Merge pull request #104142 from DCtheGeek/dmc-policy-fixlinks

Fixing links to GitHub

Author: GitHubber17

includes/azure-policy-samples-policies-app-service.md

@@ -2,10 +2,10 @@
 author: DCtheGeek
 ms.service: azure-policy
 ms.topic: include
-ms.date: 02/10/2020
+ms.date: 02/12/2020
 ms.author: dacoulte
 ---
 
 |Name |Description |Effect(s) |Version |
 |---|---|---|---|
-|[Automation account variables should be encrypted](https://github.com/Azure/azure-policy/blob/masterbuilt-in-policies/policyDefinitions/Automation/Automation_AuditUnencryptedVars_Audit.json) |It is important to enable encryption of Automation account variable assets when storing sensitive data |Audit, Disabled |1.0.0 |
+|[Automation account variables should be encrypted](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Automation/Automation_AuditUnencryptedVars_Audit.json) |It is important to enable encryption of Automation account variable assets when storing sensitive data |Audit, Disabled |1.0.0 |

includes/azure-policy-samples-policies-automation.md

@@ -2,11 +2,11 @@
 author: DCtheGeek
 ms.service: azure-policy
 ms.topic: include
-ms.date: 02/10/2020
+ms.date: 02/12/2020
 ms.author: dacoulte
 ---
 
 |Name |Description |Effect(s) |Version |
 |---|---|---|---|
-|[Diagnostic logs in Batch accounts should be enabled](https://github.com/Azure/azure-policy/blob/masterbuilt-in-policies/policyDefinitions/Batch/Batch_AuditDiagnosticLog_Audit.json) |Audit enabling of diagnostic logs. This enables you to recreate activity trails to use for investigation purposes; when a security incident occurs or when your network is compromised |AuditIfNotExists, Disabled |2.0.0 |
-|[Metric alert rules should be configured on Batch accounts](https://github.com/Azure/azure-policy/blob/masterbuilt-in-policies/policyDefinitions/Batch/Batch_AuditMetricAlerts_Audit.json) |Audit configuration of metric alert rules on Batch account to enable the required metric |AuditIfNotExists, Disabled |1.0.0 |
+|[Diagnostic logs in Batch accounts should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Batch/Batch_AuditDiagnosticLog_Audit.json) |Audit enabling of diagnostic logs. This enables you to recreate activity trails to use for investigation purposes; when a security incident occurs or when your network is compromised |AuditIfNotExists, Disabled |2.0.0 |
+|[Metric alert rules should be configured on Batch accounts](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Batch/Batch_AuditMetricAlerts_Audit.json) |Audit configuration of metric alert rules on Batch account to enable the required metric |AuditIfNotExists, Disabled |1.0.0 |

includes/azure-policy-samples-policies-batch.md

@@ -2,10 +2,10 @@
 author: DCtheGeek
 ms.service: azure-policy
 ms.topic: include
-ms.date: 02/10/2020
+ms.date: 02/12/2020
 ms.author: dacoulte
 ---
 
 |Name |Description |Effect(s) |Version |
 |---|---|---|---|
-|[Only secure connections to your Redis Cache should be enabled](https://github.com/Azure/azure-policy/blob/masterbuilt-in-policies/policyDefinitions/Cache/RedisCache_AuditSSLPort_Audit.json) |Audit enabling of only connections via SSL to Redis Cache. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking |Audit, Deny, Disabled |1.0.0 |
+|[Only secure connections to your Redis Cache should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cache/RedisCache_AuditSSLPort_Audit.json) |Audit enabling of only connections via SSL to Redis Cache. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking |Audit, Deny, Disabled |1.0.0 |

includes/azure-policy-samples-policies-cache.md

@@ -2,20 +2,20 @@
 author: DCtheGeek
 ms.service: azure-policy
 ms.topic: include
-ms.date: 02/10/2020
+ms.date: 02/12/2020
 ms.author: dacoulte
 ---
 
