diff --git a/docs/wiki/media/ALZ Policy Assignments v2.xlsx b/docs/wiki/media/ALZ Policy Assignments v2.xlsx
index ef277d5bea..a41ca1256a 100644
Binary files a/docs/wiki/media/ALZ Policy Assignments v2.xlsx and b/docs/wiki/media/ALZ Policy Assignments v2.xlsx differ
diff --git a/docs/wiki/media/Enterprise Scale - PolicyDefinitionAssignments.xlsx b/docs/wiki/media/Enterprise Scale - PolicyDefinitionAssignments.xlsx
index 59ca08d267..2621d04ef8 100644
Binary files a/docs/wiki/media/Enterprise Scale - PolicyDefinitionAssignments.xlsx and b/docs/wiki/media/Enterprise Scale - PolicyDefinitionAssignments.xlsx differ
diff --git a/docs/wiki/media/North Star process visuals.pptx b/docs/wiki/media/North Star process visuals.pptx
index d535bf27bb..2ee8b574d3 100644
Binary files a/docs/wiki/media/North Star process visuals.pptx and b/docs/wiki/media/North Star process visuals.pptx differ
diff --git a/docs/wiki/media/NorthStar Networking images.pptx b/docs/wiki/media/NorthStar Networking images.pptx
index 5e44238aab..1b73f09c6f 100644
Binary files a/docs/wiki/media/NorthStar Networking images.pptx and b/docs/wiki/media/NorthStar Networking images.pptx differ
diff --git a/eslzArm/eslz-portal.json b/eslzArm/eslz-portal.json
index da822df35c..3096aaf03b 100644
--- a/eslzArm/eslz-portal.json
+++ b/eslzArm/eslz-portal.json
@@ -278,7 +278,7 @@
{
"name": "cuaSettingsInfo",
"type": "Microsoft.Common.InfoBox",
- "visible": "[equals(steps('basics').cloudEnvironment.selection, 'AzureCloud')]",
+ "visible": true,
"options": {
"text": "Microsoft can identify the deployments of the Azure Resource Manager templates with the deployed Azure resources. Microsoft collects this information to provide the best experiences with their products and to operate their business. The telemetry is collected through customer usage attribution. The data is collected and governed by Microsoft's privacy policies, located at the trust center. Visit this link to find out more.",
"uri": "https://github.com/Azure/Enterprise-Scale/wiki/Deploying-Enterprise-Scale-CustomerUsage",
@@ -288,9 +288,9 @@
{
"name": "telemetryOptOut",
"type": "Microsoft.Common.OptionsGroup",
- "visible": "[equals(steps('basics').cloudEnvironment.selection, 'AzureCloud')]",
+ "visible": true,
"label": "Customer Usage Selection Options",
- "defaultValue": "[if(equals(steps('basics').cloudEnvironment.selection, 'AzureCloud'), 'Enabled', 'Disabled')]",
+ "defaultValue": "['Enabled']",
"constraints": {
"allowedValues": [
{
@@ -306,7 +306,7 @@
}
}
],
- "visible": "[equals(steps('basics').cloudEnvironment.selection, 'AzureCloud')]"
+ "visible": true
}
]
},
@@ -524,7 +524,7 @@
}
]
},
- "visible": "[equals(steps('management').enableLogAnalytics,'Yes')]"
+ "visible": "[and(equals(steps('management').enableLogAnalytics,'Yes'), equals(steps('basics').cloudEnvironment.selection, 'AzureCloud'))]"
},
{
"name": "enableUpdateMgmt",
@@ -1495,7 +1495,7 @@
"type": "Microsoft.Common.OptionsGroup",
"label": "Enable DDoS Network Protection",
"defaultValue": "Yes (recommended)",
- "visible": "[not(equals(steps('connectivity').enableHub, 'No'))]",
+ "visible": "[and(not(equals(steps('connectivity').enableHub, 'No')), not(equals(steps('basics').cloudEnvironment.selection, 'AzureChinaCloud')))]",
"toolTip": "If 'Yes' is selected when also adding a connectivity subscription, DDoS Network Protection will be enabled on the connectivity virtual network. Please note that DDoS Network Protection does incur additional costs that need to be considered, for more information: DDoS Network Protection pricing.",
"constraints": {
"allowedValues": [
@@ -2757,7 +2757,7 @@
"type": "Microsoft.Common.OptionsGroup",
"label": "Enable vWAN Routing Intent",
"defaultValue": "No",
- "visible": "[and(not(equals(steps('connectivity').enableHub, 'No')), not(equals(steps('connectivity').enableHub, 'nva')), not(equals(steps('connectivity').enableHub, 'vhub')), equals(steps('connectivity').enableAzFw, 'Yes'))]",
+ "visible": "[and(not(equals(steps('connectivity').enableHub, 'No')), not(equals(steps('connectivity').enableHub, 'nva')), not(equals(steps('connectivity').enableHub, 'vhub')), equals(steps('connectivity').enableAzFw, 'Yes'), not(equals(steps('basics').cloudEnvironment.selection, 'AzureChinaCloud')))]",
"toolTip": "Enable vWan Routing Intent and set Azure Firewall as the next hop either for Internet Traffic, Private Traffic or both",
"constraints": {
"allowedValues": [
@@ -3872,7 +3872,7 @@
"type": "Microsoft.Common.OptionsGroup",
"label": "Enable vWAN Routing Intent in your second",
"defaultValue": "No",
- "visible": "[and(not(equals(steps('connectivity').enableHub, 'No')), not(equals(steps('connectivity').enableHub, 'nva')), not(equals(steps('connectivity').enableHub, 'vhub')), equals(steps('connectivity').esNetworkSecondarySubSection.enableAzFwSecondary, 'Yes'))]",
+ "visible": "[and(not(equals(steps('connectivity').enableHub, 'No')), not(equals(steps('connectivity').enableHub, 'nva')), not(equals(steps('connectivity').enableHub, 'vhub')), equals(steps('connectivity').esNetworkSecondarySubSection.enableAzFwSecondary, 'Yes'), not(equals(steps('basics').cloudEnvironment.selection, 'AzureChinaCloud')))]",
"toolTip": "Enable vWan Routing Intent and set Azure Firewall as the next hop either for Internet Traffic, Private Traffic or both",
"constraints": {
"allowedValues": [
@@ -4526,7 +4526,7 @@
"type": "Microsoft.Common.OptionsGroup",
"label": "Enable DDoS Network Protection",
"defaultValue": "Yes (recommended)",
- "visible": "[and(not(equals(steps('connectivity').enableHub,'No')),equals(steps('connectivity').enableDdoS,'Yes'))]",
+ "visible": "[and(not(equals(steps('connectivity').enableHub,'No')),equals(steps('connectivity').enableDdoS,'Yes'), not(equals(steps('basics').cloudEnvironment.selection, 'AzureChinaCloud')))]",
"toolTip": "If 'Yes' is selected when also adding a connectivity subscription earlier, DDoS Network Protection will be enabled.
Uses the policy Virtual networks should be protected by Azure DDoS Protection Standard.",
"constraints": {
"allowedValues": [
@@ -4615,7 +4615,7 @@
}
]
},
- "visible": "[equals(steps('management').enableLogAnalytics,'Yes')]"
+ "visible": "[and(equals(steps('management').enableLogAnalytics,'Yes'), equals(steps('basics').cloudEnvironment.selection, 'AzureCloud'))]"
},
{
"name": "enableVmssMonitoring",
@@ -4639,7 +4639,7 @@
}
]
},
- "visible": "[equals(steps('management').enableLogAnalytics,'Yes')]"
+ "visible": "[and(equals(steps('management').enableLogAnalytics,'Yes'), equals(steps('basics').cloudEnvironment.selection, 'AzureCloud'))]"
},
{
"name": "enableVmHybridMonitoring",
@@ -4663,7 +4663,7 @@
}
]
},
- "visible": "[equals(steps('management').enableLogAnalytics,'Yes')]"
+ "visible": "[and(equals(steps('management').enableLogAnalytics,'Yes'), equals(steps('basics').cloudEnvironment.selection, 'AzureCloud'))]"
},
{
"name": "enableAksPolicy",
@@ -5047,10 +5047,10 @@
}
]
},
- "visible": true
+ "visible": "[equals(steps('basics').cloudEnvironment.selection, 'AzureCloud')]"
}
],
- "visible": "[equals(steps('basics').cloudEnvironment.selection, 'AzureCloud')]"
+ "visible": true
},
{
"name": "corpOnlineSettingsInfo",
@@ -5266,7 +5266,7 @@
"visible": true
}
],
- "visible": "[equals(steps('basics').cloudEnvironment.selection, 'AzureCloud')]"
+ "visible": true
},
{
"name": "onlineSection",
@@ -5312,7 +5312,7 @@
}
}
],
- "visible": "[equals(steps('basics').cloudEnvironment.selection, 'AzureCloud')]"
+ "visible": true
}
]
},
@@ -7671,7 +7671,7 @@
{
"name": "decommSettingsInfo",
"type": "Microsoft.Common.InfoBox",
- "visible": "[equals(steps('basics').cloudEnvironment.selection, 'AzureCloud')]",
+ "visible": true,
"options": {
"text": "The following policies will be enabled: - Deny the deployment of new resources
- Deploy an auto VM shutdown policy at UTC 00:00
",
"uri": "https://aka.ms/alz/policies",
@@ -7703,7 +7703,7 @@
"visible": true
}
],
- "visible": "[equals(steps('basics').cloudEnvironment.selection, 'AzureCloud')]"
+ "visible": true
},
{
"name": "sandboxSection",
@@ -7713,7 +7713,7 @@
{
"name": "sandboxSettingsInfo",
"type": "Microsoft.Common.InfoBox",
- "visible": "[equals(steps('basics').cloudEnvironment.selection, 'AzureCloud')]",
+ "visible": true,
"options": {
"text": "The following policies will be enabled: - Deny vNET peering across subscriptions
- Deny the deployment of vWAN/ER/VPN gateways
",
"uri": "https://aka.ms/alz/policies",
@@ -7745,7 +7745,7 @@
"visible": true
}
],
- "visible": "[equals(steps('basics').cloudEnvironment.selection, 'AzureCloud')]"
+ "visible": true
}
]
},
diff --git a/eslzArm/eslzArm.json b/eslzArm/eslzArm.json
index 0f8b64a859..7a5af4ccf2 100644
--- a/eslzArm/eslzArm.json
+++ b/eslzArm/eslzArm.json
@@ -1655,11 +1655,80 @@
"monitorRepo": "https://raw.githubusercontent.com/Azure/azure-monitor-baseline-alerts/2024-09-02/"
},
// Declaring all required deployment uri's used for deployments of composite ARM templates for ESLZ
+ // Referring to different Policy Set definition for different cloud enviornment
"azPrivateDnsPolicyAssignmentMapping": {
"https://management.azure.com/": "managementGroupTemplates/policyAssignments/DINE-PrivateDNSZonesPolicyAssignment.json",
- "https://management.usgovcloudapi.net": "managementGroupTemplates/policyAssignments/gov/fairfaxDINE-PrivateDNSZonesPolicyAssignment.json"
+ "https://management.usgovcloudapi.net": "managementGroupTemplates/policyAssignments/gov/fairfaxDINE-PrivateDNSZonesPolicyAssignment.json",
+ "https://management.chinacloudapi.cn": "managementGroupTemplates/policyAssignments/china/mcDINE-PrivateDNSZonesPolicyAssignment.json"
+
},
"azPrivateDnsPolicyAssignment": "[variables('azPrivateDnsPolicyAssignmentMapping')[environment().resourceManager]]",
+
+ "PublicEndpointPolicyAssignmentMapping": {
+ "https://management.azure.com/": "managementGroupTemplates/policyAssignments/DENY-PublicEndpointPolicyAssignment.json",
+ "https://management.usgovcloudapi.net": "managementGroupTemplates/policyAssignments/DENY-PublicEndpointPolicyAssignment.json", // This needs to be updated for USGovernmentCloud
+ "https://management.chinacloudapi.cn": "managementGroupTemplates/policyAssignments/china/mcDENY-PublicEndpointPolicyAssignment.json"
+
+ },
+ "PublicEndpointPolicyAssignment": "[variables('PublicEndpointPolicyAssignmentMapping')[environment().resourceManager]]",
+
+ "regulatoryCompliancePolicyAssignmentMapping": {
+ "https://management.azure.com/": "managementGroupTemplates/policyAssignments/ENFORCE-RegulatoryCompliancePolicyAssignment.json",
+ "https://management.usgovcloudapi.net": "managementGroupTemplates/policyAssignments/ENFORCE-RegulatoryCompliancePolicyAssignment.json", // This needs to be updated for USGovernmentCloud
+ "https://management.chinacloudapi.cn": "managementGroupTemplates/policyAssignments/china/mcENFORCE-RegulatoryCompliancePolicyAssignment.json"
+
+ },
+ "regulatoryCompliancePolicy": "[variables('regulatoryCompliancePolicyAssignmentMapping')[environment().resourceManager]]",
+
+ "mdfcConfigPolicyInitiativeMapping": {
+ "https://management.azure.com/": "managementGroupTemplates/policyAssignments/DINE-MDFCConfigPolicyAssignment.json",
+ "https://management.usgovcloudapi.net": "managementGroupTemplates/policyAssignments/DINE-MDFCConfigPolicyAssignment.json", // This needs to be updated for USGovernmentCloud
+ "https://management.chinacloudapi.cn": "managementGroupTemplates/policyAssignments/china/mcDINE-MDFCConfigPolicyAssignment.json"
+
+ },
+ "mdfcConfigPolicyInitiative": "[variables('mdfcConfigPolicyInitiativeMapping')[environment().resourceManager]]",
+
+ "tlsSslPolicyAssignmentMapping": {
+ "https://management.azure.com/": "managementGroupTemplates/policyAssignments/DENY-DINE-APPEND-TLS-SSL-PolicyAssignment.json",
+ "https://management.usgovcloudapi.net": "managementGroupTemplates/policyAssignments/DENY-DINE-APPEND-TLS-SSL-PolicyAssignment.json", // This needs to be updated for USGovernmentCloud
+ "https://management.chinacloudapi.cn": "managementGroupTemplates/policyAssignments/china/mcDENY-DINE-APPEND-TLS-SSL-PolicyAssignment.json"
+
+ },
+ "tlsSslPolicyAssignment": "[variables('tlsSslPolicyAssignmentMapping')[environment().resourceManager]]",
+
+ "backupPolicyAssignmentMapping": {
+ "https://management.azure.com/": "managementGroupTemplates/policyAssignments/ENFORCE-BackupPolicyAssignment.json",
+ "https://management.usgovcloudapi.net": "managementGroupTemplates/policyAssignments/ENFORCE-BackupPolicyAssignment.json", // This needs to be updated for USGovernmentCloud
