From 34b075e17f483990912bd19a3eda9a8f98f3814c Mon Sep 17 00:00:00 2001 From: Zach Trocinski Date: Thu, 13 Feb 2025 12:49:02 -0600 Subject: [PATCH] Add policy/definition version --- .../alzDefaultPolicyAssignments.bicep | 43 +++++++++++++++++++ ...cy_assignment_es_audit_appgw_waf.tmpl.json | 1 + ...t_res_location_match_rg_location.tmpl.json | 1 + ...signment_es_audit_zoneresiliency.tmpl.json | 1 + ...gnment_es_deny_classic-resources.tmpl.json | 1 + ...ignment_es_deny_http_ingress_aks.tmpl.json | 1 + ...ignment_es_deny_hybridnetworking.tmpl.json | 1 + ...assignment_es_deny_ip_forwarding.tmpl.json | 1 + ...ment_es_deny_priv_containers_aks.tmpl.json | 1 + ...ment_es_deny_priv_escalation_aks.tmpl.json | 1 + ...icy_assignment_es_deny_public_ip.tmpl.json | 1 + ...ignment_es_deny_public_ip_on_nic.tmpl.json | 1 + ..._assignment_es_deny_storage_http.tmpl.json | 1 + ...assignment_es_deny_unmanageddisk.tmpl.json | 1 + ...ignment_es_deploy_asc_monitoring.tmpl.json | 1 + ...ignment_es_deploy_azactivity_log.tmpl.json | 1 + ...ment_es_deploy_azsql_db_auditing.tmpl.json | 1 + ...signment_es_deploy_log_analytics.tmpl.json | 1 + ...nment_es_deploy_md_endpoints_ama.tmpl.json | 1 + ...ssignment_es_deploy_mdeendpoints.tmpl.json | 1 + ..._assignment_es_deploy_mdfc_ossdb.tmpl.json | 1 + ...ssignment_es_deploy_mdfc_sql-ama.tmpl.json | 1 + ...assignment_es_deploy_mdfc_sqlatp.tmpl.json | 1 + ...signment_es_deploy_resource_diag.tmpl.json | 2 + ...icy_assignment_es_deploy_sql_tde.tmpl.json | 1 + ..._assignment_es_deploy_sql_threat.tmpl.json | 1 + ...ent_es_deploy_vm_arc_changetrack.tmpl.json | 1 + ...ignment_es_deploy_vm_arc_monitor.tmpl.json | 1 + ...y_assignment_es_deploy_vm_backup.tmpl.json | 1 + ...ignment_es_deploy_vm_changetrack.tmpl.json | 1 + ..._assignment_es_deploy_vm_monitor.tmpl.json | 1 + ...nment_es_deploy_vmss_changetrack.tmpl.json | 1 + ...ssignment_es_deploy_vmss_monitor.tmpl.json | 1 + ...y_assignment_es_enable_ddos_vnet.tmpl.json | 1 + ...gnment_es_enforce_subnet_private.tmpl.json | 1 + ...cy_assignment_es_enforce_tls_ssl.tmpl.json | 2 +- .../policyAssignmentManagementGroup.bicep | 4 ++ 37 files changed, 83 insertions(+), 1 deletion(-) diff --git a/infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.bicep b/infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.bicep index 878ac1a64..b3452c330 100644 --- a/infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.bicep +++ b/infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.bicep @@ -745,6 +745,7 @@ module modPolicyAssignmentIntRootDeployMDEndpoints '../../../policy/assignments/ name: varModuleDeploymentNames.modPolicyAssignmentIntRootDeployMDEnpoints params: { parPolicyAssignmentDefinitionId: varPolicyAssignmentDeployMDEndpoints.definitionId + parPolicyAssignmentDefinitionVersion: varPolicyAssignmentDeployMDEndpoints.libDefinition.properties.definitionVersion parPolicyAssignmentName: varPolicyAssignmentDeployMDEndpoints.libDefinition.name parPolicyAssignmentDisplayName: varPolicyAssignmentDeployMDEndpoints.libDefinition.properties.displayName parPolicyAssignmentDescription: varPolicyAssignmentDeployMDEndpoints.libDefinition.properties.description @@ -764,6 +765,7 @@ module modPolicyAssignmentIntRootDeployMDEndpointsAMA '../../../policy/assignmen name: varModuleDeploymentNames.modPolicyAssignmentIntRootDeployMDEnpointsAma params: { parPolicyAssignmentDefinitionId: varPolicyAssignmentDeployMDEndpointsAma.definitionId + parPolicyAssignmentDefinitionVersion: varPolicyAssignmentDeployMDEndpointsAma.libDefinition.properties.definitionVersion parPolicyAssignmentName: varPolicyAssignmentDeployMDEndpointsAma.libDefinition.name parPolicyAssignmentDisplayName: varPolicyAssignmentDeployMDEndpointsAma.libDefinition.properties.displayName parPolicyAssignmentDescription: varPolicyAssignmentDeployMDEndpointsAma.libDefinition.properties.description @@ -783,6 +785,7 @@ module modPolicyAssignmentIntRootDeployAzActivityLog '../../../policy/assignment name: varModuleDeploymentNames.modPolicyAssignmentIntRootDeployAzActivityLog params: { parPolicyAssignmentDefinitionId: varPolicyAssignmentDeployAzActivityLog.definitionId + parPolicyAssignmentDefinitionVersion: varPolicyAssignmentDeployAzActivityLog.libDefinition.properties.definitionVersion parPolicyAssignmentName: varPolicyAssignmentDeployAzActivityLog.libDefinition.name parPolicyAssignmentDisplayName: varPolicyAssignmentDeployAzActivityLog.libDefinition.properties.displayName parPolicyAssignmentDescription: varPolicyAssignmentDeployAzActivityLog.libDefinition.properties.description @@ -824,6 +827,7 @@ module modPolicyAssignmentIntRootDeployResourceDiag '../../../policy/assignments name: varModuleDeploymentNames.modPolicyAssignmentIntRootDeployResourceDiag params: { parPolicyAssignmentDefinitionId: parLogAnalyticsWorkspaceResourceCategory =~ 'allLogs' ? varPolicyAssignmentDeployResourceDiag.definitionId : varPolicyAssignmentDeployResourceDiag.conditionalDefinitionId + parPolicyAssignmentDefinitionVersion: parLogAnalyticsWorkspaceResourceCategory =~ 'allLogs' ? varPolicyAssignmentDeployResourceDiag.libDefinition.properties.definitionVersion : varPolicyAssignmentDeployResourceDiag.libDefinition.properties.conditionalDefinitionVersion parPolicyAssignmentName: varPolicyAssignmentDeployResourceDiag.libDefinition.name parPolicyAssignmentDisplayName: varPolicyAssignmentDeployResourceDiag.libDefinition.properties.displayName parPolicyAssignmentDescription: varPolicyAssignmentDeployResourceDiag.libDefinition.properties.description @@ -868,6 +872,7 @@ module modPolicyAssignmentIntRootDeployMdfcOssDb '../../../policy/assignments/po name: varModuleDeploymentNames.modPolicyAssignmentIntRootDeployMdfcOssDb params: { parPolicyAssignmentDefinitionId: varPolicyAssignmentDeployMDFCOssDb.definitionId + parPolicyAssignmentDefinitionVersion: varPolicyAssignmentDeployMDFCOssDb.libDefinition.properties.definitionVersion parPolicyAssignmentName: varPolicyAssignmentDeployMDFCOssDb.libDefinition.name parPolicyAssignmentDisplayName: varPolicyAssignmentDeployMDFCOssDb.libDefinition.properties.displayName parPolicyAssignmentDescription: varPolicyAssignmentDeployMDFCOssDb.libDefinition.properties.description @@ -887,6 +892,7 @@ module modPolicyAssignmentIntRootDeployMdfcSqlAtp '../../../policy/assignments/p name: varModuleDeploymentNames.modPolicyAssignmentIntRootDeployMdfcSqlAtp params: { parPolicyAssignmentDefinitionId: varPolicyAssignmentDeployMDFCSqlAtp.definitionId + parPolicyAssignmentDefinitionVersion: varPolicyAssignmentDeployMDFCSqlAtp.libDefinition.properties.definitionVersion parPolicyAssignmentName: varPolicyAssignmentDeployMDFCSqlAtp.libDefinition.name parPolicyAssignmentDisplayName: varPolicyAssignmentDeployMDFCSqlAtp.libDefinition.properties.displayName