 |Name |Description |Effect(s) |Version |
 |---|---|---|---|
-|[Allowed virtual machine SKUs](https://github.com/Azure/azure-policy/blob/masterbuilt-in-policies/policyDefinitions/Compute/VMSkusAllowed_Deny.json) |This policy enables you to specify a set of virtual machine SKUs that your organization can deploy. |Deny |1.0.0 |
-|[Audit virtual machines without disaster recovery configured](https://github.com/Azure/azure-policy/blob/masterbuilt-in-policies/policyDefinitions/Compute/RecoveryServices_DisasterRecovery_Audit.json) |Audit virtual machines which do not have disaster recovery configured. To learn more about disaster recovery, visit https://aka.ms/asr-doc. |auditIfNotExists |1.0.0 |
-|[Audit VMs that do not use managed disks](https://github.com/Azure/azure-policy/blob/masterbuilt-in-policies/policyDefinitions/Compute/VMRequireManagedDisk_Audit.json) |This policy audits VMs that do not use managed disks |audit |1.0.0 |
-|[Deploy default Microsoft IaaSAntimalware extension for Windows Server](https://github.com/Azure/azure-policy/blob/masterbuilt-in-policies/policyDefinitions/Compute/VMAntimalwareExtension_Deploy.json) |This policy deploys a Microsoft IaaSAntimalware extension with a default configuration when a VM is not configured with the antimalware extension. |deployIfNotExists |1.0.0 |
-|[Diagnostic logs in Virtual Machine Scale Sets should be enabled](https://github.com/Azure/azure-policy/blob/masterbuilt-in-policies/policyDefinitions/Compute/ServiceFabric_and_VMSS_AuditVMSSDiagnostics.json) |It is recommended to enable Logs so that activity trail can be recreated when investigations are required in the event of an incident or a compromise. |AuditIfNotExists, Disabled |1.0.0 |
-|[Microsoft Antimalware for Azure should be configured to automatically update protection signatures](https://github.com/Azure/azure-policy/blob/masterbuilt-in-policies/policyDefinitions/Compute/VirtualMachines_AntiMalwareAutoUpdate_AuditIfNotExists.json) |This policy audits any Windows virtual machine not configured with automatic update of Microsoft Antimalware protection signatures. |AuditIfNotExists, Disabled |1.0.0 |
-|[Microsoft IaaSAntimalware extension should be deployed on Windows servers](https://github.com/Azure/azure-policy/blob/masterbuilt-in-policies/policyDefinitions/Compute/WindowsServers_AntiMalware_AuditIfNotExists.json) |This policy audits any Windows server VM without Microsoft IaaSAntimalware extension deployed. |AuditIfNotExists, Disabled |1.0.0 |
-|[Only approved VM extensions should be installed](https://github.com/Azure/azure-policy/blob/masterbuilt-in-policies/policyDefinitions/Compute/VirtualMachines_ApprovedExtensions_Audit.json) |This policy governs the virtual machine extensions that are not approved. |Audit, Deny, Disabled |1.0.0 |
-|[Require automatic OS image patching on Virtual Machine Scale Sets](https://github.com/Azure/azure-policy/blob/masterbuilt-in-policies/policyDefinitions/Compute/VMSSOSUpgradeHealthCheck_Deny.json) |This policy enforces enabling automatic OS image patching on Virtual Machine Scale Sets to always keep Virtual Machines secure by safely applying latest security patches every month. |deny |1.0.0 |
-|[Unattached disks should be encrypted](https://github.com/Azure/azure-policy/blob/masterbuilt-in-policies/policyDefinitions/Compute/UnattachedDisk_Encryption_Audit.json) |This policy audits any unattached disk without encryption enabled. |Audit, Disabled |1.0.0 |
-|[Virtual machines should be migrated to new Azure Resource Manager resources](https://github.com/Azure/azure-policy/blob/masterbuilt-in-policies/policyDefinitions/Compute/ClassicCompute_Audit.json) |Use new Azure Resource Manager for your virtual machines to provide security enhancements such as: stronger access control (RBAC), better auditing, ARM-based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management |Audit, Deny, Disabled |1.0.0 |
+|[Allowed virtual machine SKUs](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/VMSkusAllowed_Deny.json) |This policy enables you to specify a set of virtual machine SKUs that your organization can deploy. |Deny |1.0.0 |
+|[Audit virtual machines without disaster recovery configured](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/RecoveryServices_DisasterRecovery_Audit.json) |Audit virtual machines which do not have disaster recovery configured. To learn more about disaster recovery, visit https://aka.ms/asr-doc. |auditIfNotExists |1.0.0 |
+|[Audit VMs that do not use managed disks](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/VMRequireManagedDisk_Audit.json) |This policy audits VMs that do not use managed disks |audit |1.0.0 |
+|[Deploy default Microsoft IaaSAntimalware extension for Windows Server](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/VMAntimalwareExtension_Deploy.json) |This policy deploys a Microsoft IaaSAntimalware extension with a default configuration when a VM is not configured with the antimalware extension. |deployIfNotExists |1.0.0 |
+|[Diagnostic logs in Virtual Machine Scale Sets should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/ServiceFabric_and_VMSS_AuditVMSSDiagnostics.json) |It is recommended to enable Logs so that activity trail can be recreated when investigations are required in the event of an incident or a compromise. |AuditIfNotExists, Disabled |1.0.0 |
+|[Microsoft Antimalware for Azure should be configured to automatically update protection signatures](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/VirtualMachines_AntiMalwareAutoUpdate_AuditIfNotExists.json) |This policy audits any Windows virtual machine not configured with automatic update of Microsoft Antimalware protection signatures. |AuditIfNotExists, Disabled |1.0.0 |
+|[Microsoft IaaSAntimalware extension should be deployed on Windows servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/WindowsServers_AntiMalware_AuditIfNotExists.json) |This policy audits any Windows server VM without Microsoft IaaSAntimalware extension deployed. |AuditIfNotExists, Disabled |1.0.0 |
+|[Only approved VM extensions should be installed](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/VirtualMachines_ApprovedExtensions_Audit.json) |This policy governs the virtual machine extensions that are not approved. |Audit, Deny, Disabled |1.0.0 |
+|[Require automatic OS image patching on Virtual Machine Scale Sets](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/VMSSOSUpgradeHealthCheck_Deny.json) |This policy enforces enabling automatic OS image patching on Virtual Machine Scale Sets to always keep Virtual Machines secure by safely applying latest security patches every month. |deny |1.0.0 |
+|[Unattached disks should be encrypted](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/UnattachedDisk_Encryption_Audit.json) |This policy audits any unattached disk without encryption enabled. |Audit, Disabled |1.0.0 |
+|[Virtual machines should be migrated to new Azure Resource Manager resources](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/ClassicCompute_Audit.json) |Use new Azure Resource Manager for your virtual machines to provide security enhancements such as: stronger access control (RBAC), better auditing, ARM-based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management |Audit, Deny, Disabled |1.0.0 |