+ "https://management.chinacloudapi.cn": "managementGroupTemplates/policyAssignments/china/mcENFORCE-BackupPolicyAssignment.json"
+
+ },
+ "backupPolicyAssignment": "[variables('backupPolicyAssignmentMapping')[environment().resourceManager]]",
+
+ "kvGuardrailsPolicyAssignmentMapping": {
+ "https://management.azure.com/": "managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsKeyVaultPolicyAssignment.json",
+ "https://management.usgovcloudapi.net": "managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsKeyVaultPolicyAssignment.json", // This needs to be updated for USGovernmentCloud
+ "https://management.chinacloudapi.cn": "managementGroupTemplates/policyAssignments/china/mcENFORCE-GuardrailsKeyVaultPolicyAssignment.json"
+
+ },
+ "kvGuardrailsPolicyAssignment": "[variables('kvGuardrailsPolicyAssignmentMapping')[environment().resourceManager]]",
+
+ "decommissionPolicyAssignmentMapping": {
+ "https://management.azure.com/": "managementGroupTemplates/policyAssignments/ENFORCE-ALZ-DecommissionedPolicyAssignment.json",
+ "https://management.usgovcloudapi.net": "managementGroupTemplates/policyAssignments/ENFORCE-ALZ-DecommissionedPolicyAssignment.json", // This needs to be updated for USGovernmentCloud
+ "https://management.chinacloudapi.cn": "managementGroupTemplates/policyAssignments/china/mcENFORCE-ALZ-DecommissionedPolicyAssignment.json"
+
+ },
+ "decommissionPolicyAssignment": "[variables('decommissionPolicyAssignmentMapping')[environment().resourceManager]]",
+
+ "MDFCSubscriptionEnablementMapping": {
+ "https://management.azure.com/": "subscriptionTemplates/mdfcConfiguration.json",
+ "https://management.usgovcloudapi.net": "subscriptionTemplates/mdfcConfiguration.json", // This needs to be updated for USGovernmentCloud
+ "https://management.chinacloudapi.cn": "subscriptionTemplates/mcmdfcConfiguration.json"
+
+ },
+ "MDFCSubscriptionEnablement": "[variables('MDFCSubscriptionEnablementMapping')[environment().resourceManager]]",
+
+
"deploymentUris": {
"managementGroups": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/mgmtGroupStructure/mgmtGroups.json')]",
"managementGroupsLite": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/mgmtGroupStructure/mgmtGroupsLite.json')]",
@@ -1677,10 +1746,10 @@
"ddosProtection": "[uri(deployment().properties.templateLink.uri, 'resourceGroupTemplates/ddosProtection.json')]",
"logAnalyticsPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-LogAnalyticsPolicyAssignment.json')]",
"asbPolicyInitiative": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-ASBPolicyAssignment.json')]",
- "regulatoryComplianceInitaitves": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/ENFORCE-RegulatoryCompliancePolicyAssignment.json')]",
+ "regulatoryComplianceInitaitves": "[uri(deployment().properties.templateLink.uri, variables('regulatoryCompliancePolicy'))]",
"resourceDiagnosticsInitiative": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-ResourceDiagnosticsPolicyAssignment.json')]",
"activityDiagnosticsPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-ActivityLogPolicyAssignment.json')]",
- "mdfcConfigPolicyInitiative": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-MDFCConfigPolicyAssignment.json')]",
+ "mdfcConfigPolicyInitiative": "[uri(deployment().properties.templateLink.uri, variables('mdfcConfigPolicyInitiative'))]",
"mdEnpointsPolicyInitiative": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-MDEndpointsPolicyAssignment.json')]",
"mdEnpointsAMAPolicyInitiative": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-MDEndpointsAMAPolicyAssignment.json')]",
"atpOssDbPolicyInitiative": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-AtpOssDbPolicyAssignment.json')]",
@@ -1692,17 +1761,17 @@
"azPolicyForAksPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-AksPolicyPolicyAssignment.json')]",
"aksPrivEscalationPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DENY-AksPrivEscalationPolicyAssignment.json')]",
"aksPrivilegedPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DENY-AksPrivilegedPolicyAssignment.json')]",
- "tlsSslPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DENY-DINE-APPEND-TLS-SSL-PolicyAssignment.json')]",
+ "tlsSslPolicyAssignment": "[uri(deployment().properties.templateLink.uri, variables('tlsSslPolicyAssignment'))]",
"aksHttpsPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DENY-AksWithoutHttpsPolicyAssignment.json')]",
"ipFwdPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DENY-IPForwardingPolicyAssignment.json')]",
- "publicEndpointPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DENY-PublicEndpointPolicyAssignment.json')]",
+ "publicEndpointPolicyAssignment": "[uri(deployment().properties.templateLink.uri, variables('PublicEndpointPolicyAssignment'))]",
"privateDnsZonePolicyAssignment": "[uri(deployment().properties.templateLink.uri, variables('azPrivateDnsPolicyAssignment'))]",
"pipPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DENY-PublicIpAddressPolicyAssignment.json')]",
"pipOnNicPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DENY-PublicIpAddressOnNICPolicyAssignment.json')]",
"mgmtFromInternetPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DENY-MgmtPortsFromInternetPolicyAssignment.json')]",
"storageHttpsPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DENY-StorageWithoutHttpsPolicyAssignment.json')]",
- "kvGuardrailsPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsKeyVaultPolicyAssignment.json')]",
- "backupPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/ENFORCE-BackupPolicyAssignment.json')]",
+ "kvGuardrailsPolicyAssignment": "[uri(deployment().properties.templateLink.uri, variables('kvGuardrailsPolicyAssignment'))]",
+ "backupPolicyAssignment": "[uri(deployment().properties.templateLink.uri, variables('backupPolicyAssignment'))]",
"denyHybridNetworkingPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DENY-HybridNetworkingPolicyAssignment.json')]",
"auditPeDnsZonesPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/AUDIT-PeDnsZonesPolicyAssignment.json')]",
"auditAppGwWafPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/AUDIT-AppGwWafPolicyAssignment.json')]",
@@ -1711,7 +1780,7 @@
"sqlAuditPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-SQLAuditingPolicyAssignment.json')]",
"sqlEncryptionPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-SQLEncryptionPolicyAssignment.json')]",
"sqlThreatPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-SQLThreatPolicyAssignment.json')]",
- "decommissionPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/ENFORCE-ALZ-DecommissionedPolicyAssignment.json')]",
+ "decommissionPolicyAssignment": "[uri(deployment().properties.templateLink.uri, variables('decommissionPolicyAssignment'))]",
"sandboxPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/ENFORCE-ALZ-SandboxPolicyAssignment.json')]",
"ddosPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/MODIFY-DDoSPolicyAssignment.json')]",
"corpVnetPeering": "[uri(deployment().properties.templateLink.uri, 'subscriptionTemplates/vnetPeering.json')]",
@@ -1737,7 +1806,7 @@
"ChangeTrackingVmssPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-ChangeTrackingVMSSPolicyAssignment.json')]",
"MDFCDefenderSqlAma": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/DINE-MDFCDefenderSQLAMAPolicyAssignment.json')]",
"dataCollectionRuleMdfcDefenderSQL": "[uri(deployment().properties.templateLink.uri, 'resourceGroupTemplates/dataCollectionRule-DefenderSQL.json')]",
- "MDFCSubscriptionEnablement": "[uri(deployment().properties.templateLink.uri, 'subscriptionTemplates/mdfcConfiguration.json')]",
+ "MDFCSubscriptionEnablement": "[uri(deployment().properties.templateLink.uri, variables('MDFCSubscriptionEnablement'))]",
// Workload Specific Compliance Initiatives
"wsCMKPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/ENFORCE-EncryptionCMKPolicyAssignment.json')]",
"wsAPIMPolicyAssignment": "[uri(deployment().properties.templateLink.uri, 'managementGroupTemplates/policyAssignments/ENFORCE-GuardrailsAPIMPolicyAssignment.json')]",
@@ -2714,7 +2783,8 @@
},
{
// Deploying Diagnostic Settings to management groups if Log Analytics was deployed via a loop
- "condition": "[and(empty(parameters('singlePlatformSubscriptionId')), not(empty(parameters('managementSubscriptionId'))), equals(parameters('enableLogAnalytics'), 'Yes'))]",
+ // exclude Mooncake since Management Group Diagnostic Settings Rest API is NOT supported in Azure China. https://learn.microsoft.com/en-us/answers/questions/1640390/confirm-if-management-group-diagnostic-settings-re
+ "condition": "[and(empty(parameters('singlePlatformSubscriptionId')), not(empty(parameters('managementSubscriptionId'))), equals(parameters('enableLogAnalytics'), 'Yes'), not(equals(environment().resourceManager, 'https://management.chinacloudapi.cn')))]",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-10-01",
"name": "[take(concat(variables('mgmtGroupsArray')[copyIndex()], variables('deploymentNames').diagnosticSettingsforMGsDeploymentName), 64)]",
@@ -2745,7 +2815,8 @@
},
{
// Deploying Diagnostic Settings to ESLite management groups if Log Analytics was deployed via a loop
- "condition": "[and(not(empty(parameters('singlePlatformSubscriptionId'))), empty(parameters('managementSubscriptionId')), equals(parameters('enableLogAnalytics'), 'Yes'))]",
+ // exclude Mooncake since Management Group Diagnostic Settings Rest API is NOT supported in Azure China. https://learn.microsoft.com/en-us/answers/questions/1640390/confirm-if-management-group-diagnostic-settings-re
+ "condition": "[and(not(empty(parameters('singlePlatformSubscriptionId'))), empty(parameters('managementSubscriptionId')), equals(parameters('enableLogAnalytics'), 'Yes'), not(equals(environment().resourceManager, 'https://management.chinacloudapi.cn')))]",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-10-01",
"name": "[take(concat(variables('mgmtGroupsESLiteArray')[copyIndex()], variables('deploymentNames').diagnosticSettingsforMGsDeploymentName), 64)]",
@@ -4169,7 +4240,8 @@
},
{
// Assigning Azure Monitor Resource Diagnostics policy to intermediate root management group if condition is true
- "condition": "[and(or(not(empty(parameters('singlePlatformSubscriptionId'))), not(empty(parameters('managementSubscriptionId')))), equals(parameters('enableLogAnalytics'), 'Yes'))]",
+ // exclude China since the build-in initiative(0884adba-2312-4468-abeb-5422caed1038) doesn't exist in China
+ "condition": "[and(or(not(empty(parameters('singlePlatformSubscriptionId'))), not(empty(parameters('managementSubscriptionId')))), equals(parameters('enableLogAnalytics'), 'Yes'), not(equals(environment().resourceManager, 'https://management.chinacloudapi.cn')))]",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-10-01",
"name": "[variables('deploymentNames').resourceDiagnosticsPolicyDeploymentName]",
@@ -4199,7 +4271,8 @@
},
{
// Assigning Azure Activity Diagnostics Log policy to intermediate root management group if condition is true
- "condition": "[and(or(not(empty(parameters('singlePlatformSubscriptionId'))), not(empty(parameters('managementSubscriptionId')))), equals(parameters('enableLogAnalytics'), 'Yes'))]",
+ //exclude Mooncake since the build-in initiative(2465583e-4e78-4c15-b6be-a36cbc7c8b0f) doesn't exist in Mooncake
+ "condition": "[and(or(not(empty(parameters('singlePlatformSubscriptionId'))), not(empty(parameters('managementSubscriptionId')))), equals(parameters('enableLogAnalytics'), 'Yes'), not(equals(environment().resourceManager, 'https://management.chinacloudapi.cn')))]",
"type": "Microsoft.Resources/deployments",
"apiVersion": "2020-10-01",
"name": "[variables('deploymentNames').activityDiagnosticsPolicyDeploymentName]",
diff --git a/eslzArm/managementGroupTemplates/policyAssignments/china/mcDENY-DINE-APPEND-TLS-SSL-PolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/china/mcDENY-DINE-APPEND-TLS-SSL-PolicyAssignment.json
new file mode 100644
index 0000000000..21436d78ec
--- /dev/null
+++ b/eslzArm/managementGroupTemplates/policyAssignments/china/mcDENY-DINE-APPEND-TLS-SSL-PolicyAssignment.json
@@ -0,0 +1,80 @@
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "topLevelManagementGroupPrefix": {
+ "type": "string",
+ "metadata": {
+ "description": "Provide the ESLZ company prefix to the intermediate root management group containing the policy definitions."