parPolicyAssignmentDescription: varPolicyAssignmentDeployMDFCSqlAtp.libDefinition.properties.description @@ -906,6 +912,7 @@ module modPolicyAssignmentIntRootAuditLocationMatch '../../../policy/assignments name: varModuleDeploymentNames.modPolicyAssignmentIntRootAuditLocationMatch params: { parPolicyAssignmentDefinitionId: varPolicyAssignmentAuditLocationMatch.definitionId + parPolicyAssignmentDefinitionVersion: varPolicyAssignmentAuditLocationMatch.libDefinition.properties.definitionVersion parPolicyAssignmentName: varPolicyAssignmentAuditLocationMatch.libDefinition.name parPolicyAssignmentDisplayName: varPolicyAssignmentAuditLocationMatch.libDefinition.properties.displayName parPolicyAssignmentDescription: varPolicyAssignmentAuditLocationMatch.libDefinition.properties.description @@ -922,6 +929,7 @@ module modPolicyAssignmentIntRootAuditZoneResiliency '../../../policy/assignment name: varModuleDeploymentNames.modPolicyAssignmentIntRootAuditZoneResiliency params: { parPolicyAssignmentDefinitionId: varPolicyAssignmentAuditZoneResiliency.definitionId + parPolicyAssignmentDefinitionVersion: varPolicyAssignmentAuditZoneResiliency.libDefinition.properties.definitionVersion parPolicyAssignmentName: varPolicyAssignmentAuditZoneResiliency.libDefinition.name parPolicyAssignmentDisplayName: varPolicyAssignmentAuditZoneResiliency.libDefinition.properties.displayName parPolicyAssignmentDescription: varPolicyAssignmentAuditZoneResiliency.libDefinition.properties.description @@ -970,6 +978,7 @@ module modPolicyAssignmentIntRootDenyUnmanagedDisks '../../../policy/assignments name: varModuleDeploymentNames.modPolicyAssignmentIntRootDenyUnmanagedDisks params: { parPolicyAssignmentDefinitionId: varPolicyAssignmentDenyUnmanagedDisk.definitionId + parPolicyAssignmentDefinitionVersion: varPolicyAssignmentDenyUnmanagedDisk.libDefinition.properties.definitionVersion parPolicyAssignmentName: varPolicyAssignmentDenyUnmanagedDisk.libDefinition.name parPolicyAssignmentDisplayName: varPolicyAssignmentDenyUnmanagedDisk.libDefinition.properties.displayName parPolicyAssignmentDescription: varPolicyAssignmentDenyUnmanagedDisk.libDefinition.properties.description @@ -987,6 +996,7 @@ module modPolicyAssignmentIntRootDenyClassicRes '../../../policy/assignments/pol name: varModuleDeploymentNames.modPolicyAssignmentIntRootDenyClassicRes params: { parPolicyAssignmentDefinitionId: varPolicyAssignmentDenyClassicResources.definitionId + parPolicyAssignmentDefinitionVersion: varPolicyAssignmentDenyClassicResources.libDefinition.properties.definitionVersion parPolicyAssignmentName: varPolicyAssignmentDenyClassicResources.libDefinition.name parPolicyAssignmentDisplayName: varPolicyAssignmentDenyClassicResources.libDefinition.properties.displayName parPolicyAssignmentDescription: varPolicyAssignmentDenyClassicResources.libDefinition.properties.description @@ -1004,6 +1014,7 @@ module modPolicyAssignmentPlatformDeployVmArcChangeTrack '../../../policy/assign name: varModuleDeploymentNames.modPolicyAssignmentPlatformDeployVmArcTrack params: { parPolicyAssignmentDefinitionId: varPolicyAssignmentDeployVmArcChangeTrack.definitionId + parPolicyAssignmentDefinitionVersion: varPolicyAssignmentDeployVmArcChangeTrack.libDefinition.properties.definitionVersion parPolicyAssignmentName: varPolicyAssignmentDeployVmArcChangeTrack.libDefinition.name parPolicyAssignmentDisplayName: varPolicyAssignmentDeployVmArcChangeTrack.libDefinition.properties.displayName parPolicyAssignmentDescription: varPolicyAssignmentDeployVmArcChangeTrack.libDefinition.properties.description @@ -1030,6 +1041,7 @@ module modPolicyAssignmentPlatformDeployVmChangeTrack '../../../policy/assignmen name: varModuleDeploymentNames.modPolicyAssignmentPlatformDeployVmChangeTrack params: { parPolicyAssignmentDefinitionId: varPolicyAssignmentDeployVmChangeTrack.definitionId + parPolicyAssignmentDefinitionVersion: varPolicyAssignmentDeployVmChangeTrack.libDefinition.properties.definitionVersion parPolicyAssignmentName: varPolicyAssignmentDeployVmChangeTrack.libDefinition.name parPolicyAssignmentDisplayName: varPolicyAssignmentDeployVmChangeTrack.libDefinition.properties.displayName parPolicyAssignmentDescription: varPolicyAssignmentDeployVmChangeTrack.libDefinition.properties.description @@ -1061,6 +1073,7 @@ module modPolicyAssignmentPlatformDeployVmssChangeTrack '../../../policy/assignm name: varModuleDeploymentNames.modPolicyAssignmentPlatformDeployVmssChangeTrack params: { parPolicyAssignmentDefinitionId: varPolicyAssignmentDeployVmssChangeTrack.definitionId + parPolicyAssignmentDefinitionVersion: varPolicyAssignmentDeployVmssChangeTrack.libDefinition.properties.definitionVersion parPolicyAssignmentName: varPolicyAssignmentDeployVmssChangeTrack.libDefinition.name parPolicyAssignmentDisplayName: varPolicyAssignmentDeployVmssChangeTrack.libDefinition.properties.displayName parPolicyAssignmentDescription: varPolicyAssignmentDeployVmssChangeTrack.libDefinition.properties.description @@ -1092,6 +1105,7 @@ module modPolicyAssignmentPlatformDeployVmArcMonitor '../../../policy/assignment name: varModuleDeploymentNames.modPolicyAssignmentPlatformDeployVmArcMonitor params: { parPolicyAssignmentDefinitionId: varPolicyAssignmentDeployvmHybrMonitoring.definitionId + parPolicyAssignmentDefinitionVersion: varPolicyAssignmentDeployvmHybrMonitoring.libDefinition.properties.definitionVersion parPolicyAssignmentName: varPolicyAssignmentDeployvmHybrMonitoring.libDefinition.name parPolicyAssignmentDisplayName: varPolicyAssignmentDeployvmHybrMonitoring.libDefinition.properties.displayName parPolicyAssignmentDescription: varPolicyAssignmentDeployvmHybrMonitoring.libDefinition.properties.description @@ -1119,6 +1133,7 @@ module modPolicyAssignmentPlatformDeployVmMonitor '../../../policy/assignments/p name: varModuleDeploymentNames.modPolicyAssignmentPlatformDeployVmMonitor params: { parPolicyAssignmentDefinitionId: varPolicyAssignmentDeployVMMonitor24.definitionId + parPolicyAssignmentDefinitionVersion: varPolicyAssignmentDeployVMMonitor24.libDefinition.properties.definitionVersion parPolicyAssignmentName: varPolicyAssignmentDeployVMMonitor24.libDefinition.name parPolicyAssignmentDisplayName: varPolicyAssignmentDeployVMMonitor24.libDefinition.properties.displayName parPolicyAssignmentDescription: varPolicyAssignmentDeployVMMonitor24.libDefinition.properties.description @@ -1150,6 +1165,7 @@ module modPolicyAssignmentPlatformDeployMdfcDefSqlAma '../../../policy/assignmen name: varModuleDeploymentNames.modPolicyAssignmentPlatformDeployMdfcDefSqlAma params: { parPolicyAssignmentDefinitionId: varPolicyAssignmentDeployMdfcDefSqlAma.definitionId + parPolicyAssignmentDefinitionVersion: varPolicyAssignmentDeployMdfcDefSqlAma.libDefinition.properties.definitionVersion