Skip to content

Commit cddae20

Browse files
v-dirichardsv-dirichards
authored
Merge pull request #270547 from davidsmatlak/ds-policy-samples-20240328-3
[AUTOGEN] Policy: Samples for 2024-03-28 (PR 3 of 3)
2 parents 5d04746 + 672e114 commit cddae20

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

45 files changed

+210
-210
lines changed

includes/policy/reference/byrp/microsoft.healthcareapis.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
author: davidsmatlak
33
ms.service: azure-policy
44
ms.topic: include
5-
ms.date: 03/18/2024
5+
ms.date: 03/28/2024
66
ms.author: davidsmatlak
77
ms.custom: generated
88
---

includes/policy/reference/byrp/microsoft.hybridcompute.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
author: davidsmatlak
33
ms.service: azure-policy
44
ms.topic: include
5-
ms.date: 03/18/2024
5+
ms.date: 03/28/2024
66
ms.author: davidsmatlak
77
ms.custom: generated
88
---

includes/policy/reference/byrp/microsoft.insights.md

Lines changed: 109 additions & 109 deletions
Large diffs are not rendered by default.

includes/policy/reference/byrp/microsoft.iotcentral.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
author: davidsmatlak
33
ms.service: azure-policy
44
ms.topic: include
5-
ms.date: 03/18/2024
5+
ms.date: 03/28/2024
66
ms.author: davidsmatlak
77
ms.custom: generated
88
---

includes/policy/reference/byrp/microsoft.keyvault.data.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
author: davidsmatlak
33
ms.service: azure-policy
44
ms.topic: include
5-
ms.date: 03/18/2024
5+
ms.date: 03/28/2024
66
ms.author: davidsmatlak
77
ms.custom: generated
88
---