+ }
+ },
+ "enforcementMode": {
+ "type": "string",
+ "allowedValues": [
+ "Default",
+ "DoNotEnforce"
+ ],
+ "defaultValue": "Default"
+ },
+ "nonComplianceMessagePlaceholder": {
+ "type": "string",
+ "defaultValue": "{enforcementMode}"
+ }
+ },
+ "variables": {
+ "policyDefinitions": {
+ "deployEncryptionInTransit": "[concat('/providers/Microsoft.Management/managementGroups/', parameters('topLevelManagementGroupPrefix'), '/providers/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit_20240509-AzureChinaCloud')]"
+ },
+ "policyAssignmentNames": {
+ "deployEncryptionInTransit": "Enforce-TLS-SSL-H224",
+ "description": "Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing existence condition require then the combination of Audit.",
+ "displayName": "Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit"
+ },
+ "nonComplianceMessage": {
+ "message": "TLS and SSL {enforcementMode} be enabled for on resources without encryption in transit.",
+ "Default": "must",
+ "DoNotEnforce": "should"
+ },
+ "rbacOwner": "8e3af657-a8ff-443c-a75c-2fe8c4bcb635",
+ "roleAssignmentNames": {
+ "deployEncryptionInTransit": "[guid(concat(parameters('topLevelManagementGroupPrefix'),variables('policyAssignmentNames').deployEncryptionInTransit))]"
+ }
+ },
+ "resources": [
+ {
+ "type": "Microsoft.Authorization/policyAssignments",
+ "apiVersion": "2022-06-01",
+ "name": "[variables('policyAssignmentNames').deployEncryptionInTransit]",
+ "location": "[deployment().location]",
+ "identity": {
+ "type": "SystemAssigned"
+ },
+ "properties": {
+ "description": "[variables('policyAssignmentNames').description]",
+ "displayName": "[variables('policyAssignmentNames').displayName]",
+ "policyDefinitionId": "[variables('policyDefinitions').deployEncryptionInTransit]",
+ "enforcementMode": "[parameters('enforcementMode')]",
+ "nonComplianceMessages": [
+ {
+ "message": "[replace(variables('nonComplianceMessage').message, parameters('nonComplianceMessagePlaceholder'), variables('nonComplianceMessage')[parameters('enforcementMode')])]"
+ }
+ ],
+ "parameters": {}
+ }
+ },
+ {
+ "type": "Microsoft.Authorization/roleAssignments",
+ "apiVersion": "2019-04-01-preview",
+ "name": "[variables('roleAssignmentNames').deployEncryptionInTransit]",
+ "dependsOn": [
+ "[resourceId('Microsoft.Authorization/policyAssignments', variables('policyAssignmentNames').deployEncryptionInTransit)]"
+ ],
+ "properties": {
+ "principalType": "ServicePrincipal",
+ "roleDefinitionId": "[concat('/providers/Microsoft.Authorization/roleDefinitions/', variables('rbacOwner'))]",
+ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').deployEncryptionInTransit), '2019-09-01', 'Full' ).identity.principalId)]"
+ }
+ }
+ ],
+ "outputs": {}
+}
\ No newline at end of file
diff --git a/eslzArm/managementGroupTemplates/policyAssignments/china/mcDENY-PublicEndpointPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/china/mcDENY-PublicEndpointPolicyAssignment.json
new file mode 100644
index 0000000000..bd5516c435
--- /dev/null
+++ b/eslzArm/managementGroupTemplates/policyAssignments/china/mcDENY-PublicEndpointPolicyAssignment.json
@@ -0,0 +1,60 @@
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "topLevelManagementGroupPrefix": {
+ "type": "string",
+ "metadata": {
+ "description": "Provide the ESLZ company prefix to the intermediate root management group containing the policy definitions."
+ }
+ },
+ "enforcementMode": {
+ "type": "string",
+ "allowedValues": [
+ "Default",
+ "DoNotEnforce"
+ ],
+ "defaultValue": "Default"
+ },
+ "nonComplianceMessagePlaceholder": {
+ "type": "string",
+ "defaultValue": "{enforcementMode}"
+ }
+ },
+ "variables": {
+ "policyDefinitions": {
+ "denyPublicEndpoint": "[concat('/providers/Microsoft.Management/managementGroups/', parameters('topLevelManagementGroupPrefix'), '/providers/Microsoft.Authorization/policySetDefinitions/Deny-PublicPaaSEndpoints-AzureChinaCloud')]"
+ },
+ "policyAssignmentNames": {
+ "denyPublicEndpoint": "Deny-Public-Endpoints",
+ "displayName": "Public network access should be disabled for PaaS services",
+ "description": "This policy initiative is a group of policies that prevents creation of Azure PaaS services with exposed public endpoints"
+ },
+ "nonComplianceMessage": {
+ "message": "Public network access {enforcementMode} be disabled for PaaS services.",
+ "Default": "must",
+ "DoNotEnforce": "should"
+ }
+ },
+ "resources": [
+ {
+ "type": "Microsoft.Authorization/policyAssignments",
+ "apiVersion": "2022-06-01",
+ "name": "[variables('policyAssignmentNames').denyPublicEndpoint]",
+ "location": "[deployment().location]",
+ "properties": {
+ "description": "[variables('policyAssignmentNames').description]",
+ "displayName": "[variables('policyAssignmentNames').displayName]",
+ "policyDefinitionId": "[variables('policyDefinitions').denyPublicEndpoint]",
+ "enforcementMode": "[parameters('enforcementMode')]",
+ "nonComplianceMessages": [
+ {
+ "message": "[replace(variables('nonComplianceMessage').message, parameters('nonComplianceMessagePlaceholder'), variables('nonComplianceMessage')[parameters('enforcementMode')])]"
+ }
+ ],
+ "parameters": {}
+ }
+ }
+ ],
+ "outputs": {}
+}
\ No newline at end of file
diff --git a/eslzArm/managementGroupTemplates/policyAssignments/china/mcDINE-MDFCConfigPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/china/mcDINE-MDFCConfigPolicyAssignment.json
index 7e35d539fd..1acc9d549a 100644
--- a/eslzArm/managementGroupTemplates/policyAssignments/china/mcDINE-MDFCConfigPolicyAssignment.json
+++ b/eslzArm/managementGroupTemplates/policyAssignments/china/mcDINE-MDFCConfigPolicyAssignment.json
@@ -55,7 +55,7 @@
},
"variables": {
"policyDefinitions": {
- "deployAzureSecurity": "[concat('/providers/Microsoft.Management/managementGroups/', parameters('topLevelManagementGroupPrefix'), '/providers/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config')]"
+ "deployAzureSecurity": "[concat('/providers/Microsoft.Management/managementGroups/', parameters('topLevelManagementGroupPrefix'), '/providers/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config-AzureChinaCloud')]"
},
"policyAssignmentNames": {
"azureSecurity": "Deploy-MDFC-Config",
diff --git a/eslzArm/managementGroupTemplates/policyAssignments/china/mcDINE-PrivateDNSZonesPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/china/mcDINE-PrivateDNSZonesPolicyAssignment.json
new file mode 100644
index 0000000000..4e8caae62f
--- /dev/null
+++ b/eslzArm/managementGroupTemplates/policyAssignments/china/mcDINE-PrivateDNSZonesPolicyAssignment.json
@@ -0,0 +1,406 @@
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "topLevelManagementGroupPrefix": {
+ "type": "string",
+ "metadata": {
+ "description": "Provide the ESLZ company prefix to the intermediate root management group containing the policy definitions."
+ }
+ },
+ "enforcementMode": {
+ "type": "string",
+ "allowedValues": [
+ "Default",
+ "DoNotEnforce"
+ ],
+ "defaultValue": "Default"
+ },
+ "nonComplianceMessagePlaceholder": {
+ "type": "string",
+ "defaultValue": "{enforcementMode}"
+ },
+ "dnsZoneResourceGroupId": {
+ "type": "string",
+ "metadata": {
+ "description": "Provide the resourceId of the resource group for private DNS, which will construct the full resourceId for the private DNS zones."
+ }
+ },
+ "location": {
+ "type": "string",
+ "metadata": {
+ "description": "Provide the location where the virtual network is created (hub)"
+ }
+ }
+ },
+ "variables": {
+ "azBackupGeoCodes": {
+ "australiacentral": "acl",
+ "australiacentral2": "acl2",
+ "australiaeast": "ae",
+ "australiasoutheast": "ase",
+ "brazilsouth": "brs",
+ "brazilsoutheast": "bse",
+ "centraluseuap": "ccy",
+ "canadacentral": "cnc",
+ "canadaeast": "cne",
+ "centralus": "cus",
+ "eastasia": "ea",
+ "eastus2euap": "ecy",
+ "eastus": "eus",
+ "eastus2": "eus2",
+ "francecentral": "frc",
+ "francesouth": "frs",
+ "germanynorth": "gn",
+ "germanywestcentral": "gwc",
+ "centralindia": "inc",
+ "southindia": "ins",
+ "westindia": "inw",
+ "italynorth": "itn",
+ "japaneast": "jpe",
+ "japanwest": "jpw",
+ "jioindiacentral": "jic",
+ "jioindiawest": "jiw",
+ "koreacentral": "krc",
+ "koreasouth": "krs",
+ "northcentralus": "ncus",
+ "northeurope": "ne",
+ "norwayeast": "nwe",
+ "norwaywest": "nww",
+ "qatarcentral": "qac",
+ "southafricanorth": "san",
+ "southafricawest": "saw",
+ "southcentralus": "scus",
+ "swedencentral": "sdc",
+ "swedensouth": "sds",
+ "southeastasia": "sea",
+ "switzerlandnorth": "szn",
+ "switzerlandwest": "szw",
+ "uaecentral": "uac",
+ "uaenorth": "uan",
+ "uksouth": "uks",
+ "ukwest": "ukw",
+ "westcentralus": "wcus",
+ "westeurope": "we",
+ "westus": "wus",
+ "westus2": "wus2",
+ "westus3": "wus3",
+ "usdodcentral": "udc",
+ "usdodeast": "ude",
+ "usgovarizona": "uga",
+ "usgoviowa": "ugi",
+ "usgovtexas": "ugt",
+ "usgovvirginia": "ugv",
+ "usnateast": "exe",
+ "usnatwest": "exw",
+ "usseceast": "rxe",
+ "ussecwest": "rxw",
+ "chinanorth": "bjb",
+ "chinanorth2": "bjb2",
+ "chinanorth3": "bjb3",
+ "chinaeast": "sha",
+ "chinaeast2": "sha2",
+ "chinaeast3": "sha3",
+ "germanycentral": "gec",
+ "germanynortheast": "gne"
+ },
+ "baseId": "[concat(parameters('dnsZoneResourceGroupId'), '/providers/Microsoft.Network/privateDnsZones/')]",
+ "policyParameterMapping": {
+ "azureFilePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.afs.azure.cn')]",
+ "azureAutomationWebhookPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.azure-automation.cn')]",
+ "azureAutomationDSCHybridPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.azure-automation.cn')]",
+ "azureCosmosSQLPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.documents.azure.cn')]",
+ "azureCosmosMongoPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.mongo.cosmos.azure.cn')]",
+ "azureCosmosCassandraPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.cassandra.cosmos.azure.cn')]",
+ "azureCosmosGremlinPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.gremlin.cosmos.azure.cn')]",
+ "azureCosmosTablePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.table.cosmos.azure.cn')]",
+ "azureDataFactoryPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.datafactory.azure.cn')]",
+ "azureDataFactoryPortalPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.adf.azure.cn')]",
+ // Not supported in Mooncake yet
+ //"azureDatabricksPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.azuredatabricks.net')]",
+ "azureHDInsightPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.azurehdinsight.cn')]",
+ // MigrateNot supported in Mooncake yet
+ //"azureMigratePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.prod.migration.windowsazure.com')]",
+ "azureStorageBlobPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.blob.core.chinacloudapi.cn')]",
+ "azureStorageBlobSecPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.blob.core.chinacloudapi.cn')]",
+ "azureStorageQueuePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.queue.core.chinacloudapi.cn')]",
+ "azureStorageQueueSecPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.queue.core.chinacloudapi.cn')]",
+ "azureStorageFilePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.file.core.chinacloudapi.cn')]",
+ "azureStorageStaticWebPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.web.core.chinacloudapi.cn')]",
+ "azureStorageStaticWebSecPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.web.core.chinacloudapi.cn')]",
+ "azureStorageDFSPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.dfs.core.chinacloudapi.cn')]",
+ "azureStorageDFSSecPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.dfs.core.chinacloudapi.cn')]",
+ "azureSynapseSQLPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.sql.azuresynapse.azure.cn')]",
+ "azureSynapseSQLODPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.sql.azuresynapse.azure.cn')]",
+ "azureSynapseDevPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.dev.azuresynapse.azure.cn')]",
+ "azureMonitorPrivateDnsZoneId1": "[concat(variables('baseId'), 'privatelink.monitor.azure.cn')]",
+ "azureMonitorPrivateDnsZoneId2": "[concat(variables('baseId'), 'privatelink.oms.opinsights.azure.cn')]",
+ "azureMonitorPrivateDnsZoneId3": "[concat(variables('baseId'), 'privatelink.ods.opinsights.azure.cn')]",
+ "azureMonitorPrivateDnsZoneId4": "[concat(variables('baseId'), 'privatelink.agentsvc.azure-automation.net')]", // No change for Mooncake
+ "azureMonitorPrivateDnsZoneId5": "[concat(variables('baseId'), 'privatelink.blob.core.chinacloudapi.cn')]",
+ // Private DNS zone for Azure Web is supported in mooncake, but the build-in policy(0b026355-49cb-467b-8ac4-f777874e175a) is not available.