parPolicyAssignmentName: varPolicyAssignmentDeployMdfcDefSqlAma.libDefinition.name parPolicyAssignmentDisplayName: varPolicyAssignmentDeployMdfcDefSqlAma.libDefinition.properties.displayName parPolicyAssignmentDescription: varPolicyAssignmentDeployMdfcDefSqlAma.libDefinition.properties.description @@ -1204,6 +1220,7 @@ module modPolicyAssignmentPlatformDeployVmssMonitor '../../../policy/assignments name: varModuleDeploymentNames.modPolicyAssignmentPlatformDeployVmssMonitor params: { parPolicyAssignmentDefinitionId: varPolicyAssignmentDeployVMSSMonitor24.definitionId + parPolicyAssignmentDefinitionVersion: varPolicyAssignmentDeployVMSSMonitor24.libDefinition.properties.definitionVersion parPolicyAssignmentName: varPolicyAssignmentDeployVMSSMonitor24.libDefinition.name parPolicyAssignmentDisplayName: varPolicyAssignmentDeployVMSSMonitor24.libDefinition.properties.displayName parPolicyAssignmentDescription: varPolicyAssignmentDeployVMSSMonitor24.libDefinition.properties.description @@ -1234,6 +1251,7 @@ module modPolicyAssignmentPlatformEnforceSubnetPrivate '../../../policy/assignme name: varModuleDeploymentNames.modPolicyAssignmentPlatformEnforceSubnetPrivate params: { parPolicyAssignmentDefinitionId: varPolicyAssignmentEnforceSubnetPrivate.definitionId + parPolicyAssignmentDefinitionVersion: varPolicyAssignmentEnforceSubnetPrivate.libDefinition.properties.definitionVersion parPolicyAssignmentName: varPolicyAssignmentEnforceSubnetPrivate.libDefinition.name parPolicyAssignmentDisplayName: varPolicyAssignmentEnforceSubnetPrivate.libDefinition.properties.displayName parPolicyAssignmentDescription: varPolicyAssignmentEnforceSubnetPrivate.libDefinition.properties.description @@ -1307,6 +1325,7 @@ module modPolicyAssignmentConnEnableDdosVnet '../../../policy/assignments/policy name: varModuleDeploymentNames.modPolicyAssignmentConnEnableDdosVnet params: { parPolicyAssignmentDefinitionId: varPolicyAssignmentEnableDDoSVNET.definitionId + parPolicyAssignmentDefinitionVersion: varPolicyAssignmentEnableDDoSVNET.libDefinition.properties.definitionVersion parPolicyAssignmentName: varPolicyAssignmentEnableDDoSVNET.libDefinition.name parPolicyAssignmentDisplayName: varPolicyAssignmentEnableDDoSVNET.libDefinition.properties.displayName parPolicyAssignmentDescription: varPolicyAssignmentEnableDDoSVNET.libDefinition.properties.description @@ -1332,6 +1351,7 @@ module modPolicyAssignmentIdentDenyPublicIp '../../../policy/assignments/policyA name: varModuleDeploymentNames.modPolicyAssignmentIdentDenyPublicIp params: { parPolicyAssignmentDefinitionId: varPolicyAssignmentDenyPublicIP.definitionId + parPolicyAssignmentDefinitionVersion: varPolicyAssignmentDenyPublicIP.libDefinition.properties.definitionVersion parPolicyAssignmentName: varPolicyAssignmentDenyPublicIP.libDefinition.name parPolicyAssignmentDisplayName: varPolicyAssignmentDenyPublicIP.libDefinition.properties.displayName parPolicyAssignmentDescription: varPolicyAssignmentDenyPublicIP.libDefinition.properties.description @@ -1380,6 +1400,7 @@ module modPolicyAssignmentIdentDeployVmBackup '../../../policy/assignments/polic name: varModuleDeploymentNames.modPolicyAssignmentIdentDeployVmBackup params: { parPolicyAssignmentDefinitionId: varPolicyAssignmentDeployVMBackup.definitionId + parPolicyAssignmentDefinitionVersion: varPolicyAssignmentDeployVMBackup.libDefinition.properties.definitionVersion parPolicyAssignmentName: varPolicyAssignmentDeployVMBackup.libDefinition.name parPolicyAssignmentDisplayName: varPolicyAssignmentDeployVMBackup.libDefinition.properties.displayName parPolicyAssignmentDescription: varPolicyAssignmentDeployVMBackup.libDefinition.properties.description @@ -1409,6 +1430,7 @@ module modPolicyAssignmentMgmtDeployLogAnalytics '../../../policy/assignments/po name: varModuleDeploymentNames.modPolicyAssignmentMgmtDeployLogAnalytics params: { parPolicyAssignmentDefinitionId: varPolicyAssignmentDeployLogAnalytics.definitionId + parPolicyAssignmentDefinitionVersion: varPolicyAssignmentDeployLogAnalytics.libDefinition.properties.definitionVersion parPolicyAssignmentName: varPolicyAssignmentDeployLogAnalytics.libDefinition.name parPolicyAssignmentDisplayName: varPolicyAssignmentDeployLogAnalytics.libDefinition.properties.displayName parPolicyAssignmentDescription: varPolicyAssignmentDeployLogAnalytics.libDefinition.properties.description @@ -1449,6 +1471,7 @@ module modPolicyAssignmentLzsDenyIpForwarding '../../../policy/assignments/polic name: varModuleDeploymentNames.modPolicyAssignmentLzsDenyIpForwarding params: { parPolicyAssignmentDefinitionId: varPolicyAssignmentDenyIPForwarding.definitionId + parPolicyAssignmentDefinitionVersion: varPolicyAssignmentDenyIPForwarding.libDefinition.properties.definitionVersion parPolicyAssignmentName: varPolicyAssignmentDenyIPForwarding.libDefinition.name parPolicyAssignmentDisplayName: varPolicyAssignmentDenyIPForwarding.libDefinition.properties.displayName parPolicyAssignmentDescription: varPolicyAssignmentDenyIPForwarding.libDefinition.properties.description @@ -1497,6 +1520,7 @@ module modPolicyAssignmentLzsDeployVmBackup '../../../policy/assignments/policyA name: varModuleDeploymentNames.modPolicyAssignmentLzsDeployVmBackup params: { parPolicyAssignmentDefinitionId: varPolicyAssignmentDeployVMBackup.definitionId + parPolicyAssignmentDefinitionVersion: varPolicyAssignmentDeployVMBackup.libDefinition.properties.definitionVersion parPolicyAssignmentName: varPolicyAssignmentDeployVMBackup.libDefinition.name parPolicyAssignmentDisplayName: varPolicyAssignmentDeployVMBackup.libDefinition.properties.displayName parPolicyAssignmentDescription: varPolicyAssignmentDeployVMBackup.libDefinition.properties.description @@ -1524,6 +1548,7 @@ module modPolicyAssignmentLzsEnableDdosVnet '../../../policy/assignments/policyA name: varModuleDeploymentNames.modPolicyAssignmentLzsEnableDdosVnet params: { parPolicyAssignmentDefinitionId: varPolicyAssignmentEnableDDoSVNET.definitionId + parPolicyAssignmentDefinitionVersion: varPolicyAssignmentEnableDDoSVNET.libDefinition.properties.definitionVersion parPolicyAssignmentName: varPolicyAssignmentEnableDDoSVNET.libDefinition.name parPolicyAssignmentDisplayName: varPolicyAssignmentEnableDDoSVNET.libDefinition.properties.displayName parPolicyAssignmentDescription: varPolicyAssignmentEnableDDoSVNET.libDefinition.properties.description @@ -1548,6 +1573,7 @@ module modPolicyAssignmentLzsDenyStorageHttp '../../../policy/assignments/policy name: varModuleDeploymentNames.modPolicyAssignmentLzsDenyStorageHttp params: { parPolicyAssignmentDefinitionId: varPolicyAssignmentDenyStoragehttp.definitionId + parPolicyAssignmentDefinitionVersion: varPolicyAssignmentDenyStoragehttp.libDefinition.properties.definitionVersion parPolicyAssignmentName: varPolicyAssignmentDenyStoragehttp.libDefinition.name parPolicyAssignmentDisplayName: varPolicyAssignmentDenyStoragehttp.libDefinition.properties.displayName parPolicyAssignmentDescription: varPolicyAssignmentDenyStoragehttp.libDefinition.properties.description @@ -1564,6 +1590,7 @@ module modPolicyAssignmentLzsDenyPrivEscalationAks '../../../policy/assignments/ name: varModuleDeploymentNames.modPolicyAssignmentLzsDenyPrivEscalationAks params: { parPolicyAssignmentDefinitionId: varPolicyAssignmentDenyPrivEscalationAKS.definitionId + parPolicyAssignmentDefinitionVersion: varPolicyAssignmentDenyPrivEscalationAKS.libDefinition.properties.definitionVersion parPolicyAssignmentName: varPolicyAssignmentDenyPrivEscalationAKS.libDefinition.name parPolicyAssignmentDisplayName: varPolicyAssignmentDenyPrivEscalationAKS.libDefinition.properties.displayName parPolicyAssignmentDescription: varPolicyAssignmentDenyPrivEscalationAKS.libDefinition.properties.description @@ -1580,6 +1607,7 @@ module modPolicyAssignmentLzsDenyPrivContainersAks '../../../policy/assignments/ name: varModuleDeploymentNames.modPolicyAssignmentLzsDenyPrivContainersAks params: { parPolicyAssignmentDefinitionId: varPolicyAssignmentDenyPrivContainersAKS.definitionId + parPolicyAssignmentDefinitionVersion: varPolicyAssignmentDenyPrivContainersAKS.libDefinition.properties.definitionVersion parPolicyAssignmentName: varPolicyAssignmentDenyPrivContainersAKS.libDefinition.name parPolicyAssignmentDisplayName: varPolicyAssignmentDenyPrivContainersAKS.libDefinition.properties.displayName parPolicyAssignmentDescription: varPolicyAssignmentDenyPrivContainersAKS.libDefinition.properties.description @@ -1596,6 +1624,7 @@ module modPolicyAssignmentLzsEnforceAksHttps '../../../policy/assignments/policy name: varModuleDeploymentNames.modPolicyAssignmentLzsEnforceAksHttps params: { parPolicyAssignmentDefinitionId: varPolicyAssignmentEnforceAKSHTTPS.definitionId + parPolicyAssignmentDefinitionVersion: varPolicyAssignmentEnforceAKSHTTPS.libDefinition.properties.definitionVersion parPolicyAssignmentName: varPolicyAssignmentEnforceAKSHTTPS.libDefinition.name parPolicyAssignmentDisplayName: varPolicyAssignmentEnforceAKSHTTPS.libDefinition.properties.displayName parPolicyAssignmentDescription: varPolicyAssignmentEnforceAKSHTTPS.libDefinition.properties.description @@ -1628,6 +1657,7 @@ module modPolicyAssignmentLzsDeployAzSqlDbAuditing '../../../policy/assignments/ name: varModuleDeploymentNames.modPolicyAssignmentLzsDeployAzSqlDbAuditing params: { parPolicyAssignmentDefinitionId: varPolicyAssignmentDeployAzSqlDbAuditing.definitionId + parPolicyAssignmentDefinitionVersion: varPolicyAssignmentDeployAzSqlDbAuditing.libDefinition.properties.definitionVersion parPolicyAssignmentName: varPolicyAssignmentDeployAzSqlDbAuditing.libDefinition.name parPolicyAssignmentDisplayName: varPolicyAssignmentDeployAzSqlDbAuditing.libDefinition.properties.displayName parPolicyAssignmentDescription: varPolicyAssignmentDeployAzSqlDbAuditing.libDefinition.properties.description @@ -1656,6 +1686,7 @@ module modPolicyAssignmentLzsDeploySqlThreat '../../../policy/assignments/policy name: varModuleDeploymentNames.modPolicyAssignmentLzsDeploySqlThreat params: { parPolicyAssignmentDefinitionId: varPolicyAssignmentDeploySQLThreat.definitionId + parPolicyAssignmentDefinitionVersion: varPolicyAssignmentDeploySQLThreat.libDefinition.properties.definitionVersion parPolicyAssignmentName: varPolicyAssignmentDeploySQLThreat.libDefinition.name parPolicyAssignmentDisplayName: varPolicyAssignmentDeploySQLThreat.libDefinition.properties.displayName parPolicyAssignmentDescription: varPolicyAssignmentDeploySQLThreat.libDefinition.properties.description @@ -1675,6 +1706,7 @@ module modPolicyAssignmentLzsDeploySqlTde '../../../policy/assignments/policyAss name: varModuleDeploymentNames.modPolicyAssignmentLzsDeploySqlTde params: { parPolicyAssignmentDefinitionId: varPolicyAssignmentDeploySQLTDE.definitionId + parPolicyAssignmentDefinitionVersion: varPolicyAssignmentDeploySQLTDE.libDefinition.properties.definitionVersion parPolicyAssignmentName: varPolicyAssignmentDeploySQLTDE.libDefinition.name parPolicyAssignmentDisplayName: varPolicyAssignmentDeploySQLTDE.libDefinition.properties.displayName parPolicyAssignmentDescription: varPolicyAssignmentDeploySQLTDE.libDefinition.properties.description @@ -1694,6 +1726,7 @@ module modPolicyAssignmentLzsDeployVmArcTrack '../../../policy/assignments/polic name: varModuleDeploymentNames.modPolicyAssignmentLzsDeployVmArcTrack params: { parPolicyAssignmentDefinitionId: varPolicyAssignmentDeployVmArcChangeTrack.definitionId + parPolicyAssignmentDefinitionVersion: varPolicyAssignmentDeployVmArcChangeTrack.libDefinition.properties.definitionVersion parPolicyAssignmentName: varPolicyAssignmentDeployVmArcChangeTrack.libDefinition.name parPolicyAssignmentDisplayName: varPolicyAssignmentDeployVmArcChangeTrack.libDefinition.properties.displayName parPolicyAssignmentDescription: varPolicyAssignmentDeployVmArcChangeTrack.libDefinition.properties.description @@ -1723,6 +1756,7 @@ module modPolicyAssignmentLzsDeployVmChangeTrack '../../../policy/assignments/po name: varModuleDeploymentNames.modPolicyAssignmentLzsDeployVmChangeTrack params: { parPolicyAssignmentDefinitionId: varPolicyAssignmentDeployVmChangeTrack.definitionId + parPolicyAssignmentDefinitionVersion: varPolicyAssignmentDeployVmChangeTrack.libDefinition.properties.definitionVersion parPolicyAssignmentName: varPolicyAssignmentDeployVmChangeTrack.libDefinition.name parPolicyAssignmentDisplayName: varPolicyAssignmentDeployVmChangeTrack.libDefinition.properties.displayName parPolicyAssignmentDescription: varPolicyAssignmentDeployVmChangeTrack.libDefinition.properties.description @@ -1757,6 +1791,7 @@ module modPolicyAssignmentLzsDeployVmssChangeTrack '../../../policy/assignments/ name: varModuleDeploymentNames.modPolicyAssignmentLzsDeployVmssChangeTrack params: { parPolicyAssignmentDefinitionId: varPolicyAssignmentDeployVmssChangeTrack.definitionId + parPolicyAssignmentDefinitionVersion: varPolicyAssignmentDeployVmssChangeTrack.libDefinition.properties.definitionVersion parPolicyAssignmentName: varPolicyAssignmentDeployVmssChangeTrack.libDefinition.name parPolicyAssignmentDisplayName: varPolicyAssignmentDeployVmssChangeTrack.libDefinition.properties.displayName parPolicyAssignmentDescription: varPolicyAssignmentDeployVmssChangeTrack.libDefinition.properties.description @@ -1791,6 +1826,7 @@ module modPolicyAssignmentLzsDeployVmArcMonitor '../../../policy/assignments/pol name: varModuleDeploymentNames.modPolicyAssignmentLzsDeployVmArcMonitor params: { parPolicyAssignmentDefinitionId: varPolicyAssignmentDeployvmHybrMonitoring.definitionId + parPolicyAssignmentDefinitionVersion: varPolicyAssignmentDeployvmHybrMonitoring.libDefinition.properties.definitionVersion parPolicyAssignmentName: varPolicyAssignmentDeployvmHybrMonitoring.libDefinition.name parPolicyAssignmentDisplayName: varPolicyAssignmentDeployvmHybrMonitoring.libDefinition.properties.displayName parPolicyAssignmentDescription: varPolicyAssignmentDeployvmHybrMonitoring.libDefinition.properties.description @@ -1821,6 +1857,7 @@ module modPolicyAssignmentLzsDeployVmMonitor '../../../policy/assignments/policy name: varModuleDeploymentNames.modPolicyAssignmentLzsDeployVmMonitor params: { parPolicyAssignmentDefinitionId: varPolicyAssignmentDeployVMMonitor24.definitionId + parPolicyAssignmentDefinitionVersion: varPolicyAssignmentDeployVMMonitor24.libDefinition.properties.definitionVersion parPolicyAssignmentName: varPolicyAssignmentDeployVMMonitor24.libDefinition.name parPolicyAssignmentDisplayName: varPolicyAssignmentDeployVMMonitor24.libDefinition.properties.displayName parPolicyAssignmentDescription: varPolicyAssignmentDeployVMMonitor24.libDefinition.properties.description @@ -1855,6 +1892,7 @@ module modPolicyAssignmentLzsDeployVmssMonitor '../../../policy/assignments/poli name: varModuleDeploymentNames.modPolicyAssignmentLzsDeployVmssMonitor params: { parPolicyAssignmentDefinitionId: varPolicyAssignmentDeployVMSSMonitor24.definitionId + parPolicyAssignmentDefinitionVersion: varPolicyAssignmentDeployVMSSMonitor24.libDefinition.properties.definitionVersion parPolicyAssignmentName: varPolicyAssignmentDeployVMSSMonitor24.libDefinition.name parPolicyAssignmentDisplayName: varPolicyAssignmentDeployVMSSMonitor24.libDefinition.properties.displayName parPolicyAssignmentDescription: varPolicyAssignmentDeployVMSSMonitor24.libDefinition.properties.description @@ -1889,6 +1927,7 @@ module modPolicyAssignmentLzsmDeployMdfcDefSqlAma '../../../policy/assignments/p name: varModuleDeploymentNames.modPolicyAssignmentLzsDeployMdfcDefSqlAma params: { parPolicyAssignmentDefinitionId: varPolicyAssignmentDeployMdfcDefSqlAma.definitionId + parPolicyAssignmentDefinitionVersion: varPolicyAssignmentDeployMdfcDefSqlAma.libDefinition.properties.definitionVersion parPolicyAssignmentName: varPolicyAssignmentDeployMdfcDefSqlAma.libDefinition.name parPolicyAssignmentDisplayName: varPolicyAssignmentDeployMdfcDefSqlAma.libDefinition.properties.displayName parPolicyAssignmentDescription: varPolicyAssignmentDeployMdfcDefSqlAma.libDefinition.properties.description @@ -1923,6 +1962,7 @@ module modPolicyAssignmentLzsEnforceSubnetPrivate '../../../policy/assignments/p name: varModuleDeploymentNames.modPolicyAssignmentLzsEnforceSubnetPrivate params: { parPolicyAssignmentDefinitionId: varPolicyAssignmentEnforceSubnetPrivate.definitionId + parPolicyAssignmentDefinitionVersion: varPolicyAssignmentEnforceSubnetPrivate.libDefinition.properties.definitionVersion parPolicyAssignmentName: varPolicyAssignmentEnforceSubnetPrivate.libDefinition.name parPolicyAssignmentDisplayName: varPolicyAssignmentEnforceSubnetPrivate.libDefinition.properties.displayName parPolicyAssignmentDescription: varPolicyAssignmentEnforceSubnetPrivate.libDefinition.properties.description @@ -1995,6 +2035,7 @@ module modPolicyAssignmentLzsAuditAppGwWaf '../../../policy/assignments/policyAs name: varModuleDeploymentNames.modPolicyAssignmentLzsAuditAppGwWaf params: { parPolicyAssignmentDefinitionId: varPolicyAssignmentAuditAppGWWAF.definitionId + parPolicyAssignmentDefinitionVersion: varPolicyAssignmentAuditAppGWWAF.libDefinition.properties.definitionVersion parPolicyAssignmentName: varPolicyAssignmentAuditAppGWWAF.libDefinition.name parPolicyAssignmentDisplayName: varPolicyAssignmentAuditAppGWWAF.libDefinition.properties.displayName parPolicyAssignmentDescription: varPolicyAssignmentAuditAppGWWAF.libDefinition.properties.description @@ -2253,6 +2294,7 @@ module modPolicyAssignmentLzsCorpDenyPipOnNic '../../../policy/assignments/polic name: contains(mgScope, 'confidential') ? varModuleDeploymentNames.modPolicyAssignmentLzsConfidentialCorpDenyPipOnNic : varModuleDeploymentNames.modPolicyAssignmentLzsCorpDenyPipOnNic params: { parPolicyAssignmentDefinitionId: varPolicyAssignmentDenyPublicIPOnNIC.definitionId + parPolicyAssignmentDefinitionVersion: varPolicyAssignmentDenyPublicIPOnNIC.libDefinition.properties.definitionVersion parPolicyAssignmentName: varPolicyAssignmentDenyPublicIPOnNIC.libDefinition.name parPolicyAssignmentDisplayName: varPolicyAssignmentDenyPublicIPOnNIC.libDefinition.properties.displayName parPolicyAssignmentDescription: varPolicyAssignmentDenyPublicIPOnNIC.libDefinition.properties.description @@ -2269,6 +2311,7 @@ module modPolicyAssignmentLzsCorpDenyHybridNet '../../../policy/assignments/poli name: contains(mgScope, 'confidential') ? varModuleDeploymentNames.modPolicyAssignmentLzsConfidentialCorpDenyHybridNet : varModuleDeploymentNames.modPolicyAssignmentLzsCorpDenyHybridNet params: { parPolicyAssignmentDefinitionId: varPolicyAssignmentDenyHybridNetworking.definitionId + parPolicyAssignmentDefinitionVersion: varPolicyAssignmentDenyHybridNetworking.libDefinition.properties.definitionVersion parPolicyAssignmentName: varPolicyAssignmentDenyHybridNetworking.libDefinition.name parPolicyAssignmentDisplayName: varPolicyAssignmentDenyHybridNetworking.libDefinition.properties.displayName parPolicyAssignmentDescription: varPolicyAssignmentDenyHybridNetworking.libDefinition.properties.description diff --git a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_audit_appgw_waf.tmpl.json b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_audit_appgw_waf.tmpl.json index e86da45c8..fd7d21d92 100644 --- a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_audit_appgw_waf.tmpl.json +++ b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_audit_appgw_waf.tmpl.json @@ -12,6 +12,7 @@ } }, "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66", + "definitionVersion": "2.*.*", "scope": null, "enforcementMode": "Default" }, diff --git a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_audit_res_location_match_rg_location.tmpl.json b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_audit_res_location_match_rg_location.tmpl.json index 0db5b7a6f..7de8f8a03 100644 --- a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_audit_res_location_match_rg_location.tmpl.json +++ b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_audit_res_location_match_rg_location.tmpl.json @@ -8,6 +8,7 @@ "notScopes": [], "parameters": {}, "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0a914e76-4921-4c19-b460-a2d36003525a", + "definitionVersion": "2.*.