includes/policy/reference/byrp/microsoft.keyvault.md

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
author: davidsmatlak
33
ms.service: azure-policy
44
ms.topic: include
5-
ms.date: 03/18/2024
5+
ms.date: 03/28/2024
66
ms.author: davidsmatlak
77
ms.custom: generated
88
---
@@ -34,12 +34,12 @@ ms.custom: generated
3434
|[Deploy - Configure diagnostic settings to an Event Hub to be enabled on Azure Key Vault Managed HSM](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fa6d2c800-5230-4a40-bff3-8268b4987d42) |Deploys the diagnostic settings for Azure Key Vault Managed HSM to stream to a regional Event Hub when any Azure Key Vault Managed HSM which is missing this diagnostic settings is created or updated. |DeployIfNotExists, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/ManagedHsm_DiagnosticLog_DINE.json) |
3535
|[Deploy Diagnostic Settings for Key Vault to Event Hub](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fed7c8c13-51e7-49d1-8a43-8490431a0da2) |Deploys the diagnostic settings for Key Vault to stream to a regional Event Hub when any Key Vault which is missing this diagnostic settings is created or updated. |DeployIfNotExists, Disabled |[3.0.1](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/DiagnosticLog_DINE.json) |
3636
|[Deploy Diagnostic Settings for Key Vault to Log Analytics workspace](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fbef3f64c-5290-43b7-85b0-9b254eef4c47) |Deploys the diagnostic settings for Key Vault to stream to a regional Log Analytics workspace when any Key Vault which is missing this diagnostic settings is created or updated. |DeployIfNotExists, Disabled |[3.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/KeyVault_DeployDiagnosticLog_Deploy_LogAnalytics.json) |
37-
|[Enable logging by category group for Key vaults (microsoft.keyvault/vaults) to Event Hub](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F71153be3-4742-4aae-9aec-150f7589311b) |Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub for Key vaults (microsoft.keyvault/vaults). |DeployIfNotExists, AuditIfNotExists, Disabled |[1.1.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DiagSettings_eventHub_keyvault-vaults_DINE.json) |
38-
|[Enable logging by category group for Key vaults (microsoft.keyvault/vaults) to Log Analytics](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F6b359d8f-f88d-4052-aa7c-32015963ecc1) |Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Key vaults (microsoft.keyvault/vaults). |DeployIfNotExists, AuditIfNotExists, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DiagSettings_logAnalytics_keyvault-vaults_DINE.json) |
39-
|[Enable logging by category group for Key vaults (microsoft.keyvault/vaults) to Storage](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fedf35972-ed56-4c2f-a4a1-65f0471ba702) |Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Storage Account for Key vaults (microsoft.keyvault/vaults). |DeployIfNotExists, AuditIfNotExists, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/AzureMonitor_DiagSettings_storage_keyvault-vaults_DINE.json) |
40-
|[Enable logging by category group for Managed HSMs (microsoft.keyvault/managedhsms) to Event Hub](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F1abe42e1-a726-4dee-94c2-79f364dac9b7) |Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub for Managed HSMs (microsoft.keyvault/managedhsms). |DeployIfNotExists, AuditIfNotExists, Disabled |[1.1.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DiagSettings_eventHub_keyvault-managedhsms_DINE.json) |
41-
|[Enable logging by category group for Managed HSMs (microsoft.keyvault/managedhsms) to Log Analytics](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fb88bfd90-4da5-43eb-936f-ae1481924291) |Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Managed HSMs (microsoft.keyvault/managedhsms). |DeployIfNotExists, AuditIfNotExists, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DiagSettings_logAnalytics_keyvault-managedhsms_DINE.json) |
42-
|[Enable logging by category group for Managed HSMs (microsoft.keyvault/managedhsms) to Storage](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F5a6186f9-04a4-4320-b6ed-a1c3f2ebbc3b) |Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Storage Account for Managed HSMs (microsoft.keyvault/managedhsms). |DeployIfNotExists, AuditIfNotExists, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DiagSettings_storage_keyvault-managedhsms_DINE.json) |
37+
|[Enable logging by category group for Key vaults (microsoft.keyvault/vaults) to Event Hub](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F71153be3-4742-4aae-9aec-150f7589311b) |Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub for Key vaults (microsoft.keyvault/vaults). |DeployIfNotExists, AuditIfNotExists, Disabled |[1.1.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DS_EH_keyvault-vaults_DINE.json) |
38+
|[Enable logging by category group for Key vaults (microsoft.keyvault/vaults) to Log Analytics](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F6b359d8f-f88d-4052-aa7c-32015963ecc1) |Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Key vaults (microsoft.keyvault/vaults). |DeployIfNotExists, AuditIfNotExists, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DS_LA_keyvault-vaults_DINE.json) |
39+
|[Enable logging by category group for Key vaults (microsoft.keyvault/vaults) to Storage](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fedf35972-ed56-4c2f-a4a1-65f0471ba702) |Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Storage Account for Key vaults (microsoft.keyvault/vaults). |DeployIfNotExists, AuditIfNotExists, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DS_ST_keyvault-vaults_DINE.json) |
40+
|[Enable logging by category group for Managed HSMs (microsoft.keyvault/managedhsms) to Event Hub](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F1abe42e1-a726-4dee-94c2-79f364dac9b7) |Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to an Event Hub for Managed HSMs (microsoft.keyvault/managedhsms). |DeployIfNotExists, AuditIfNotExists, Disabled |[1.1.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DS_EH_keyvault-managedhsms_DINE.json) |
41+
|[Enable logging by category group for Managed HSMs (microsoft.keyvault/managedhsms) to Log Analytics](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fb88bfd90-4da5-43eb-936f-ae1481924291) |Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Log Analytics workspace for Managed HSMs (microsoft.keyvault/managedhsms). |DeployIfNotExists, AuditIfNotExists, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DS_LA_keyvault-managedhsms_DINE.json) |
42+
|[Enable logging by category group for Managed HSMs (microsoft.keyvault/managedhsms) to Storage](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F5a6186f9-04a4-4320-b6ed-a1c3f2ebbc3b) |Resource logs should be enabled to track activities and events that take place on your resources and give you visibility and insights into any changes that occur. This policy deploys a diagnostic setting using a category group to route logs to a Storage Account for Managed HSMs (microsoft.keyvault/managedhsms). |DeployIfNotExists, AuditIfNotExists, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DS_ST_keyvault-managedhsms_DINE.json) |
4343
|[Key Vault keys should have an expiration date](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0) |Cryptographic keys should have a defined expiration date and not be permanent. Keys that are valid forever provide a potential attacker with more time to compromise the key. It is a recommended security practice to set expiration dates on cryptographic keys. |Audit, Deny, Disabled |[1.0.2](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/Keys_ExpirationSet.json) |
4444
|[Key Vault secrets should have an expiration date](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2F98728c90-32c7-4049-8429-847dc0f4fe37) |Secrets should have a defined expiration date and not be permanent. Secrets that are valid forever provide a potential attacker with more time to compromise them. It is a recommended security practice to set expiration dates on secrets. |Audit, Deny, Disabled |[1.0.2](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/Secrets_ExpirationSet.json) |
4545
|[Key Vault should use a virtual network service endpoint](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2Fproviders%2FMicrosoft.Authorization%2FpolicyDefinitions%2Fea4d6841-2173-4317-9747-ff522a45120f) |This policy audits any Key Vault not configured to use a virtual network service endpoint. |Audit, Disabled |[1.0.0](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/VirtualNetworkServiceEndpoint_KeyVault_Audit.json) |

includes/policy/reference/byrp/microsoft.kubernetes.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
author: davidsmatlak
33
ms.service: azure-policy
44
ms.topic: include
5-
ms.date: 03/18/2024
5+
ms.date: 03/28/2024
66
ms.author: davidsmatlak
77
ms.custom: generated
88
---

includes/policy/reference/byrp/microsoft.kubernetesconfiguration.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
author: davidsmatlak
33
ms.service: azure-policy
44
ms.topic: include
5-
ms.date: 03/18/2024
5+
ms.date: 03/28/2024
66
ms.author: davidsmatlak
77
ms.custom: generated
88
---

includes/policy/reference/byrp/microsoft.kusto.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
author: davidsmatlak
33
ms.service: azure-policy
44
ms.topic: include
5-
ms.date: 03/18/2024
5+
ms.date: 03/28/2024
66
ms.author: davidsmatlak
77
ms.custom: generated
88
---

includes/policy/reference/byrp/microsoft.labservices.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
author: davidsmatlak
33
ms.service: azure-policy
44
ms.topic: include
5-
ms.date: 03/18/2024
5+
ms.date: 03/28/2024
66
ms.author: davidsmatlak
77
ms.custom: generated
88
---

0 commit comments

Comments
 (0)