+ //"azureWebPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.webpubsub.azure.cn')]",
+ "azureBatchPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.batch.chinacloudapi.cn')]",
+ "azureAppPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.azconfig.azure.cn')]",
+ // Azure Site Recovery is NOT supported in Mooncake yet
+ //"azureAsrPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.siterecovery.windowsazure.com')]",
+ "azureIotPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.azure-devices-provisioning.cn')]",
+ "azureKeyVaultPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.vaultcore.azure.cn')]",
+ "azureSignalRPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.service.signalr.azure.cn')]",
+ "azureAppServicesPrivateDnsZoneId": "[concat(variables('baseId'), ' privatelink.chinacloudsites.cn')]",
+ "azureEventGridTopicsPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.eventgrid.azure.cn')]",
+ "azureDiskAccessPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.blob.core.chinacloudapi.cn')]",
+ "azureCognitiveServicesPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.cognitiveservices.azure.cn')]",
+ "azureIotHubsPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.azure-devices.cn')]",
+ "azureEventGridDomainsPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.eventgrid.azure.cn')]",
+ "azureRedisCachePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.redis.cache.chinacloudapi.cn')]",
+ "azureAcrPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.azurecr.cn')]",
+ "azureEventHubNamespacePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.servicebus.chinacloudapi.cn')]",
+ "azureMachineLearningWorkspacePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.api.ml.azure.cn')]",
+ "azureMachineLearningWorkspaceSecondPrivateDnsZoneId" : "[concat(variables('baseId'), 'privatelink.notebooks.chinacloudapi.cn')]",
+ "azureServiceBusNamespacePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.servicebus.chinacloudapi.cn')]",
+ "azureCognitiveSearchPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.search.azure.cn')]",
+ //Azure Bot Service is NOT supported in Mooncake yet
+ //"azureBotServicePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.directline.botframework.com')]",
+ //Azure Managed Grafana is NOT supported in Mooncake yet
+ //"azureManagedGrafanaWorkspacePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.grafana.azure.com')]",
+ "azureVirtualDesktopHostpoolPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.wvd.azure.cn')]",
+ "azureVirtualDesktopWorkspacePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink-global.wvd.azure.cn')]",
+ // Remove "azureIotDeviceupdatePrivateDnsZoneId" due to missing built-in Policy Definitions(a222b93a-e6c2-4c01-817f-21e092455b2a)
+ //"azureIotDeviceupdatePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.azure-devices.cn')]",
+ // Azure Arc is NOT supported in Mooncake yet
+ //"azureArcGuestconfigurationPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.guestconfiguration.azure.com')]",
+ //"azureArcHybridResourceProviderPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.his.arc.azure.com')]",
+ //"azureArcKubernetesConfigurationPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.dp.kubernetesconfiguration.azure.com')]",
+ // Azure IoT Central is NOT supported in Mooncake yet
+ //"azureIotCentralPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.azureiotcentral.com')]",
+ "azureStorageTablePrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.table.core.chinacloudapi.cn')]",
+ "azureStorageTableSecondaryPrivateDnsZoneId": "[concat(variables('baseId'), 'privatelink.table.core.chinacloudapi.cn')]",
+ "azureSiteRecoveryBackupPrivateDnsZoneID": "[concat(variables('baseId'), replace('privatelink.regionGeoShortCode.backup.windowsazure.cn','regionGeoShortCode',variables('azBackupGeoCodes')[toLower(parameters('location'))]))]",
+ "azureSiteRecoveryBlobPrivateDnsZoneID": "[concat(variables('baseId'), 'privatelink.blob.core.chinacloudapi.cn')]",
+ "azureSiteRecoveryQueuePrivateDnsZoneID": "[concat(variables('baseId'), 'privatelink.queue.core.chinacloudapi.cn')]"
+ },
+ "policyDefinitions": {
+ "deployPrivateDnsZones": "[concat('/providers/Microsoft.Management/managementGroups/', parameters('topLevelManagementGroupPrefix'), '/providers/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones-AzureChinaCloud')]"
+ },
+ "policyAssignmentNames": {
+ "deployPrivateDnsZones": "Deploy-Private-DNS-Zones",
+ "displayName": "Configure Azure PaaS services to use private DNS zones",
+ "description": "This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones"
+ },
+ "nonComplianceMessage": {
+ "message": "Azure PaaS services {enforcementMode} use private DNS zones.",
+ "Default": "must",
+ "DoNotEnforce": "should"
+ },
+ "roleAssignmentNames": {
+ "deployPrivateDnsZones": "[guid(concat(parameters('topLevelManagementGroupPrefix'), variables('policyAssignmentNames').deployPrivateDnsZones))]"
+ },
+ "policyRbac": "/providers/Microsoft.Authorization/roleDefinitions/4d97b98b-1d4f-4787-a291-c67834d212e7"
+ },
+ "resources": [
+ {
+ "type": "Microsoft.Authorization/policyAssignments",
+ "apiVersion": "2022-06-01",
+ "name": "[variables('policyAssignmentNames').deployPrivateDnsZones]",
+ "location": "[deployment().location]",
+ "identity": {
+ "type": "SystemAssigned"
+ },
+ "properties": {
+ "description": "[variables('policyAssignmentNames').description]",
+ "displayName": "[variables('policyAssignmentNames').displayName]",
+ "policyDefinitionId": "[variables('policyDefinitions').deployPrivateDnsZones]",
+ "enforcementMode": "[parameters('enforcementMode')]",
+ "nonComplianceMessages": [
+ {
+ "message": "[replace(variables('nonComplianceMessage').message, parameters('nonComplianceMessagePlaceholder'), variables('nonComplianceMessage')[parameters('enforcementMode')])]"
+ }
+ ],
+ "parameters": {
+ "azureFilePrivateDnsZoneId": {
+ "value": "[variables('policyParameterMapping').azureFilePrivateDnsZoneId]"
+ },
+ "azureAutomationWebhookPrivateDnsZoneId": {
+ "value": "[variables('policyParameterMapping').azureAutomationWebhookPrivateDnsZoneId]"
+ },
+ "azureAutomationDSCHybridPrivateDnsZoneId": {
+ "value": "[variables('policyParameterMapping').azureAutomationDSCHybridPrivateDnsZoneId]"
+ },
+ "azureCosmosSQLPrivateDnsZoneId": {
+ "value": "[variables('policyParameterMapping').azureCosmosSQLPrivateDnsZoneId]"
+ },
+ "azureCosmosMongoPrivateDnsZoneId": {
+ "value": "[variables('policyParameterMapping').azureCosmosMongoPrivateDnsZoneId]"
+ },
+ "azureCosmosCassandraPrivateDnsZoneId": {
+ "value": "[variables('policyParameterMapping').azureCosmosCassandraPrivateDnsZoneId]"
+ },
+ "azureCosmosGremlinPrivateDnsZoneId": {
+ "value": "[variables('policyParameterMapping').azureCosmosGremlinPrivateDnsZoneId]"
+ },
+ "azureCosmosTablePrivateDnsZoneId": {
+ "value": "[variables('policyParameterMapping').azureCosmosTablePrivateDnsZoneId]"
+ },
+ "azureDataFactoryPrivateDnsZoneId": {
+ "value": "[variables('policyParameterMapping').azureDataFactoryPrivateDnsZoneId]"
+ },
+ "azureDataFactoryPortalPrivateDnsZoneId": {
+ "value": "[variables('policyParameterMapping').azureDataFactoryPortalPrivateDnsZoneId]"
+ },
+ "azureHDInsightPrivateDnsZoneId": {
+ "value": "[variables('policyParameterMapping').azureHDInsightPrivateDnsZoneId]"
+ },
+
+ "azureStorageBlobPrivateDnsZoneId": {
+ "value": "[variables('policyParameterMapping').azureStorageBlobPrivateDnsZoneId]"
+ },
+ "azureStorageBlobSecPrivateDnsZoneId": {
+ "value": "[variables('policyParameterMapping').azureStorageBlobSecPrivateDnsZoneId]"
+ },
+ "azureStorageQueuePrivateDnsZoneId": {
+ "value": "[variables('policyParameterMapping').azureStorageQueuePrivateDnsZoneId]"
+ },
+ "azureStorageQueueSecPrivateDnsZoneId": {
+ "value": "[variables('policyParameterMapping').azureStorageQueueSecPrivateDnsZoneId]"
+ },
+ "azureStorageFilePrivateDnsZoneId": {
+ "value": "[variables('policyParameterMapping').azureStorageFilePrivateDnsZoneId]"
+ },
+ "azureStorageStaticWebPrivateDnsZoneId": {
+ "value": "[variables('policyParameterMapping').azureStorageStaticWebPrivateDnsZoneId]"
+ },
+ "azureStorageStaticWebSecPrivateDnsZoneId": {
+ "value": "[variables('policyParameterMapping').azureStorageStaticWebSecPrivateDnsZoneId]"
+ },
+ "azureStorageDFSPrivateDnsZoneId": {
+ "value": "[variables('policyParameterMapping').azureStorageDFSPrivateDnsZoneId]"
+ },
+ "azureStorageDFSSecPrivateDnsZoneId": {
+ "value": "[variables('policyParameterMapping').azureStorageDFSSecPrivateDnsZoneId]"
+ },
+ "azureSynapseSQLPrivateDnsZoneId": {
+ "value": "[variables('policyParameterMapping').azureSynapseSQLPrivateDnsZoneId]"
+ },
+ "azureSynapseSQLODPrivateDnsZoneId": {
+ "value": "[variables('policyParameterMapping').azureSynapseSQLODPrivateDnsZoneId]"
+ },
+ "azureSynapseDevPrivateDnsZoneId": {
+ "value": "[variables('policyParameterMapping').azureSynapseDevPrivateDnsZoneId]"
+ },
+ "azureMonitorPrivateDnsZoneId1": {
+ "value": "[variables('policyParameterMapping').azureMonitorPrivateDnsZoneId1]"
+ },
+ "azureMonitorPrivateDnsZoneId2": {
+ "value": "[variables('policyParameterMapping').azureMonitorPrivateDnsZoneId2]"
+ },
+ "azureMonitorPrivateDnsZoneId3": {
+ "value": "[variables('policyParameterMapping').azureMonitorPrivateDnsZoneId3]"
+ },
+ "azureMonitorPrivateDnsZoneId4": {
+ "value": "[variables('policyParameterMapping').azureMonitorPrivateDnsZoneId4]"
+ },
+ "azureMonitorPrivateDnsZoneId5": {
+ "value": "[variables('policyParameterMapping').azureMonitorPrivateDnsZoneId5]"
+ },
+ "azureBatchPrivateDnsZoneId": {
+ "value": "[variables('policyParameterMapping').azureBatchPrivateDnsZoneId]"
+ },
+ "azureAppPrivateDnsZoneId": {
+ "value": "[variables('policyParameterMapping').azureAppPrivateDnsZoneId]"
+ },
+
+ "azureIotPrivateDnsZoneId": {
+ "value": "[variables('policyParameterMapping').azureIotPrivateDnsZoneId]"
+ },
+ "azureKeyVaultPrivateDnsZoneId": {
+ "value": "[variables('policyParameterMapping').azureKeyVaultPrivateDnsZoneId]"
+ },
+ "azureSignalRPrivateDnsZoneId": {
+ "value": "[variables('policyParameterMapping').azureSignalRPrivateDnsZoneId]"
+ },
+ "azureAppServicesPrivateDnsZoneId": {
+ "value": "[variables('policyParameterMapping').azureAppServicesPrivateDnsZoneId]"
+ },
+ "azureEventGridTopicsPrivateDnsZoneId": {
+ "value": "[variables('policyParameterMapping').azureEventGridTopicsPrivateDnsZoneId]"
+ },
+ "azureDiskAccessPrivateDnsZoneId": {
+ "value": "[variables('policyParameterMapping').azureDiskAccessPrivateDnsZoneId]"
+ },
+ "azureCognitiveServicesPrivateDnsZoneId": {
+ "value": "[variables('policyParameterMapping').azureCognitiveServicesPrivateDnsZoneId]"
+ },
+ "azureIotHubsPrivateDnsZoneId": {
+ "value": "[variables('policyParameterMapping').azureIotHubsPrivateDnsZoneId]"
+ },
+ "azureEventGridDomainsPrivateDnsZoneId": {
+ "value": "[variables('policyParameterMapping').azureEventGridDomainsPrivateDnsZoneId]"
+ },
+ "azureRedisCachePrivateDnsZoneId": {
+ "value": "[variables('policyParameterMapping').azureRedisCachePrivateDnsZoneId]"
+ },
+ "azureAcrPrivateDnsZoneId": {
+ "value": "[variables('policyParameterMapping').azureAcrPrivateDnsZoneId]"
+ },
+ "azureEventHubNamespacePrivateDnsZoneId": {
+ "value": "[variables('policyParameterMapping').azureEventHubNamespacePrivateDnsZoneId]"
+ },
+ "azureMachineLearningWorkspacePrivateDnsZoneId": {
+ "value": "[variables('policyParameterMapping').azureMachineLearningWorkspacePrivateDnsZoneId]"
+ },
+ "azureMachineLearningWorkspaceSecondPrivateDnsZoneId": {
+ "value": "[variables('policyParameterMapping').azureMachineLearningWorkspaceSecondPrivateDnsZoneId]"
+ },
+ "azureServiceBusNamespacePrivateDnsZoneId": {
+ "value": "[variables('policyParameterMapping').azureServiceBusNamespacePrivateDnsZoneId]"
+ },
+ "azureCognitiveSearchPrivateDnsZoneId": {
+ "value": "[variables('policyParameterMapping').azureCognitiveSearchPrivateDnsZoneId]"
+ },
+
+ "azureVirtualDesktopHostpoolPrivateDnsZoneId": {
+ "value": "[variables('policyParameterMapping').azureVirtualDesktopHostpoolPrivateDnsZoneId]"
+ },
+ "azureVirtualDesktopWorkspacePrivateDnsZoneId": {
+ "value": "[variables('policyParameterMapping').azureVirtualDesktopWorkspacePrivateDnsZoneId]"
+ },
+ "azureStorageTablePrivateDnsZoneId": {
+ "value": "[variables('policyParameterMapping').azureStorageTablePrivateDnsZoneId]"
+ },
+ "azureStorageTableSecondaryPrivateDnsZoneId": {
+ "value": "[variables('policyParameterMapping').azureStorageTableSecondaryPrivateDnsZoneId]"
+ },
+ "azureSiteRecoveryBackupPrivateDnsZoneID": {
+ "value": "[variables('policyParameterMapping').azureSiteRecoveryBackupPrivateDnsZoneID]"
+ },
+ "azureSiteRecoveryBlobPrivateDnsZoneID": {
+ "value": "[variables('policyParameterMapping').azureSiteRecoveryBlobPrivateDnsZoneID]"
+ },
+ "azureSiteRecoveryQueuePrivateDnsZoneID": {
+ "value": "[variables('policyParameterMapping').azureSiteRecoveryQueuePrivateDnsZoneID]"
+ }
+ }
+ }
+ },
+ {
+ "type": "Microsoft.Authorization/roleAssignments",
+ "apiVersion": "2019-04-01-preview",
+ "name": "[variables('roleAssignmentNames').deployPrivateDnsZones]",
+ "dependsOn": [
+ "[variables('policyAssignmentNames').deployPrivateDnsZones]"
+ ],
+ "properties": {
+ "principalType": "ServicePrincipal",
+ "roleDefinitionId": "[variables('policyRbac')]",
+ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').deployPrivateDnsZones), '2019-09-01', 'Full').identity.principalId)]"
+ }
+ }
+ ],
+ "outputs": {
+ "principalId": {
+ "type": "string",
+ "value": "[reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').deployPrivateDnsZones), '2019-09-01', 'Full').identity.principalId]"
+ }
+ }
+}
\ No newline at end of file
diff --git a/eslzArm/managementGroupTemplates/policyAssignments/china/mcENFORCE-ALZ-DecommissionedPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/china/mcENFORCE-ALZ-DecommissionedPolicyAssignment.json
new file mode 100644
index 0000000000..a957918d71
--- /dev/null
+++ b/eslzArm/managementGroupTemplates/policyAssignments/china/mcENFORCE-ALZ-DecommissionedPolicyAssignment.json
@@ -0,0 +1,96 @@
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-08-01/managementGroupDeploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "topLevelManagementGroupPrefix": {
+ "type": "string",
+ "metadata": {
+ "description": "Provide the ESLZ company prefix to the intermediate root management group containing the policy definitions."