includes/azure-policy-samples-policies-compute.md

@@ -2,10 +2,10 @@
 author: DCtheGeek
 ms.service: azure-policy
 ms.topic: include
-ms.date: 02/10/2020
+ms.date: 02/12/2020
 ms.author: dacoulte
 ---
 
 |Name |Description |Effect(s) |Version |
 |---|---|---|---|
-|[Deploy Advanced Threat Protection for Cosmos DB Accounts](https://github.com/Azure/azure-policy/blob/masterbuilt-in-policies/policyDefinitions/Cosmos%20DB/CosmosDbAdvancedThreatProtection_Deploy.json) |This policy enables Advanced Threat Protection across Cosmos DB accounts. |DeployIfNotExists, Disabled |1.0.0 |
+|[Deploy Advanced Threat Protection for Cosmos DB Accounts](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cosmos%20DB/CosmosDbAdvancedThreatProtection_Deploy.json) |This policy enables Advanced Threat Protection across Cosmos DB accounts. |DeployIfNotExists, Disabled |1.0.0 |

includes/azure-policy-samples-policies-cosmos-db.md

@@ -2,10 +2,10 @@
 author: DCtheGeek
 ms.service: azure-policy
 ms.topic: include
-ms.date: 02/10/2020
+ms.date: 02/12/2020
 ms.author: dacoulte
 ---
 
 |Name |Description |Effect(s) |Version |
 |---|---|---|---|
-|[Deploy associations for a custom provider](https://github.com/Azure/azure-policy/blob/masterbuilt-in-policies/policyDefinitions/Custom%20Provider/AssociationForCustomProvider_Deploy.json) |Deploys an association resource that associates selected resource types to the specified custom provider. This policy deployment does not support nested resource types. |deployIfNotExists |1.0.0 |
+|[Deploy associations for a custom provider](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Custom%20Provider/AssociationForCustomProvider_Deploy.json) |Deploys an association resource that associates selected resource types to the specified custom provider. This policy deployment does not support nested resource types. |deployIfNotExists |1.0.0 |

includes/azure-policy-samples-policies-custom-provider.md

@@ -2,12 +2,12 @@
 author: DCtheGeek
 ms.service: azure-policy
 ms.topic: include
-ms.date: 02/10/2020
+ms.date: 02/12/2020
 ms.author: dacoulte
 ---
 