*", "scope": null, "enforcementMode": "Default" }, diff --git a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_audit_zoneresiliency.tmpl.json b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_audit_zoneresiliency.tmpl.json index 75a93c8c9..e53c41e1f 100644 --- a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_audit_zoneresiliency.tmpl.json +++ b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_audit_zoneresiliency.tmpl.json @@ -15,6 +15,7 @@ } }, "policyDefinitionId": "/providers/Microsoft.Authorization/policySetDefinitions/130fb88f-0fc9-4678-bfe1-31022d71c7d5", + "definitionVersion": "1.*.*-preview", "scope": null, "enforcementMode": "Default" }, diff --git a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deny_classic-resources.tmpl.json b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deny_classic-resources.tmpl.json index 384fa2ab4..069db713f 100644 --- a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deny_classic-resources.tmpl.json +++ b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deny_classic-resources.tmpl.json @@ -73,6 +73,7 @@ } }, "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749", + "definitionVersion": "2.*.*", "scope": null, "enforcementMode": "Default" }, diff --git a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deny_http_ingress_aks.tmpl.json b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deny_http_ingress_aks.tmpl.json index 85e3d44a3..d9c3f5997 100644 --- a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deny_http_ingress_aks.tmpl.json +++ b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deny_http_ingress_aks.tmpl.json @@ -12,6 +12,7 @@ } }, "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d", + "definitionVersion": "8.*.*", "scope": null, "enforcementMode": "Default" }, diff --git a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deny_hybridnetworking.tmpl.json b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deny_hybridnetworking.tmpl.json index c572d0c9f..f684e18b2 100644 --- a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deny_hybridnetworking.tmpl.json +++ b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deny_hybridnetworking.tmpl.json @@ -24,6 +24,7 @@ } }, "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749", + "definitionVersion": "2.*.*", "scope": null, "enforcementMode": "Default" }, diff --git a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deny_ip_forwarding.tmpl.json b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deny_ip_forwarding.tmpl.json index 12d17c23f..346117745 100644 --- a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deny_ip_forwarding.tmpl.json +++ b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deny_ip_forwarding.tmpl.json @@ -8,6 +8,7 @@ "notScopes": [], "parameters": {}, "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900", + "definitionVersion": "1.*.*", "scope": null, "enforcementMode": "Default" }, diff --git a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deny_priv_containers_aks.tmpl.json b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deny_priv_containers_aks.tmpl.json index 08d13ce2d..ce14ec35d 100644 --- a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deny_priv_containers_aks.tmpl.json +++ b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deny_priv_containers_aks.tmpl.json @@ -12,6 +12,7 @@ } }, "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/95edb821-ddaf-4404-9732-666045e056b4", + "definitionVersion": "9.*.*", "scope": null, "enforcementMode": "Default" }, diff --git a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deny_priv_escalation_aks.tmpl.json b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deny_priv_escalation_aks.tmpl.json index cfb11ecf6..2c22dcd98 100644 --- a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deny_priv_escalation_aks.tmpl.json +++ b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deny_priv_escalation_aks.tmpl.json @@ -12,6 +12,7 @@ } }, "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1c6e92c9-99f0-4e55-9cf2-0c234dc48f99", + "definitionVersion": "7.*.*", "scope": null, "enforcementMode": "Default" }, diff --git a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deny_public_ip.tmpl.json b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deny_public_ip.tmpl.json index 07a0b68e9..73568850e 100644 --- a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deny_public_ip.tmpl.json +++ b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deny_public_ip.tmpl.json @@ -17,6 +17,7 @@ } }, "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6c112d4e-5bc7-47ae-a041-ea2d9dccd749", + "definitionVersion": "2.*.*", "scope": null, "enforcementMode": "Default" }, diff --git a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deny_public_ip_on_nic.tmpl.json b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deny_public_ip_on_nic.tmpl.json index f871785fe..b5cc7de6d 100644 --- a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deny_public_ip_on_nic.tmpl.json +++ b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deny_public_ip_on_nic.tmpl.json @@ -8,6 +8,7 @@ "notScopes": [], "parameters": {}, "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114", + "definitionVersion": "1.*.*", "scope": null, "enforcementMode": "Default" }, diff --git a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deny_storage_http.tmpl.json b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deny_storage_http.tmpl.json index e9e0964df..b61345b38 100644 --- a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deny_storage_http.tmpl.json +++ b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deny_storage_http.tmpl.json @@ -12,6 +12,7 @@ } }, "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/404c3081-a854-4457-ae30-26a93ef643f9", + "definitionVersion": "2.*.*", "scope": null, "enforcementMode": "Default" }, diff --git a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deny_unmanageddisk.tmpl.json b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deny_unmanageddisk.tmpl.json index 8bc740f1a..a49642f92 100644 --- a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deny_unmanageddisk.tmpl.json +++ b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deny_unmanageddisk.tmpl.json @@ -8,6 +8,7 @@ "notScopes": [], "parameters": {}, "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/06a78e20-9358-41c9-923c-fb736d382a4d", + "definitionVersion": "1.*.*", "scope": null, "enforcementMode": "Default", "overrides": [ diff --git a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_asc_monitoring.tmpl.json b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_asc_monitoring.tmpl.json index cdadc945b..b808ca2f5 100644 --- a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_asc_monitoring.tmpl.json +++ b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_asc_monitoring.tmpl.json @@ -8,6 +8,7 @@ "notScopes": [], "parameters": {}, "policyDefinitionId": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8", + "definitionVersion": "57.