+ }
+ },
+ "enforcementMode": {
+ "type": "string",
+ "allowedValues": [
+ "Default",
+ "DoNotEnforce"
+ ],
+ "defaultValue": "Default"
+ },
+ "nonComplianceMessagePlaceholder": {
+ "type": "string",
+ "defaultValue": "{enforcementMode}"
+ },
+ "listOfResourceTypesAllowed": {
+ "type": "Array",
+ "defaultValue": [
+ "microsoft.consumption/tags",
+ "microsoft.authorization/roleassignments",
+ "microsoft.authorization/roledefinitions",
+ "microsoft.authorization/policyassignments",
+ "microsoft.authorization/locks",
+ "microsoft.authorization/policydefinitions",
+ "microsoft.authorization/policysetdefinitions",
+ "microsoft.resources/tags",
+ "microsoft.authorization/roleeligibilityschedules",
+ "microsoft.authorization/roleeligibilityscheduleinstances",
+ "microsoft.authorization/roleassignmentschedules",
+ "microsoft.authorization/roleassignmentscheduleinstances"
+ ]
+ }
+ },
+ "variables": {
+ "policyDefinitions": {
+ "enforceAlzDecommissioned": "[concat('/providers/Microsoft.Management/managementGroups/', parameters('topLevelManagementGroupPrefix'), '/providers/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm-AzureChinaCloud')]"
+ },
+ "policyAssignmentNames": {
+ "alzDecommission": "Enforce-ALZ-Decomm",
+ "description": "This initiative will help enforce and govern subscriptions that are placed within the decommissioned Management Group as part of your Subscription decommissioning process. See https://aka.ms/alz/policies for more information.",
+ "displayName": "Enforce ALZ Decommissioned Guardrails"
+ },
+ "nonComplianceMessage": {
+ "message": "ALZ Decommissioned Guardrails {enforcementMode} be enforced.",
+ "Default": "must",
+ "DoNotEnforce": "should"
+ },
+ "rbacVMContributor": "9980e02c-c2be-4d73-94e8-173b1dc7cf3c",
+ "roleAssignmentNames": {
+ "deployDecommRoles": "[guid(concat(parameters('topLevelManagementGroupPrefix'), variables('policyAssignmentNames').alzDecommission))]"
+ }
+ },
+ "resources": [
+ {
+ "type": "Microsoft.Authorization/policyAssignments",
+ "apiVersion": "2022-06-01",
+ "name": "[variables('policyAssignmentNames').alzDecommission]",
+ "location": "[deployment().location]",
+ "identity": {
+ "type": "SystemAssigned"
+ },
+ "properties": {
+ "description": "[variables('policyAssignmentNames').description]",
+ "displayName": "[variables('policyAssignmentNames').displayName]",
+ "policyDefinitionId": "[variables('policyDefinitions').enforceAlzDecommissioned]",
+ "enforcementMode": "[parameters('enforcementMode')]",
+ "parameters": {
+ "listOfResourceTypesAllowed": {
+ "value": "[parameters('listOfResourceTypesAllowed')]"
+ }
+ }
+ }
+ },
+ {
+ "type": "Microsoft.Authorization/roleAssignments",
+ "apiVersion": "2019-04-01-preview",
+ "name": "[variables('roleAssignmentNames').deployDecommRoles]",
+ "dependsOn": [
+ "[variables('policyAssignmentNames').alzDecommission]"
+ ],
+ "properties": {
+ "principalType": "ServicePrincipal",
+ "roleDefinitionId": "[concat('/providers/Microsoft.Authorization/roleDefinitions/', variables('rbacVMContributor'))]",
+ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', variables('policyAssignmentNames').alzDecommission), '2019-09-01', 'Full' ).identity.principalId)]"
+ }
+ }
+ ],
+ "outputs": {}
+}
\ No newline at end of file
diff --git a/eslzArm/managementGroupTemplates/policyAssignments/china/mcENFORCE-BackupPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/china/mcENFORCE-BackupPolicyAssignment.json
new file mode 100644
index 0000000000..5e935590b2
--- /dev/null
+++ b/eslzArm/managementGroupTemplates/policyAssignments/china/mcENFORCE-BackupPolicyAssignment.json
@@ -0,0 +1,58 @@
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "topLevelManagementGroupPrefix": {
+ "type": "string",
+ "metadata": {
+ "description": "Provide the ESLZ company prefix to the intermediate root management group containing the policy definitions."
+ }
+ },
+ "enforcementMode": {
+ "type": "string",
+ "allowedValues": [
+ "Default",
+ "DoNotEnforce"
+ ],
+ "defaultValue": "Default"
+ },
+ "nonComplianceMessagePlaceholder": {
+ "type": "string",
+ "defaultValue": "{enforcementMode}"
+ }
+ },
+ "variables": {
+ "policyDefinitions": {
+ "enforceGuardrailsBackup": "[concat('/providers/Microsoft.Management/managementGroups/', parameters('topLevelManagementGroupPrefix'), '/providers/Microsoft.Authorization/policySetDefinitions/Enforce-Backup-AzureChinaCloud')]"
+ },
+ "policyAssignmentNames": {
+ "enforceGuardrailsBackup": "Enforce-ASR",
+ "description": "This initiative assignment enables recommended ALZ guardrails for Azure Recovery Services.",
+ "displayName": "Enforce enhanced recovery and backup policies"
+ },
+ "nonComplianceMessage": {
+ "message": "Recommended guardrails {enforcementMode} be enforced for Azure Recovery Services (Backup and Site Recovery).",
+ "Default": "must",
+ "DoNotEnforce": "should"
+ }
+ },
+ "resources": [
+ {
+ "type": "Microsoft.Authorization/policyAssignments",
+ "apiVersion": "2022-06-01",
+ "name": "[variables('policyAssignmentNames').enforceGuardrailsBackup]",
+ "properties": {
+ "description": "[variables('policyAssignmentNames').description]",
+ "displayName": "[variables('policyAssignmentNames').displayName]",
+ "policyDefinitionId": "[variables('policyDefinitions').enforceGuardrailsBackup]",
+ "enforcementMode": "[parameters('enforcementMode')]",
+ "nonComplianceMessages": [
+ {
+ "message": "[replace(variables('nonComplianceMessage').message, parameters('nonComplianceMessagePlaceholder'), variables('nonComplianceMessage')[parameters('enforcementMode')])]"
+ }
+ ]
+ }
+ }
+ ],
+ "outputs": {}
+}
diff --git a/eslzArm/managementGroupTemplates/policyAssignments/china/mcENFORCE-GuardrailsKeyVaultPolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/china/mcENFORCE-GuardrailsKeyVaultPolicyAssignment.json
new file mode 100644
index 0000000000..b64a1b9397
--- /dev/null
+++ b/eslzArm/managementGroupTemplates/policyAssignments/china/mcENFORCE-GuardrailsKeyVaultPolicyAssignment.json
@@ -0,0 +1,53 @@
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "topLevelManagementGroupPrefix": {
+ "type": "string",
+ "metadata": {
+ "description": "Provide the ESLZ company prefix to the intermediate root management group containing the policy definitions."
+ }
+ },
+ "enforcementMode": {
+ "type": "string",
+ "allowedValues": [
+ "Default",
+ "DoNotEnforce"
+ ],
+ "defaultValue": "Default"
+ },
+ "nonComplianceMessagePlaceholder": {
+ "type": "string",
+ "defaultValue": "{enforcementMode}"
+ }
+ },
+ "variables": {
+ "policyDefinitions": {
+ "enforceGuardrailsKeyVault": "[concat('/providers/Microsoft.Management/managementGroups/', parameters('topLevelManagementGroupPrefix'), '/providers/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault-AzureChinaCloud')]"
+ },
+ "policyAssignmentNames": {
+ "enforceGuardrailsKeyVault": "Enforce-GR-KeyVault",
+ "description": "This initiative assignment enables recommended ALZ guardrails for Azure Key Vault.",
+ "displayName": "Enforce recommended guardrails for Azure Key Vault"
+ },
+ "nonComplianceMessage": {
+ "message": "Recommended guardrails {enforcementMode} be enforced for Azure Key Vault.",
+ "Default": "must",
+ "DoNotEnforce": "should"
+ }
+ },
+ "resources": [
+ {
+ "type": "Microsoft.Authorization/policyAssignments",
+ "apiVersion": "2022-06-01",
+ "name": "[variables('policyAssignmentNames').enforceGuardrailsKeyVault]",
+ "properties": {
+ "description": "[variables('policyAssignmentNames').description]",
+ "displayName": "[variables('policyAssignmentNames').displayName]",
+ "policyDefinitionId": "[variables('policyDefinitions').enforceGuardrailsKeyVault]",
+ "enforcementMode": "[parameters('enforcementMode')]"
+ }
+ }
+ ],
+ "outputs": {}
+}
diff --git a/eslzArm/managementGroupTemplates/policyAssignments/china/mcENFORCE-RegulatoryCompliancePolicyAssignment.json b/eslzArm/managementGroupTemplates/policyAssignments/china/mcENFORCE-RegulatoryCompliancePolicyAssignment.json
new file mode 100644
index 0000000000..ec61d1e5d2
--- /dev/null
+++ b/eslzArm/managementGroupTemplates/policyAssignments/china/mcENFORCE-RegulatoryCompliancePolicyAssignment.json
@@ -0,0 +1,4357 @@
+{
+ "$schema": "https://schema.management.azure.com/schemas/2019-08-01/tenantDeploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "topLevelManagementGroupPrefix": {
+ "type": "string",
+ "metadata": {
+ "description": "Provide the ESLZ company prefix to the intermediate root management group containing the policy definitions."
+ }
+ },
+ "policySetDefinitionId": {
+ "type": "string",
+ "metadata": {
+ "description": "Resource ID of the Policy Initative (Set Definition)"
+ }
+ },
+ "policySetDefinitionDisplayName": {
+ "type": "string",
+ "metadata": {
+ "description": "The Display Name for the Policy Initative (Set Definition)"
+ }
+ },
+ "policySetDefinitionDescription": {
+ "type": "string",
+ "metadata": {
+ "description": "The Description for the Policy Initative (Set Definition)"
+ }
+ },
+ "policyAssignmentName": {
+ "type": "string",
+ "metadata": {
+ "description": "The name for the Policy Assignment"
+ }
+ },
+ "enforcementMode": {
+ "type": "string",
+ "allowedValues": [
+ "Default",
+ "DoNotEnforce"
+ ],
+ "defaultValue": "Default"
+ },
+ "logAnalyticsWorkspaceId": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "description": "The Resource ID of the Log Analytics Workspace"
+ }
+ },
+ "regCompPolParAusGovIsmRestrictedVmAdminsExclude": {
+ "type": "string",
+ "defaultValue": ""
+ },
+ "regCompPolParAusGovIsmRestrictedResourceTypes": {
+ "type": "string",
+ "defaultValue": "all"
+ },
+ "regCompPolParMPAACertificateThumb": {
+ "type": "string",
+ "defaultValue": ""
+ },
+ "regCompPolParMPAAApplicationName": {
+ "type": "string",
+ "defaultValue": ""
+ },
+ "regCompPolParMPAAStoragePrefix": {
+ "type": "string",
+ "defaultValue": ""
+ },
+ "regCompPolParMPAAResGroupPrefix": {
+ "type": "string",
+ "defaultValue": ""
+ },
+ "regCompPolParMPAARBatchMetricName": {
+ "type": "string",
+ "defaultValue": ""
+ },
+ "regCompPolParSovBaseConfRegions": {
+ "type": "array",
+ "defaultValue": []
+ },
+ "regCompPolParSovBaseGlobalRegions": {
+ "type": "array",
+ "defaultValue": []
+ },
+ "regCompPolParSwift2020VmAdminsInclude": {
+ "type": "string",
+ "defaultValue": ""
+ },
+ "regCompPolParSwift2020DomainFqdn": {
+ "type": "string",
+ "defaultValue": ""
+ },
+ "regCompPolParCanadaFedPbmmVmAdminsInclude": {
+ "type": "string",
+ "defaultValue": ""
+ },
+ "regCompPolParCanadaFedPbmmVmAdminsExclude": {
+ "type": "string",
+ "defaultValue": ""
+ },
+ "regCompPolParCisV2KeyVaultKeysRotateDays": {
+ "type": "int",
+ "defaultValue": 90
+ },
+ "regCompPolParCmmcL3VmAdminsInclude": {
+ "type": "string",
+ "defaultValue": ""
+ },
+ "regCompPolParCmmcL3VmAdminsExclude": {
+ "type": "string",
+ "defaultValue": ""
+ },
+ "regCompPolParHitrustHipaaApplicationName": {
+ "type": "string",
+ "defaultValue": ""
+ },
+ "regCompPolParHitrustHipaaStoragePrefix": {
+ "type": "string",
+ "defaultValue": ""
+ },
+ "regCompPolParHitrustHipaaResGroupPrefix": {
+ "type": "string",
+ "defaultValue": ""
+ },
+ "regCompPolParHitrustHipaaCertificateThumb": {
+ "type": "string",
+ "defaultValue": ""
+ },
+ "regCompPolParIrs1075Sep2016VmAdminsExclude": {
+ "type": "string",
+ "defaultValue": ""
+ },
+ "regCompPolParIrs1075Sep2016VmAdminsInclude": {
+ "type": "string",
+ "defaultValue": ""
+ },
+ "regCompPolParNZIsmRestrictedVmAdminsInclude": {
+ "type": "string",
+ "defaultValue": ""
+ },
+ "regCompPolParNZIsmRestrictedVmAdminsExclude": {
+ "type": "string",
+ "defaultValue": ""
+ },
+ "regCompPolParNistSp800171R2VmAdminsExclude": {
+ "type": "string",
+ "defaultValue": ""
+ },
+ "regCompPolParNistSp800171R2VmAdminsInclude": {
+ "type": "string",
+ "defaultValue": ""
+ },