 |Name |Description |Effect(s) |Version |
 |---|---|---|---|
-|[Diagnostic logs in Azure Data Lake Store should be enabled](https://github.com/Azure/azure-policy/blob/masterbuilt-in-policies/policyDefinitions/Data%20Lake/DataLakeStore_AuditDiagnosticLog_Audit.json) |Audit enabling of diagnostic logs. This enables you to recreate activity trails to use for investigation purposes; when a security incident occurs or when your network is compromised |AuditIfNotExists, Disabled |2.0.0 |
-|[Diagnostic logs in Data Lake Analytics should be enabled](https://github.com/Azure/azure-policy/blob/masterbuilt-in-policies/policyDefinitions/Data%20Lake/DataLakeAnalytics_AuditDiagnosticLog_Audit.json) |Audit enabling of diagnostic logs. This enables you to recreate activity trails to use for investigation purposes; when a security incident occurs or when your network is compromised |AuditIfNotExists, Disabled |2.0.0 |
-|[Require encryption on Data Lake Store accounts](https://github.com/Azure/azure-policy/blob/masterbuilt-in-policies/policyDefinitions/Data%20Lake/DataLakeStoreEncryption_Deny.json) |This policy ensures encryption is enabled on all Data Lake Store accounts |deny |1.0.0 |
+|[Diagnostic logs in Azure Data Lake Store should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Lake/DataLakeStore_AuditDiagnosticLog_Audit.json) |Audit enabling of diagnostic logs. This enables you to recreate activity trails to use for investigation purposes; when a security incident occurs or when your network is compromised |AuditIfNotExists, Disabled |2.0.0 |
+|[Diagnostic logs in Data Lake Analytics should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Lake/DataLakeAnalytics_AuditDiagnosticLog_Audit.json) |Audit enabling of diagnostic logs. This enables you to recreate activity trails to use for investigation purposes; when a security incident occurs or when your network is compromised |AuditIfNotExists, Disabled |2.0.0 |
+|[Require encryption on Data Lake Store accounts](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Lake/DataLakeStoreEncryption_Deny.json) |This policy ensures encryption is enabled on all Data Lake Store accounts |deny |1.0.0 |

includes/azure-policy-samples-policies-data-lake.md

@@ -2,12 +2,12 @@
 author: DCtheGeek
 ms.service: azure-policy
 ms.topic: include
-ms.date: 02/10/2020
+ms.date: 02/12/2020
 ms.author: dacoulte
 ---
 
 |Name |Description |Effect(s) |Version |
 |---|---|---|---|
-|[All authorization rules except RootManageSharedAccessKey should be removed from Event Hub namespace](https://github.com/Azure/azure-policy/blob/masterbuilt-in-policies/policyDefinitions/Event%20Hub/EventHub_AuditNamespaceAccessRules_Audit.json) |Event Hub clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you should create access policies at the entity level for queues and topics to provide access to only the specific entity |Audit, Deny, Disabled |1.0.1 |
-|[Authorization rules on the Event Hub instance should be defined](https://github.com/Azure/azure-policy/blob/masterbuilt-in-policies/policyDefinitions/Event%20Hub/EventHub_AuditEventHubAccessRules_Audit.json) |Audit existence of authorization rules on Event Hub entities to grant least-privileged access |AuditIfNotExists, Disabled |1.0.0 |
-|[Diagnostic logs in Event Hub should be enabled](https://github.com/Azure/azure-policy/blob/masterbuilt-in-policies/policyDefinitions/Event%20Hub/EventHub_AuditDiagnosticLog_Audit.json) |Audit enabling of diagnostic logs. This enables you to recreate activity trails to use for investigation purposes; when a security incident occurs or when your network is compromised |AuditIfNotExists, Disabled |2.0.0 |
+|[All authorization rules except RootManageSharedAccessKey should be removed from Event Hub namespace](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Event%20Hub/EventHub_AuditNamespaceAccessRules_Audit.json) |Event Hub clients should not use a namespace level access policy that provides access to all queues and topics in a namespace. To align with the least privilege security model, you should create access policies at the entity level for queues and topics to provide access to only the specific entity |Audit, Deny, Disabled |1.0.1 |
+|[Authorization rules on the Event Hub instance should be defined](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Event%20Hub/EventHub_AuditEventHubAccessRules_Audit.json) |Audit existence of authorization rules on Event Hub entities to grant least-privileged access |AuditIfNotExists, Disabled |1.0.0 |
+|[Diagnostic logs in Event Hub should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Event%20Hub/EventHub_AuditDiagnosticLog_Audit.json) |Audit enabling of diagnostic logs. This enables you to recreate activity trails to use for investigation purposes; when a security incident occurs or when your network is compromised |AuditIfNotExists, Disabled |2.0.0 |