policy-samples-20240607-3

Author: Saisang

includes/policy/reference/byrp/microsoft.desktopvirtualization.md

@@ -1,7 +1,7 @@
 ---
 ms.service: azure-policy
 ms.topic: include
-ms.date: 05/30/2024
+ms.date: 06/07/2024
 ms.author: davidsmatlak
 author: davidsmatlak
 ms.custom: generated

includes/policy/reference/byrp/microsoft.devcenter.md

@@ -1,7 +1,7 @@
 ---
 ms.service: azure-policy
 ms.topic: include
-ms.date: 05/30/2024
+ms.date: 06/07/2024
 ms.author: davidsmatlak
 author: davidsmatlak
 ms.custom: generated

includes/policy/reference/byrp/microsoft.devices.md

@@ -1,7 +1,7 @@
 ---
 ms.service: azure-policy
 ms.topic: include
-ms.date: 05/30/2024
+ms.date: 06/07/2024
 ms.author: davidsmatlak
 author: davidsmatlak
 ms.custom: generated

includes/policy/reference/byrp/microsoft.deviceupdate.md

@@ -1,7 +1,7 @@
 ---
 ms.service: azure-policy
 ms.topic: include
-ms.date: 05/30/2024
+ms.date: 06/07/2024
 ms.author: davidsmatlak
 author: davidsmatlak
 ms.custom: generated

includes/policy/reference/byrp/microsoft.digitaltwins.md

@@ -1,7 +1,7 @@
 ---
 ms.service: azure-policy
 ms.topic: include
-ms.date: 05/30/2024
+ms.date: 06/07/2024
 ms.author: davidsmatlak
 author: davidsmatlak
 ms.custom: generated

includes/policy/reference/byrp/microsoft.documentdb.md

@@ -1,7 +1,7 @@
 ---
 ms.service: azure-policy
 ms.topic: include
-ms.date: 05/30/2024
+ms.date: 06/07/2024
 ms.author: davidsmatlak
 author: davidsmatlak
 ms.custom: generated
@@ -10,7 +10,7 @@ ms.custom: generated
 |Name<br /><sub>(Azure portal)</sub> |Description |Effect(s) |Version<br /><sub>(GitHub)</sub> |
 |---|---|---|---|
 |[\[Preview\]: Cosmos Database Accounts should be Zone Redundant](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F44c5a1f9-7ef6-4c38-880c-273e8f7a3c24) |Cosmos Database Accounts can be configured to be Zone Redundant or not. If the 'enableMultipleWriteLocations' is set to 'true' then all locations must have a 'isZoneRedundant' property and it must be set to 'true'. If the 'enableMultipleWriteLocations' is set to 'false' then the primary location ('failoverPriority' set to 0) must have a 'isZoneRedundant' property and it must be set to 'true'. Enforcing this policy ensures Cosmos Database Accounts are appropriately configured for zone redundancy. |Audit, Deny, Disabled |[1.0.0-preview](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Resilience/DocumentDB_databaseAccounts_ZoneRedundant_Audit.json) |
-|[Azure Cosmos DB accounts should have firewall rules](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb) |Firewall rules should be defined on your Azure Cosmos DB accounts to prevent traffic from unauthorized sources. Accounts that have at least one IP rule defined with the virtual network filter enabled are deemed compliant. Accounts disabling public access are also deemed compliant. |Audit, Deny, Disabled |[2.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cosmos%20DB/Cosmos_NetworkRulesExist_Audit.json) |
+|[Azure Cosmos DB accounts should have firewall rules](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb) |Firewall rules should be defined on your Azure Cosmos DB accounts to prevent traffic from unauthorized sources. Accounts that have at least one IP rule defined with the virtual network filter enabled are deemed compliant. Accounts disabling public access are also deemed compliant. |Audit, Deny, Disabled |[2.1.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cosmos%20DB/Cosmos_NetworkRulesExist_Audit.json) |
 |[Azure Cosmos DB accounts should not allow traffic from all Azure data centers](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F12339a85-a25c-4f17-9f82-4766f13f5c4c) |Disallow the IP Firewall rule, '0.0.0.0', which allows for all traffic from any Azure data centers. Learn more at [https://aka.ms/cosmosdb-firewall](https://aka.ms/cosmosdb-firewall) |Audit, Deny, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cosmos%20DB/Cosmos_NetworkRulesNoAzureDatacenterAccess_Audit.json) |
 |[Azure Cosmos DB accounts should not exceed the maximum number of days allowed since last account key regeneration.](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F9d83ccb1-f313-46ce-9d39-a198bfdb51a0) |Regenerate your keys in the specified time to keep your data more protected. |Audit, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cosmos%20DB/Cosmos_KeysMetadata_Audit.json) |
 |[Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F1f905d99-2ab7-462c-a6b0-f709acca6c8f) |Use customer-managed keys to manage the encryption at rest of your Azure Cosmos DB. By default, the data is encrypted at rest with service-managed keys, but customer-managed keys are commonly required to meet regulatory compliance standards. Customer-managed keys enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more at [https://aka.ms/cosmosdb-cmk](https://aka.ms/cosmosdb-cmk). |audit, Audit, deny, Deny, disabled, Disabled |[1.1.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cosmos%20DB/Cosmos_CMK_Deny.json) |

includes/policy/reference/byrp/microsoft.edgeorder.md

@@ -1,7 +1,7 @@
 ---
 ms.service: azure-policy
 ms.topic: include
-ms.date: 05/30/2024
+ms.date: 06/07/2024
 ms.author: davidsmatlak
 author: davidsmatlak
 ms.custom: generated

includes/policy/reference/byrp/microsoft.elasticsan.md

@@ -1,7 +1,7 @@
 ---
 ms.service: azure-policy
 ms.topic: include
-ms.date: 05/30/2024
+ms.date: 06/07/2024
 ms.author: davidsmatlak
 author: davidsmatlak
 ms.custom: generated

includes/policy/reference/byrp/microsoft.eventgrid.md

@@ -1,7 +1,7 @@
 ---
 ms.service: azure-policy
 ms.topic: include
-ms.date: 05/30/2024
+ms.date: 06/07/2024
 ms.author: davidsmatlak
 author: davidsmatlak
 ms.custom: generated

includes/policy/reference/byrp/microsoft.eventhub.md

@@ -1,7 +1,7 @@
 ---
 ms.service: azure-policy
 ms.topic: include
-ms.date: 05/30/2024
+ms.date: 06/07/2024
 ms.author: davidsmatlak
 author: davidsmatlak
 ms.custom: generated