+ "regCompPolParSoc2Type2AllowedRegistries": {
+ "type": "string",
+ "defaultValue": "^[^\\/]+\\.azurecr\\.io\\/.+$"
+ },
+ "regCompPolParSoc2Type2MaxCpuUnits": {
+ "type": "string",
+ "defaultValue": "200m"
+ },
+ "regCompPolParSoc2Type2MaxMemoryBytes": {
+ "type": "string",
+ "defaultValue": "1Gi"
+ }
+ },
+ "variables": {
+ "rbacContributor": "b24988ac-6180-42a0-ab88-20f7382dd24c",
+ "roleAssignmentNames": {
+ "deployRoles": "[guid(concat(parameters('topLevelManagementGroupPrefix'), parameters('policyAssignmentName')))]"
+ },
+ "knownPolicyInitativeDefinitionIdsThatRequireParamaeters": [
+ "/providers/Microsoft.Authorization/policySetDefinitions/27272c0b-c225-4cc3-b8b0-f2534b093077",
+ "/providers/Microsoft.Authorization/policySetDefinitions/92646f03-e39d-47a9-9e24-58d60ef49af8",
+ "/providers/Microsoft.Authorization/policySetDefinitions/03de05a4-c324-4ccd-882f-a814ea8ab9ea",
+ "/providers/Microsoft.Authorization/policySetDefinitions/c1cbff38-87c0-4b9f-9f70-035c7a3b5523",
+ "/providers/Microsoft.Authorization/policySetDefinitions/3e0c67fc-8c7c-406c-89bd-6b6bdc986a22",
+ "/providers/Microsoft.Authorization/policySetDefinitions/4c4a5f27-de81-430b-b4e5-9cbd50595a87",
+ "/providers/Microsoft.Authorization/policySetDefinitions/06f19060-9e68-4070-92ca-f15cc126059e",
+ "/providers/Microsoft.Authorization/policySetDefinitions/b5629c75-5c77-4422-87b9-2509e680f8de",
+ "/providers/Microsoft.Authorization/policySetDefinitions/a169a624-5599-4385-a696-c8d643089fab",
+ "/providers/Microsoft.Authorization/policySetDefinitions/105e0327-6175-4eb2-9af4-1fba43bdb39d",
+ "/providers/Microsoft.Authorization/policySetDefinitions/d1a462af-7e6d-4901-98ac-61570b4ed22a",
+ "/providers/Microsoft.Authorization/policySetDefinitions/03055927-78bd-4236-86c0-f36125a10dc9",
+ "/providers/Microsoft.Authorization/policySetDefinitions/4054785f-702b-4a98-9215-009cbd58b141"
+ ],
+ "allResourceTypes": [
+ "Microsoft.Security/operations",
+ "Microsoft.Security/securityStatuses",
+ "Microsoft.Security/tasks",
+ "Microsoft.Security/secureScores",
+ "Microsoft.Security/secureScores/secureScoreControls",
+ "Microsoft.Security/secureScoreControls",
+ "Microsoft.Security/secureScoreControlDefinitions",
+ "Microsoft.Security/connectors",
+ "Microsoft.Security/regulatoryComplianceStandards",
+ "Microsoft.Security/regulatoryComplianceStandards/regulatoryComplianceControls",
+ "Microsoft.Security/regulatoryComplianceStandards/regulatoryComplianceControls/regulatoryComplianceAssessments",
+ "Microsoft.Security/alerts",
+ "Microsoft.Security/alertsSuppressionRules",
+ "Microsoft.Security/autoDismissAlertsRules",
+ "Microsoft.Security/dataCollectionAgents",
+ "Microsoft.Security/pricings",
+ "Microsoft.Security/pricings/securityOperators",
+ "Microsoft.Security/AutoProvisioningSettings",
+ "Microsoft.Security/MdeOnboardings",
+ "Microsoft.Security/vmScanners",
+ "Microsoft.Security/Compliances",
+ "Microsoft.Security/securityContacts",
+ "Microsoft.Security/workspaceSettings",
+ "Microsoft.Security/complianceResults",
+ "Microsoft.Security/policies",
+ "Microsoft.Security/assessments",
+ "Microsoft.Security/governanceRules",
+ "Microsoft.Security/assessments/governanceAssignments",
+ "Microsoft.Security/assessmentMetadata",
+ "Microsoft.Security/subAssessments",
+ "Microsoft.Security/securitySolutions",
+ "Microsoft.Security/locations/securitySolutions",
+ "Microsoft.Security/discoveredSecuritySolutions",
+ "Microsoft.Security/locations/discoveredSecuritySolutions",
+ "Microsoft.Security/allowedConnections",
+ "Microsoft.Security/locations/allowedConnections",
+ "Microsoft.Security/topologies",
+ "Microsoft.Security/locations/topologies",
+ "Microsoft.Security/securitySolutionsReferenceData",
+ "Microsoft.Security/locations/securitySolutionsReferenceData",
+ "Microsoft.Security/jitPolicies",
+ "Microsoft.Security/jitNetworkAccessPolicies",
+ "Microsoft.Security/locations/jitNetworkAccessPolicies",
+ "Microsoft.Security/locations",
+ "Microsoft.Security/securityStatusesSummaries",
+ "Microsoft.Security/applicationWhitelistings",
+ "Microsoft.Security/locations/applicationWhitelistings",
+ "Microsoft.Security/locations/alerts",
+ "Microsoft.Security/locations/tasks",
+ "Microsoft.Security/externalSecuritySolutions",
+ "Microsoft.Security/locations/externalSecuritySolutions",
+ "Microsoft.Security/InformationProtectionPolicies",
+ "Microsoft.Security/advancedThreatProtectionSettings",
+ "Microsoft.Security/sqlVulnerabilityAssessments",
+ "Microsoft.Security/deviceSecurityGroups",
+ "Microsoft.Security/iotSecuritySolutions",
+ "Microsoft.Security/iotSecuritySolutions/analyticsModels",
+ "Microsoft.Security/iotSecuritySolutions/iotAlertTypes",
+ "Microsoft.Security/iotSecuritySolutions/iotAlerts",
+ "Microsoft.Security/iotSecuritySolutions/iotRecommendationTypes",
+ "Microsoft.Security/iotSecuritySolutions/iotRecommendations",
+ "Microsoft.Security/iotSecuritySolutions/analyticsModels/aggregatedAlerts",
+ "Microsoft.Security/iotSecuritySolutions/analyticsModels/aggregatedRecommendations",
+ "Microsoft.Security/settings",
+ "Microsoft.Security/serverVulnerabilityAssessments",
+ "Microsoft.Security/serverVulnerabilityAssessmentsSettings",
+ "Microsoft.Security/adaptiveNetworkHardenings",
+ "Microsoft.Security/automations",
+ "Microsoft.Security/defenderForStorageSettings",
+ "Microsoft.Security/dataScanners",
+ "Microsoft.Security/securityConnectors",
+ "Microsoft.Security/securityConnectors/devops",
+ "Microsoft.Security/customRecommendations",
+ "Microsoft.Security/customAssessmentAutomations",
+ "Microsoft.Security/securityStandards",
+ "Microsoft.Security/standards",
+ "Microsoft.Security/standardAssignments",
+ "Microsoft.Security/assignments",
+ "Microsoft.Security/sensitivitySettings",
+ "Microsoft.Security/query",
+ "Microsoft.Security/applications",
+ "Microsoft.Security/apiCollections",
+ "Microsoft.Security/healthReports",
+ "Microsoft.Security/aggregations",
+ "Microsoft.Security/integrations",
+ "Microsoft.PolicyInsights/policyEvents",
+ "Microsoft.PolicyInsights/policyStates",
+ "Microsoft.PolicyInsights/operations",
+ "Microsoft.PolicyInsights/asyncOperationResults",
+ "Microsoft.PolicyInsights/remediations",
+ "Microsoft.PolicyInsights/eventGridFilters",
+ "Microsoft.PolicyInsights/checkPolicyRestrictions",
+ "Microsoft.PolicyInsights/policyTrackedResources",
+ "Microsoft.PolicyInsights/policyMetadata",
+ "Microsoft.Management/resources",
+ "Microsoft.Management/managementGroups",
+ "Microsoft.Management/getEntities",
+ "Microsoft.Management/managementGroups/settings",
+ "Microsoft.Management/checkNameAvailability",
+ "Microsoft.Management/operationResults",
+ "Microsoft.Management/operationResults/asyncOperation",
+ "Microsoft.Management/operations",
+ "Microsoft.Management/tenantBackfillStatus",
+ "Microsoft.Management/startTenantBackfill",
+ "Microsoft.Storage/storageAccounts/storageTaskAssignments",
+ "Microsoft.Storage/storageAccounts/encryptionScopes",
+ "Microsoft.Storage/deletedAccounts",
+ "Microsoft.Storage/locations/deletedAccounts",
+ "Microsoft.Storage/storageAccounts",
+ "Microsoft.Storage/storageTasks",
+ "Microsoft.Storage/operations",
+ "Microsoft.Storage/locations/asyncoperations",
+ "Microsoft.Storage/storageAccounts/listAccountSas",
+ "Microsoft.Storage/storageAccounts/listServiceSas",
+ "Microsoft.Storage/storageAccounts/blobServices",
+ "Microsoft.Storage/storageAccounts/tableServices",
+ "Microsoft.Storage/storageAccounts/queueServices",
+ "Microsoft.Storage/storageAccounts/fileServices",
+ "Microsoft.Storage/locations",
+ "Microsoft.Storage/locations/usages",
+ "Microsoft.Storage/locations/deleteVirtualNetworkOrSubnets",
+ "Microsoft.Storage/usages",
+ "Microsoft.Storage/checkNameAvailability",
+ "Microsoft.Storage/locations/checkNameAvailability",
+ "Microsoft.Storage/storageAccounts/services",
+ "Microsoft.Storage/storageAccounts/services/metricDefinitions",
+ "Microsoft.Storage/locations/notifyNetworkSecurityPerimeterUpdatesAvailable",
+ "Microsoft.OperationalInsights/workspaces",
+ "Microsoft.OperationalInsights/querypacks",
+ "Microsoft.OperationalInsights/locations",
+ "Microsoft.OperationalInsights/locations/operationStatuses",
+ "Microsoft.OperationalInsights/workspaces/scopedPrivateLinkProxies",
+ "Microsoft.OperationalInsights/workspaces/api",
+ "Microsoft.OperationalInsights/workspaces/query",
+ "Microsoft.OperationalInsights/workspaces/metadata",
+ "Microsoft.OperationalInsights/workspaces/purge",
+ "Microsoft.OperationalInsights/workspaces/operations",
+ "Microsoft.OperationalInsights/workspaces/dataSources",
+ "Microsoft.OperationalInsights/workspaces/linkedStorageAccounts",
+ "Microsoft.OperationalInsights/workspaces/tables",
+ "Microsoft.OperationalInsights/workspaces/storageInsightConfigs",
+ "Microsoft.OperationalInsights/storageInsightConfigs",
+ "Microsoft.OperationalInsights/workspaces/linkedServices",
+ "Microsoft.OperationalInsights/linkTargets",
+ "Microsoft.OperationalInsights/deletedWorkspaces",
+ "Microsoft.OperationalInsights/operations",
+ "Microsoft.OperationalInsights/clusters",
+ "Microsoft.OperationalInsights/workspaces/dataExports",
+ "Microsoft.OperationalInsights/locations/notifyNetworkSecurityPerimeterUpdatesAvailable",
+ "Microsoft.Automation/automationAccounts",
+ "Microsoft.Automation/deletedAutomationAccounts",
+ "Microsoft.Automation/automationAccounts/runbooks",
+ "Microsoft.Automation/automationAccounts/configurations",
+ "Microsoft.Automation/automationAccounts/webhooks",
+ "Microsoft.Automation/operations",
+ "Microsoft.Automation/automationAccounts/softwareUpdateConfigurations",
+ "Microsoft.Automation/automationAccounts/softwareUpdateConfigurationRuns",
+ "Microsoft.Automation/automationAccounts/softwareUpdateConfigurationMachineRuns",
+ "Microsoft.Automation/automationAccounts/jobs",
+ "Microsoft.Automation/automationAccounts/privateLinkResources",
+ "Microsoft.Automation/automationAccounts/privateEndpointConnections",
+ "Microsoft.Automation/automationAccounts/privateEndpointConnectionProxies",
+ "Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups",
+ "Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/hybridRunbookWorkers",
+ "Microsoft.Automation/automationAccounts/agentRegistrationInformation",
+ "Microsoft.Network/virtualNetworkGateways",
+ "Microsoft.Network/localNetworkGateways",
+ "Microsoft.Network/connections",
+ "Microsoft.Network/applicationGateways",
+ "Microsoft.Network/expressRouteCircuits",
+ "Microsoft.Network/expressRouteServiceProviders",
+ "Microsoft.Network/applicationGatewayAvailableWafRuleSets",
+ "Microsoft.Network/applicationGatewayAvailableSslOptions",
+ "Microsoft.Network/applicationGatewayAvailableServerVariables",
+ "Microsoft.Network/applicationGatewayAvailableRequestHeaders",
+ "Microsoft.Network/applicationGatewayAvailableResponseHeaders",
+ "Microsoft.Network/routeFilters",
+ "Microsoft.Network/bgpServiceCommunities",
+ "Microsoft.Network/vpnSites",
+ "Microsoft.Network/vpnServerConfigurations",
+ "Microsoft.Network/virtualHubs",
+ "Microsoft.Network/vpnGateways",
+ "Microsoft.Network/p2sVpnGateways",
+ "Microsoft.Network/expressRouteGateways",
+ "Microsoft.Network/expressRoutePortsLocations",
+ "Microsoft.Network/expressRoutePorts",
+ "Microsoft.Network/securityPartnerProviders",
+ "Microsoft.Network/azureFirewalls",
+ "Microsoft.Network/azureFirewallFqdnTags",
+ "Microsoft.Network/applicationGatewayWebApplicationFirewallPolicies",
+ "Microsoft.Network/locations/ApplicationGatewayWafDynamicManifests",
+ "Microsoft.Network/virtualWans",
+ "Microsoft.Network/bastionHosts",
+ "Microsoft.Network/queryExpressRoutePortsBandwidth",
+ "Microsoft.Network/trafficmanagerprofiles",
+ "Microsoft.Network/trafficmanagerprofiles/heatMaps",