*.*", "scope": null, "enforcementMode": "Default" }, diff --git a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_azactivity_log.tmpl.json b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_azactivity_log.tmpl.json index 1ba7a583e..9eb262c1c 100644 --- a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_azactivity_log.tmpl.json +++ b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_azactivity_log.tmpl.json @@ -15,6 +15,7 @@ } }, "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2465583e-4e78-4c15-b6be-a36cbc7c8b0f", + "definitionVersion": "1.*.*", "scope": null, "enforcementMode": "Default" }, diff --git a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_azsql_db_auditing.tmpl.json b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_azsql_db_auditing.tmpl.json index 9758b3efc..72243aaa9 100644 --- a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_azsql_db_auditing.tmpl.json +++ b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_azsql_db_auditing.tmpl.json @@ -15,6 +15,7 @@ } }, "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/25da7dfb-0666-4a15-a8f5-402127efd8bb", + "definitionVersion": "1.*.*", "scope": null, "enforcementMode": "Default" }, diff --git a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_log_analytics.tmpl.json b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_log_analytics.tmpl.json index 42fe2e9f8..3a13b01dd 100644 --- a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_log_analytics.tmpl.json +++ b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_log_analytics.tmpl.json @@ -33,6 +33,7 @@ } }, "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8e3e61b3-0b32-22d5-4edf-55f87fdb5955", + "definitionVersion": "2.*.*", "scope": null, "enforcementMode": "DoNotEnforce" }, diff --git a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_md_endpoints_ama.tmpl.json b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_md_endpoints_ama.tmpl.json index 852fd9380..bfdb61b2b 100644 --- a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_md_endpoints_ama.tmpl.json +++ b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_md_endpoints_ama.tmpl.json @@ -8,6 +8,7 @@ "notScopes": [], "parameters": {}, "policyDefinitionId": "/providers/Microsoft.Authorization/policySetDefinitions/77b391e3-2d5d-40c3-83bf-65c846b3c6a3", + "definitionVersion": "2.*.*", "scope": null, "enforcementMode": "Default" }, diff --git a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_mdeendpoints.tmpl.json b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_mdeendpoints.tmpl.json index 2189151d0..06cf5f456 100644 --- a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_mdeendpoints.tmpl.json +++ b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_mdeendpoints.tmpl.json @@ -21,6 +21,7 @@ } }, "policyDefinitionId": "/providers/Microsoft.Authorization/policySetDefinitions/e20d08c5-6d64-656d-6465-ce9e37fd0ebc", + "definitionVersion": "1.*.*-preview", "scope": null, "enforcementMode": "Default" }, diff --git a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_mdfc_ossdb.tmpl.json b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_mdfc_ossdb.tmpl.json index 8b5480f3e..6b5b46d6b 100644 --- a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_mdfc_ossdb.tmpl.json +++ b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_mdfc_ossdb.tmpl.json @@ -8,6 +8,7 @@ "notScopes": [], "parameters": {}, "policyDefinitionId": "/providers/Microsoft.Authorization/policySetDefinitions/e77fc0b3-f7e9-4c58-bc13-cb753ed8e46e", + "definitionVersion": "1.*.*", "scope": null, "enforcementMode": "Default" }, diff --git a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_mdfc_sql-ama.tmpl.json b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_mdfc_sql-ama.tmpl.json index fbb632fc6..2901da5cc 100644 --- a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_mdfc_sql-ama.tmpl.json +++ b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_mdfc_sql-ama.tmpl.json @@ -24,6 +24,7 @@ } }, "policyDefinitionId": "/providers/Microsoft.Authorization/policySetDefinitions/de01d381-bae9-4670-8870-786f89f49e26", + "definitionVersion": "1.*.*", "scope": null, "enforcementMode": "Default" }, diff --git a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_mdfc_sqlatp.tmpl.json b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_mdfc_sqlatp.tmpl.json index 41ab7530f..56305f4d4 100644 --- a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_mdfc_sqlatp.tmpl.json +++ b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_mdfc_sqlatp.tmpl.json @@ -8,6 +8,7 @@ "notScopes": [], "parameters": {}, "policyDefinitionId": "/providers/Microsoft.Authorization/policySetDefinitions/9cb3cc7a-b39b-4b82-bc89-e5a5d9ff7b97", + "definitionVersion": "3.*.*", "scope": null, "enforcementMode": "Default" }, diff --git a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_resource_diag.tmpl.json b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_resource_diag.tmpl.json index d46b9ce3c..6ed27fd3e 100644 --- a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_resource_diag.tmpl.json +++ b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_resource_diag.tmpl.json @@ -12,6 +12,8 @@ } }, "policyDefinitionId": "/providers/Microsoft.Authorization/policySetDefinitions/0884adba-2312-4468-abeb-5422caed1038", + "definitionVersion": "1.0.0", + "conditionalDefinitionVersion": "1.0.0", "scope": null, "enforcementMode": "Default" }, diff --git a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_sql_tde.tmpl.json b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_sql_tde.tmpl.json index 8ff9da856..b1e4c0cac 100644 --- a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_sql_tde.tmpl.json +++ b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_sql_tde.tmpl.json @@ -8,6 +8,7 @@ "notScopes": [], "parameters": {}, "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86a912f6-9a06-4e26-b447-11b16ba8659f", + "definitionVersion": "2.*.*", "scope": null, "enforcementMode": "Default" }, diff --git a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_sql_threat.tmpl.json b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_sql_threat.tmpl.json index 7a8f35a33..357f08baa 100644 --- a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_sql_threat.tmpl.json +++ b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_sql_threat.tmpl.json @@ -8,6 +8,7 @@ "notScopes": [], "parameters": {}, "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/36d49e87-48c4-4f2e-beed-ba4ed02b71f5", + "definitionVersion": "2.*.