Expand Up @@ -68,6 +68,7 @@
"centralindia",
"centralus",
"centraluseuap",
"chilecentral",
"eastasia",
"eastus",
"eastus2",
Expand All @@ -76,6 +77,7 @@
"francesouth",
"germanynorth",
"germanywestcentral",
"indonesiacentral",
"israelcentral",
"italynorth",
"japaneast",
Expand All @@ -85,7 +87,9 @@
"koreacentral",
"koreasouth",
"malaysiasouth",
"malaysiawest",
"mexicocentral",
"newzealandnorth",
"northcentralus",
"northeurope",
"norwayeast",
Expand Down Expand Up @@ -616,6 +620,7 @@
}
},
"versions": [
"3.10.0",
"3.9.0",
"3.8.0",
"3.7.0",
Expand Down
9 changes: 7 additions & 2 deletions built-in-policies/policyDefinitions/Monitoring/AzureMonitor_Agent_Linux_VMSS_UAI_DINE.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,10 @@
"mode": "Indexed",
"description": "Automate the deployment of Azure Monitor Agent extension on your Linux virtual machine scale sets for collecting telemetry data from the guest OS. This policy will install the extension and configure it to use the specified user-assigned managed identity if the OS and region are supported, and skip install otherwise. Learn more: https://aka.ms/AMAOverview.",
"metadata": {
"version": "3.10.0",
"version": "3.11.0",
"category": "Monitoring"
},
"version": "3.10.0",
"version": "3.11.0",
"parameters": {
"effect": {
"type": "String",
Expand Down Expand Up @@ -111,6 +111,7 @@
"centralindia",
"centralus",
"centraluseuap",
"chilecentral",
"eastasia",
"eastus",
"eastus2",
Expand All @@ -119,6 +120,7 @@
"francesouth",
"germanynorth",
"germanywestcentral",
"indonesiacentral",
"israelcentral",
"italynorth",
"japaneast",
Expand All @@ -128,7 +130,9 @@
"koreacentral",
"koreasouth",
"malaysiasouth",
"malaysiawest",
"mexicocentral",
"newzealandnorth",
"northcentralus",
"northeurope",
"norwayeast",
Expand Down Expand Up @@ -684,6 +688,7 @@
}
},
"versions": [
"3.11.0",
"3.10.0",
"3.9.0",
"3.8.0",
Expand Down
9 changes: 7 additions & 2 deletions built-in-policies/policyDefinitions/Monitoring/AzureMonitor_Agent_Linux_VM_Audit.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,10 @@
"mode": "Indexed",
"description": "Linux virtual machines should be monitored and secured through the deployed Azure Monitor Agent. The Azure Monitor Agent collects telemetry data from the guest OS. This policy will audit virtual machines with supported OS images in supported regions. Learn more: https://aka.ms/AMAOverview.",
"metadata": {
"version": "3.5.0",
"version": "3.6.0",
"category": "Monitoring"
},
"version": "3.5.0",
"version": "3.6.0",
"parameters": {
"effect": {
"type": "String",
Expand Down Expand Up @@ -64,6 +64,7 @@
"centralindia",
"centralus",
"centraluseuap",
"chilecentral",
"eastasia",
"eastus",
"eastus2",
Expand All @@ -72,6 +73,7 @@
"francesouth",
"germanynorth",
"germanywestcentral",
"indonesiacentral",
"israelcentral",
"italynorth",
"japaneast",
Expand All @@ -81,7 +83,9 @@
"koreacentral",
"koreasouth",
"malaysiasouth",
"malaysiawest",
"mexicocentral",
"newzealandnorth",
"northcentralus",
"northeurope",
"norwayeast",
Expand Down Expand Up @@ -563,6 +567,7 @@
}
},
"versions": [
"3.6.0",
"3.5.0",
"3.4.0",
"3.3.0",
Expand Down
9 changes: 7 additions & 2 deletions built-in-policies/policyDefinitions/Monitoring/AzureMonitor_Agent_Linux_VM_DINE.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,10 @@
"mode": "Indexed",
"description": "Automate the deployment of Azure Monitor Agent extension on your Linux virtual machines for collecting telemetry data from the guest OS. This policy will install the extension if the OS and region are supported and system-assigned managed identity is enabled, and skip install otherwise. Learn more: https://aka.ms/AMAOverview.",
"metadata": {
"version": "3.9.0",
"version": "3.10.0",
"category": "Monitoring"
},
"version": "3.9.0",
"version": "3.10.0",
"parameters": {
"effect": {
"type": "String",
Expand Down Expand Up @@ -68,6 +68,7 @@
"centralindia",
"centralus",
"centraluseuap",
"chilecentral",
"eastasia",
"eastus",
"eastus2",
Expand All @@ -76,6 +77,7 @@
"francesouth",
"germanynorth",
"germanywestcentral",
"indonesiacentral",
"israelcentral",
"italynorth",
"japaneast",
Expand All @@ -85,7 +87,9 @@
"koreacentral",
"koreasouth",
"malaysiasouth",
"malaysiawest",
"mexicocentral",
"newzealandnorth",
"northcentralus",
"northeurope",
"norwayeast",
Expand Down Expand Up @@ -616,6 +620,7 @@
}
},
"versions": [
"3.10.0",
"3.9.0",
"3.8.0",
"3.7.0",
Expand Down
Loading