+ "Microsoft.Network/trafficmanagerprofiles/azureendpoints",
+ "Microsoft.Network/trafficmanagerprofiles/externalendpoints",
+ "Microsoft.Network/trafficmanagerprofiles/nestedendpoints",
+ "Microsoft.Network/checkTrafficManagerNameAvailability",
+ "Microsoft.Network/checkTrafficManagerNameAvailabilityV2",
+ "Microsoft.Network/trafficManagerUserMetricsKeys",
+ "Microsoft.Network/trafficManagerGeographicHierarchies",
+ "Microsoft.Network/expressRouteProviderPorts",
+ "Microsoft.Network/locations/hybridEdgeZone",
+ "Microsoft.Network/firewallPolicies",
+ "Microsoft.Network/ipGroups",
+ "Microsoft.Network/azureWebCategories",
+ "Microsoft.Network/locations/nfvOperations",
+ "Microsoft.Network/locations/nfvOperationResults",
+ "Microsoft.Network/virtualRouters",
+ "Microsoft.Network/networkVirtualAppliances",
+ "Microsoft.Network/networkVirtualApplianceSkus",
+ "Microsoft.Network/frontdoorOperationResults",
+ "Microsoft.Network/checkFrontdoorNameAvailability",
+ "Microsoft.Network/frontdoors",
+ "Microsoft.Network/frontdoors/frontendEndpoints",
+ "Microsoft.Network/frontdoors/frontendEndpoints/customHttpsConfiguration",
+ "Microsoft.Network/frontdoorWebApplicationFirewallPolicies",
+ "Microsoft.Network/frontdoorWebApplicationFirewallManagedRuleSets",
+ "Microsoft.Network/networkExperimentProfiles",
+ "Microsoft.Network/networkManagers",
+ "Microsoft.Network/networkManagerConnections",
+ "Microsoft.Network/networkSecurityPerimeters",
+ "Microsoft.Network/locations/perimeterAssociableResourceTypes",
+ "Microsoft.Network/locations/queryNetworkSecurityPerimeter",
+ "Microsoft.Network/virtualNetworks/listNetworkManagerEffectiveConnectivityConfigurations",
+ "Microsoft.Network/virtualNetworks/listNetworkManagerEffectiveSecurityAdminRules",
+ "Microsoft.Network/networkGroupMemberships",
+ "Microsoft.Network/locations/commitInternalAzureNetworkManagerConfiguration",
+ "Microsoft.Network/locations/internalAzureVirtualNetworkManagerOperation",
+ "Microsoft.Network/privateDnsZones",
+ "Microsoft.Network/privateDnsZones/virtualNetworkLinks",
+ "Microsoft.Network/privateDnsOperationResults",
+ "Microsoft.Network/privateDnsOperationStatuses",
+ "Microsoft.Network/privateDnsZonesInternal",
+ "Microsoft.Network/privateDnsZones/A",
+ "Microsoft.Network/privateDnsZones/AAAA",
+ "Microsoft.Network/privateDnsZones/CNAME",
+ "Microsoft.Network/privateDnsZones/PTR",
+ "Microsoft.Network/privateDnsZones/MX",
+ "Microsoft.Network/privateDnsZones/TXT",
+ "Microsoft.Network/privateDnsZones/SRV",
+ "Microsoft.Network/privateDnsZones/SOA",
+ "Microsoft.Network/privateDnsZones/all",
+ "Microsoft.Network/virtualNetworks/privateDnsZoneLinks",
+ "Microsoft.Network/dnsResolvers",
+ "Microsoft.Network/dnsResolvers/inboundEndpoints",
+ "Microsoft.Network/dnsResolvers/outboundEndpoints",
+ "Microsoft.Network/dnsForwardingRulesets",
+ "Microsoft.Network/dnsForwardingRulesets/forwardingRules",
+ "Microsoft.Network/dnsForwardingRulesets/virtualNetworkLinks",
+ "Microsoft.Network/virtualNetworks/listDnsResolvers",
+ "Microsoft.Network/virtualNetworks/listDnsForwardingRulesets",
+ "Microsoft.Network/locations/dnsResolverOperationResults",
+ "Microsoft.Network/locations/dnsResolverOperationStatuses",
+ "Microsoft.Network/locations/dnsResolverPolicyOperationResults",
+ "Microsoft.Network/locations/dnsResolverPolicyOperationStatuses",
+ "Microsoft.Network/dnszones",
+ "Microsoft.Network/dnsOperationResults",
+ "Microsoft.Network/dnsOperationStatuses",
+ "Microsoft.Network/getDnsResourceReference",
+ "Microsoft.Network/internalNotify",
+ "Microsoft.Network/dnszones/A",
+ "Microsoft.Network/dnszones/AAAA",
+ "Microsoft.Network/dnszones/CNAME",
+ "Microsoft.Network/dnszones/PTR",
+ "Microsoft.Network/dnszones/MX",
+ "Microsoft.Network/dnszones/TXT",
+ "Microsoft.Network/dnszones/SRV",
+ "Microsoft.Network/dnszones/SOA",
+ "Microsoft.Network/dnszones/NS",
+ "Microsoft.Network/dnszones/CAA",
+ "Microsoft.Network/dnszones/DS",
+ "Microsoft.Network/dnszones/TLSA",
+ "Microsoft.Network/dnszones/NAPTR",
+ "Microsoft.Network/dnszones/recordsets",
+ "Microsoft.Network/dnszones/all",
+ "Microsoft.Network/dnszones/dnssecConfigs",
+ "Microsoft.Network/virtualNetworks",
+ "Microsoft.Network/virtualNetworks/taggedTrafficConsumers",
+ "Microsoft.Network/natGateways",
+ "Microsoft.Network/publicIPAddresses",
+ "Microsoft.Network/internalPublicIpAddresses",
+ "Microsoft.Network/customIpPrefixes",
+ "Microsoft.Network/networkInterfaces",
+ "Microsoft.Network/dscpConfigurations",
+ "Microsoft.Network/privateEndpoints",
+ "Microsoft.Network/privateEndpoints/privateLinkServiceProxies",
+ "Microsoft.Network/privateEndpointRedirectMaps",
+ "Microsoft.Network/loadBalancers",
+ "Microsoft.Network/networkSecurityGroups",
+ "Microsoft.Network/applicationSecurityGroups",
+ "Microsoft.Network/serviceEndpointPolicies",
+ "Microsoft.Network/networkIntentPolicies",
+ "Microsoft.Network/routeTables",
+ "Microsoft.Network/publicIPPrefixes",
+ "Microsoft.Network/networkWatchers",
+ "Microsoft.Network/networkWatchers/connectionMonitors",
+ "Microsoft.Network/networkWatchers/flowLogs",
+ "Microsoft.Network/networkWatchers/pingMeshes",
+ "Microsoft.Network/locations",
+ "Microsoft.Network/locations/operations",
+ "Microsoft.Network/locations/operationResults",
+ "Microsoft.Network/locations/CheckDnsNameAvailability",
+ "Microsoft.Network/locations/setLoadBalancerFrontendPublicIpAddresses",
+ "Microsoft.Network/cloudServiceSlots",
+ "Microsoft.Network/locations/usages",
+ "Microsoft.Network/locations/virtualNetworkAvailableEndpointServices",
+ "Microsoft.Network/locations/availableDelegations",
+ "Microsoft.Network/locations/serviceTags",
+ "Microsoft.Network/locations/availablePrivateEndpointTypes",
+ "Microsoft.Network/locations/availableServiceAliases",
+ "Microsoft.Network/locations/checkPrivateLinkServiceVisibility",
+ "Microsoft.Network/locations/autoApprovedPrivateLinkServices",
+ "Microsoft.Network/locations/batchValidatePrivateEndpointsForResourceMove",
+ "Microsoft.Network/locations/batchNotifyPrivateEndpointsForResourceMove",
+ "Microsoft.Network/locations/supportedVirtualMachineSizes",
+ "Microsoft.Network/locations/setAzureNetworkManagerConfiguration",
+ "Microsoft.Network/locations/publishResources",
+ "Microsoft.Network/locations/getAzureNetworkManagerConfiguration",
+ "Microsoft.Network/locations/checkAcceleratedNetworkingSupport",
+ "Microsoft.Network/locations/validateResourceOwnership",
+ "Microsoft.Network/locations/setResourceOwnership",
+ "Microsoft.Network/locations/effectiveResourceOwnership",
+ "Microsoft.Network/operations",
+ "Microsoft.Network/virtualNetworkTaps",
+ "Microsoft.Network/privateLinkServices",
+ "Microsoft.Network/locations/privateLinkServices",
+ "Microsoft.Network/ddosProtectionPlans",
+ "Microsoft.Network/networkProfiles",
+ "Microsoft.Network/locations/bareMetalTenants",
+ "Microsoft.Network/ipAllocations",
+ "Microsoft.Network/locations/serviceTagDetails",
+ "Microsoft.Network/locations/dataTasks",
+ "Microsoft.Network/locations/startPacketTagging",
+ "Microsoft.Network/locations/deletePacketTagging",
+ "Microsoft.Network/locations/getPacketTagging",
+ "Microsoft.Network/locations/rnmEffectiveRouteTable",
+ "Microsoft.Network/locations/rnmEffectiveNetworkSecurityGroups",
+ "Microsoft.Compute/availabilitySets",
+ "Microsoft.Compute/virtualMachines",
+ "Microsoft.Compute/virtualMachines/extensions",
+ "Microsoft.Compute/virtualMachineScaleSets",
+ "Microsoft.Compute/virtualMachineScaleSets/extensions",
+ "Microsoft.Compute/virtualMachineScaleSets/virtualMachines",
+ "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/extensions",
+ "Microsoft.Compute/virtualMachineScaleSets/networkInterfaces",
+ "Microsoft.Compute/virtualMachineScaleSets/virtualMachines/networkInterfaces",
+ "Microsoft.Compute/virtualMachineScaleSets/publicIPAddresses",
+ "Microsoft.Compute/locations",
+ "Microsoft.Compute/locations/operations",
+ "Microsoft.Compute/locations/vmSizes",
+ "Microsoft.Compute/locations/runCommands",
+ "Microsoft.Compute/locations/virtualMachines",
+ "Microsoft.Compute/locations/virtualMachineScaleSets",
+ "Microsoft.Compute/locations/publishers",
+ "Microsoft.Compute/operations",
+ "Microsoft.Compute/virtualMachines/runCommands",
+ "Microsoft.Compute/virtualMachineScaleSets/applications",
+ "Microsoft.Compute/virtualMachines/VMApplications",
+ "Microsoft.Compute/locations/edgeZones",
+ "Microsoft.Compute/locations/edgeZones/vmimages",
+ "Microsoft.Compute/locations/edgeZones/publishers",
+ "Microsoft.Compute/restorePointCollections",
+ "Microsoft.Compute/restorePointCollections/restorePoints",
+ "Microsoft.Compute/proximityPlacementGroups",
+ "Microsoft.Compute/sshPublicKeys",
+ "Microsoft.Compute/capacityReservationGroups",
+ "Microsoft.Compute/capacityReservationGroups/capacityReservations",
+ "Microsoft.Compute/virtualMachines/metricDefinitions",
+ "Microsoft.Compute/locations/spotEvictionRates",
+ "Microsoft.Compute/locations/spotPriceHistory",
+ "Microsoft.Compute/locations/recommendations",
+ "Microsoft.Compute/locations/sharedGalleries",
+ "Microsoft.Compute/locations/communityGalleries",
+ "Microsoft.Compute/sharedVMImages",
+ "Microsoft.Compute/sharedVMImages/versions",
+ "Microsoft.Compute/locations/artifactPublishers",
+ "Microsoft.Compute/locations/capsoperations",
+ "Microsoft.Compute/galleries",
+ "Microsoft.Compute/galleries/images",
+ "Microsoft.Compute/galleries/images/versions",
+ "Microsoft.Compute/locations/galleries",
+ "Microsoft.Compute/payloadGroups",
+ "Microsoft.Compute/galleries/applications",
+ "Microsoft.Compute/galleries/applications/versions",
+ "Microsoft.Compute/disks",
+ "Microsoft.Compute/snapshots",
+ "Microsoft.Compute/locations/diskoperations",
+ "Microsoft.Compute/diskEncryptionSets",
+ "Microsoft.Compute/diskAccesses",
+ "Microsoft.Compute/restorePointCollections/restorePoints/diskRestorePoints",
+ "Microsoft.Compute/virtualMachineScaleSets/disks",
+ "Microsoft.Compute/cloudServices",
+ "Microsoft.Compute/cloudServices/roles",
+ "Microsoft.Compute/cloudServices/roleInstances",
+ "Microsoft.Compute/locations/csoperations",
+ "Microsoft.Compute/locations/cloudServiceOsVersions",
+ "Microsoft.Compute/locations/cloudServiceOsFamilies",
+ "Microsoft.Compute/cloudServices/networkInterfaces",
+ "Microsoft.Compute/cloudServices/roleInstances/networkInterfaces",
+ "Microsoft.Compute/cloudServices/publicIPAddresses",
+ "Microsoft.Compute/locations/usages",
+ "Microsoft.Compute/images",
+ "Microsoft.Compute/locations/diagnostics",
+ "Microsoft.Compute/locations/diagnosticOperations",
+ "Microsoft.Compute/locations/logAnalytics",
+ "Microsoft.Compute/hostGroups",
+ "Microsoft.Compute/hostGroups/hosts",
+ "Microsoft.ResourceHealth/availabilityStatuses",
+ "Microsoft.ResourceHealth/childAvailabilityStatuses",
+ "Microsoft.ResourceHealth/childResources",
+ "Microsoft.ResourceHealth/events",
+ "Microsoft.ResourceHealth/metadata",
+ "Microsoft.ResourceHealth/emergingissues",
+ "Microsoft.ResourceHealth/operations",
+ "microsoft.insights/components",
+ "microsoft.insights/components/query",
+ "microsoft.insights/components/metadata",
+ "microsoft.insights/components/metrics",
+ "microsoft.insights/components/events",
+ "microsoft.insights/components/syntheticmonitorlocations",
+ "microsoft.insights/components/analyticsItems",
+ "microsoft.insights/components/webtests",
+ "microsoft.insights/components/workItemConfigs",
+ "microsoft.insights/components/myFavorites",
+ "microsoft.insights/components/operations",
+ "microsoft.insights/components/exportConfiguration",
+ "microsoft.insights/components/purge",
+ "microsoft.insights/components/api",
+ "microsoft.insights/components/aggregate",
+ "microsoft.insights/components/metricDefinitions",
+ "microsoft.insights/components/extendQueries",