*", "scope": null, "enforcementMode": "Default" }, diff --git a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_vm_arc_changetrack.tmpl.json b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_vm_arc_changetrack.tmpl.json index e89c15042..83b8b9910 100644 --- a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_vm_arc_changetrack.tmpl.json +++ b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_vm_arc_changetrack.tmpl.json @@ -15,6 +15,7 @@ } }, "policyDefinitionId": "/providers/Microsoft.Authorization/policySetDefinitions/53448c70-089b-4f52-8f38-89196d7f2de1", + "definitionVersion": "1.*.*-preview", "scope": null, "enforcementMode": "Default" }, diff --git a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_vm_arc_monitor.tmpl.json b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_vm_arc_monitor.tmpl.json index 9248147cc..db8202381 100644 --- a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_vm_arc_monitor.tmpl.json +++ b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_vm_arc_monitor.tmpl.json @@ -18,6 +18,7 @@ } }, "policyDefinitionId": "/providers/Microsoft.Authorization/policySetDefinitions/2b00397d-c309-49c4-aa5a-f0b2c5bc6321", + "definitionVersion": "1.*.*", "scope": null, "enforcementMode": "Default" }, diff --git a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_vm_backup.tmpl.json b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_vm_backup.tmpl.json index d147583a3..1f1ff4547 100644 --- a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_vm_backup.tmpl.json +++ b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_vm_backup.tmpl.json @@ -12,6 +12,7 @@ } }, "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/98d0b9f8-fd90-49c9-88e2-d3baf3b0dd86", + "definitionVersion": "9.*.*", "scope": null, "enforcementMode": "Default" }, diff --git a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_vm_changetrack.tmpl.json b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_vm_changetrack.tmpl.json index 33723114f..ad3bbbfde 100644 --- a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_vm_changetrack.tmpl.json +++ b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_vm_changetrack.tmpl.json @@ -24,6 +24,7 @@ } }, "policyDefinitionId": "/providers/Microsoft.Authorization/policySetDefinitions/92a36f05-ebc9-4bba-9128-b47ad2ea3354", + "definitionVersion": "1.*.*-preview", "scope": null, "enforcementMode": "Default" }, diff --git a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_vm_monitor.tmpl.json b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_vm_monitor.tmpl.json index 2a578b552..011ccd2d3 100644 --- a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_vm_monitor.tmpl.json +++ b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_vm_monitor.tmpl.json @@ -30,6 +30,7 @@ } }, "policyDefinitionId": "/providers/Microsoft.Authorization/policySetDefinitions/924bfe3a-762f-40e7-86dd-5c8b95eb09e6", + "definitionVersion": "1.*.*", "scope": null, "enforcementMode": "Default" }, diff --git a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_vmss_changetrack.tmpl.json b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_vmss_changetrack.tmpl.json index 55869e744..3917d6a93 100644 --- a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_vmss_changetrack.tmpl.json +++ b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_vmss_changetrack.tmpl.json @@ -24,6 +24,7 @@ } }, "policyDefinitionId": "/providers/Microsoft.Authorization/policySetDefinitions/c4a70814-96be-461c-889f-2b27429120dc", + "definitionVersion": "1.*.*-preview", "scope": null, "enforcementMode": "Default" }, diff --git a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_vmss_monitor.tmpl.json b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_vmss_monitor.tmpl.json index 3a4e7c9ef..138c9d7e4 100644 --- a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_vmss_monitor.tmpl.json +++ b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_vmss_monitor.tmpl.json @@ -30,6 +30,7 @@ } }, "policyDefinitionId": "/providers/Microsoft.Authorization/policySetDefinitions/f5bf694c-cca7-4033-b883-3a23327d5485", + "definitionVersion": "1.*.*", "scope": null, "enforcementMode": "Default" }, diff --git a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_enable_ddos_vnet.tmpl.json b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_enable_ddos_vnet.tmpl.json index 3a2ad5f82..21a828858 100644 --- a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_enable_ddos_vnet.tmpl.json +++ b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_enable_ddos_vnet.tmpl.json @@ -15,6 +15,7 @@ } }, "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d", + "definitionVersion": "1.*.*", "scope": null, "enforcementMode": "Default" }, diff --git a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_enforce_subnet_private.tmpl.json b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_enforce_subnet_private.tmpl.json index faf4c9ea4..b7a43a07b 100644 --- a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_enforce_subnet_private.tmpl.json +++ b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_enforce_subnet_private.tmpl.json @@ -8,6 +8,7 @@ "notScopes": [], "parameters": {}, "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7bca8353-aa3b-429b-904a-9229c4385837", + "definitionVersion": "1.*.*", "scope": null, "enforcementMode": "Default" }, diff --git a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_enforce_tls_ssl.tmpl.json b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_enforce_tls_ssl.tmpl.json index 8f5504450..519090934 100644 --- a/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_enforce_tls_ssl.tmpl.json +++ b/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_enforce_tls_ssl.tmpl.json @@ -1,5 +1,5 @@ { - "name": "Enforce-TLS-SSL-H224", + "name": "Enforce-TLS-SSL-Q225", "type": "Microsoft.Authorization/policyAssignments", "apiVersion": "2024-04-01", "properties": { diff --git a/infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep b/infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep index d52675179..26a49ef46 100644 --- a/infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep +++ b/infra-as-code/bicep/modules/policy/assignments/policyAssignmentManagementGroup.bicep @@ -50,6 +50,9 @@ param parPolicyAssignmentOverrides array = [] @description('List of required resource selectors for the policy assignment.') param parPolicyAssignmentResourceSelectors array = [] +@description('The version of the policy definition to use.') +param parPolicyAssignmentDefinitionVersion string? + @allowed([ 'None' 'SystemAssigned' @@ -93,6 +96,7 @@ resource resPolicyAssignment 'Microsoft.Authorization/policyAssignments@2025-01- enforcementMode: parPolicyAssignmentEnforcementMode overrides: parPolicyAssignmentOverrides resourceSelectors: parPolicyAssignmentResourceSelectors + definitionVersion: parPolicyAssignmentDefinitionVersion } identity: { type: varPolicyIdentity