+ "microsoft.insights/components/apiKeys",
+ "microsoft.insights/components/myAnalyticsItems",
+ "microsoft.insights/components/favorites",
+ "microsoft.insights/components/defaultWorkItemConfig",
+ "microsoft.insights/components/annotations",
+ "microsoft.insights/components/proactiveDetectionConfigs",
+ "microsoft.insights/components/move",
+ "microsoft.insights/components/currentBillingFeatures",
+ "microsoft.insights/components/quotaStatus",
+ "microsoft.insights/components/featureCapabilities",
+ "microsoft.insights/components/getAvailableBillingFeatures",
+ "microsoft.insights/webtests",
+ "microsoft.insights/webtests/getTestResultFile",
+ "microsoft.insights/scheduledqueryrules",
+ "microsoft.insights/components/pricingPlans",
+ "microsoft.insights/migrateToNewPricingModel",
+ "microsoft.insights/rollbackToLegacyPricingModel",
+ "microsoft.insights/listMigrationdate",
+ "microsoft.insights/logprofiles",
+ "microsoft.insights/migratealertrules",
+ "microsoft.insights/metricalerts",
+ "microsoft.insights/alertrules",
+ "microsoft.insights/autoscalesettings",
+ "microsoft.insights/eventtypes",
+ "microsoft.insights/locations",
+ "microsoft.insights/locations/operationResults",
+ "microsoft.insights/vmInsightsOnboardingStatuses",
+ "microsoft.insights/operations",
+ "microsoft.insights/diagnosticSettings",
+ "microsoft.insights/diagnosticSettingsCategories",
+ "microsoft.insights/extendedDiagnosticSettings",
+ "microsoft.insights/metricDefinitions",
+ "microsoft.insights/logDefinitions",
+ "microsoft.insights/eventCategories",
+ "microsoft.insights/metrics",
+ "microsoft.insights/metricbatch",
+ "microsoft.insights/metricNamespaces",
+ "microsoft.insights/notificationstatus",
+ "microsoft.insights/createnotifications",
+ "microsoft.insights/tenantactiongroups",
+ "microsoft.insights/actiongroups",
+ "microsoft.insights/activityLogAlerts",
+ "microsoft.insights/metricbaselines",
+ "microsoft.insights/workbooks",
+ "microsoft.insights/workbooktemplates",
+ "microsoft.insights/myWorkbooks",
+ "microsoft.insights/logs",
+ "microsoft.insights/transactions",
+ "microsoft.insights/topology",
+ "microsoft.insights/generateLiveToken",
+ "microsoft.insights/monitoredObjects",
+ "microsoft.insights/dataCollectionRules",
+ "microsoft.insights/dataCollectionRuleAssociations",
+ "microsoft.insights/dataCollectionEndpoints",
+ "microsoft.insights/dataCollectionEndpoints/scopedPrivateLinkProxies",
+ "microsoft.insights/privateLinkScopes",
+ "microsoft.insights/privateLinkScopes/privateEndpointConnections",
+ "microsoft.insights/privateLinkScopes/privateEndpointConnectionProxies",
+ "microsoft.insights/privateLinkScopes/scopedResources",
+ "microsoft.insights/components/linkedstorageaccounts",
+ "microsoft.insights/privateLinkScopeOperationStatuses",
+ "microsoft.insights/locations/notifyNetworkSecurityPerimeterUpdatesAvailable",
+ "Microsoft.ManagedServices/registrationDefinitions",
+ "Microsoft.ManagedServices/registrationAssignments",
+ "Microsoft.ManagedServices/operations",
+ "Microsoft.ManagedServices/marketplaceRegistrationDefinitions",
+ "Microsoft.ManagedServices/operationStatuses",
+ "Microsoft.HDInsight/clusters",
+ "Microsoft.HDInsight/clusters/applications",
+ "Microsoft.HDInsight/clusters/operationresults",
+ "Microsoft.HDInsight/locations",
+ "Microsoft.HDInsight/locations/capabilities",
+ "Microsoft.HDInsight/locations/usages",
+ "Microsoft.HDInsight/locations/billingSpecs",
+ "Microsoft.HDInsight/locations/operationresults",
+ "Microsoft.HDInsight/locations/azureasyncoperations",
+ "Microsoft.HDInsight/locations/validateCreateRequest",
+ "Microsoft.HDInsight/operations",
+ "Microsoft.HDInsight/locations/operationStatuses",
+ "Microsoft.HDInsight/clusterPools",
+ "Microsoft.HDInsight/clusterPools/clusters",
+ "Microsoft.HDInsight/locations/clusterOfferingVersions",
+ "Microsoft.HDInsight/locations/availableClusterPoolVersions",
+ "Microsoft.HDInsight/locations/availableClusterVersions",
+ "Microsoft.HDInsight/locations/checkNameAvailability",
+ "Microsoft.HDInsight/clusterPools/clusters/serviceConfigs",
+ "Microsoft.HDInsight/clusterPools/clusters/instanceViews",
+ "Microsoft.HDInsight/clusterPools/clusters/jobs",
+ "Microsoft.AlertsManagement/alerts",
+ "Microsoft.AlertsManagement/alertsSummary",
+ "Microsoft.AlertsManagement/smartGroups",
+ "Microsoft.AlertsManagement/smartDetectorAlertRules",
+ "Microsoft.AlertsManagement/migrateFromSmartDetection",
+ "Microsoft.AlertsManagement/actionRules",
+ "Microsoft.AlertsManagement/alertsMetaData",
+ "Microsoft.AlertsManagement/prometheusRuleGroups",
+ "Microsoft.AlertsManagement/operations",
+ "Microsoft.AlertsManagement/alertRuleRecommendations",
+ "Microsoft.AlertsManagement/tenantActivityLogAlerts",
+ "Microsoft.AlertsManagement/investigations",
+ "Microsoft.OperationsManagement/solutions",
+ "Microsoft.OperationsManagement/managementassociations",
+ "Microsoft.OperationsManagement/views",
+ "Microsoft.OperationsManagement/operations",
+ "Microsoft.KeyVault/vaults",
+ "Microsoft.KeyVault/vaults/secrets",
+ "Microsoft.KeyVault/vaults/accessPolicies",
+ "Microsoft.KeyVault/operations",
+ "Microsoft.KeyVault/checkNameAvailability",
+ "Microsoft.KeyVault/deletedVaults",
+ "Microsoft.KeyVault/locations",
+ "Microsoft.KeyVault/locations/notifyNetworkSecurityPerimeterUpdatesAvailable",
+ "Microsoft.KeyVault/locations/deletedVaults",
+ "Microsoft.KeyVault/locations/deleteVirtualNetworkOrSubnets",
+ "Microsoft.KeyVault/locations/operationResults",
+ "Microsoft.KeyVault/vaults/eventGridFilters",
+ "Microsoft.KeyVault/managedHSMs",
+ "Microsoft.KeyVault/deletedManagedHSMs",
+ "Microsoft.KeyVault/locations/deletedManagedHSMs",
+ "Microsoft.KeyVault/locations/managedHsmOperationResults",
+ "Microsoft.KeyVault/managedHSMs/keys",
+ "Microsoft.KeyVault/managedHSMs/keys/versions",
+ "Microsoft.KeyVault/checkMhsmNameAvailability",
+ "Microsoft.KeyVault/vaults/keys",
+ "Microsoft.KeyVault/vaults/keys/versions",
+ "Microsoft.ContainerService/ManagedClusters/eventGridFilters",
+ "Microsoft.ContainerService/fleetMemberships",
+ "Microsoft.ContainerService/fleets",
+ "Microsoft.ContainerService/fleets/members",
+ "Microsoft.ContainerService/fleets/updateRuns",
+ "Microsoft.ContainerService/fleets/updateStrategies",
+ "Microsoft.ContainerService/locations",
+ "Microsoft.ContainerService/locations/notifyNetworkSecurityPerimeterUpdatesAvailable",
+ "Microsoft.ContainerService/locations/operationresults",
+ "Microsoft.ContainerService/locations/operations",
+ "Microsoft.ContainerService/locations/orchestrators",
+ "Microsoft.ContainerService/locations/kubernetesVersions",
+ "Microsoft.ContainerService/locations/usages",
+ "Microsoft.ContainerService/locations/osOptions",
+ "Microsoft.ContainerService/locations/guardrailsVersions",
+ "Microsoft.ContainerService/locations/trustedAccessRoles",
+ "Microsoft.ContainerService/managedClusters",
+ "Microsoft.ContainerService/managedclustersnapshots",
+ "Microsoft.ContainerService/operations",
+ "Microsoft.ContainerService/snapshots",
+ "Microsoft.DesktopVirtualization/workspaces",
+ "Microsoft.DesktopVirtualization/applicationgroups",
+ "Microsoft.DesktopVirtualization/applicationgroups/applications",
+ "Microsoft.DesktopVirtualization/applicationgroups/desktops",
+ "Microsoft.DesktopVirtualization/applicationgroups/startmenuitems",
+ "Microsoft.DesktopVirtualization/hostpools",
+ "Microsoft.DesktopVirtualization/hostpools/msixpackages",
+ "Microsoft.DesktopVirtualization/hostpools/sessionhosts",
+ "Microsoft.DesktopVirtualization/hostpools/sessionhosts/usersessions",
+ "Microsoft.DesktopVirtualization/hostpools/usersessions",
+ "Microsoft.DesktopVirtualization/scalingplans",
+ "Microsoft.DesktopVirtualization/appattachpackages",
+ "Microsoft.DesktopVirtualization/operations",
+ "Microsoft.SecurityInsights/operations",
+ "Microsoft.SecurityInsights/alertRules",
+ "Microsoft.SecurityInsights/alertRuleTemplates",
+ "Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns",
+ "Microsoft.SecurityInsights/cases",
+ "Microsoft.SecurityInsights/bookmarks",
+ "Microsoft.SecurityInsights/dataConnectors",
+ "Microsoft.SecurityInsights/dataConnectorDefinitions",
+ "Microsoft.SecurityInsights/dataConnectorsCheckRequirements",
+ "Microsoft.SecurityInsights/enrichment",
+ "Microsoft.SecurityInsights/fileImports",
+ "Microsoft.SecurityInsights/entities",
+ "Microsoft.SecurityInsights/incidents",
+ "Microsoft.SecurityInsights/officeConsents",
+ "Microsoft.SecurityInsights/settings",
+ "Microsoft.SecurityInsights/aggregations",
+ "Microsoft.SecurityInsights/entityQueries",
+ "Microsoft.SecurityInsights/entityQueryTemplates",
+ "Microsoft.SecurityInsights/threatIntelligence",
+ "Microsoft.SecurityInsights/automationRules",
+ "Microsoft.SecurityInsights/sourceControls",
+ "Microsoft.SecurityInsights/exportConnections",
+ "Microsoft.SecurityInsights/listrepositories",
+ "Microsoft.SecurityInsights/watchlists",
+ "Microsoft.SecurityInsights/confidentialWatchlists",
+ "Microsoft.SecurityInsights/huntsessions",
+ "Microsoft.SecurityInsights/dynamicSummaries",
+ "Microsoft.SecurityInsights/hunts",
+ "Microsoft.SecurityInsights/onboardingStates",
+ "Microsoft.SecurityInsights/metadata",
+ "Microsoft.SecurityInsights/contentPackages",
+ "Microsoft.SecurityInsights/contentTemplates",
+ "Microsoft.SecurityInsights/contentProductPackages",
+ "Microsoft.SecurityInsights/contentProductTemplates",
+ "Microsoft.SecurityInsights/MitreCoverageRecords",
+ "Microsoft.SecurityInsights/overview",
+ "Microsoft.SecurityInsights/recommendations",
+ "Microsoft.SecurityInsights/billingStatistics",
+ "Microsoft.SecurityInsights/workspaceManagerConfigurations",
+ "Microsoft.SecurityInsights/workspaceManagerMembers",
+ "Microsoft.SecurityInsights/workspaceManagerGroups",
+ "Microsoft.SecurityInsights/workspaceManagerAssignments",
+ "Microsoft.SecurityInsights/securityMLAnalyticsSettings",
+ "Microsoft.SecurityInsights/contenttranslators",
+ "Microsoft.ServiceFabric/clusters",
+ "Microsoft.ServiceFabric/clusters/applications",
+ "Microsoft.ServiceFabric/clusters/applicationTypes",
+ "Microsoft.ServiceFabric/clusters/applicationTypes/versions",
+ "Microsoft.ServiceFabric/clusters/applications/services",
+ "Microsoft.ServiceFabric/locations",
+ "Microsoft.ServiceFabric/locations/clusterVersions",
+ "Microsoft.ServiceFabric/locations/environments",
+ "Microsoft.ServiceFabric/locations/operations",
+ "Microsoft.ServiceFabric/locations/operationResults",
+ "Microsoft.ServiceFabric/locations/unsupportedVMSizes",
+ "Microsoft.ServiceFabric/operations",
+ "Microsoft.ServiceFabric/managedclusters",
+ "Microsoft.ServiceFabric/managedclusters/nodetypes",
+ "Microsoft.ServiceFabric/managedclusters/applicationTypes",
+ "Microsoft.ServiceFabric/managedclusters/applicationTypes/versions",
+ "Microsoft.ServiceFabric/managedclusters/applications",
+ "Microsoft.ServiceFabric/managedclusters/applications/services",
+ "Microsoft.ServiceFabric/locations/managedClusterOperations",
+ "Microsoft.ServiceFabric/locations/managedClusterOperationResults",
+ "Microsoft.ServiceFabric/locations/managedClusterVersions",
+ "Microsoft.ServiceFabric/locations/environments/managedClusterVersions",
+ "Microsoft.ServiceFabric/locations/managedUnsupportedVMSizes",
+ "Microsoft.PowerBIDedicated/capacities",
+ "Microsoft.PowerBIDedicated/autoScaleVCores",
+ "Microsoft.PowerBIDedicated/locations",
+ "Microsoft.PowerBIDedicated/locations/checkNameAvailability",
+ "Microsoft.PowerBIDedicated/locations/operationresults",
+ "Microsoft.PowerBIDedicated/locations/operationstatuses",
+ "Microsoft.PowerBIDedicated/operations",
+ "Microsoft.Logic/workflows",
+ "Microsoft.Logic/locations/workflows",
+ "Microsoft.Logic/locations/validateWorkflowExport",
+ "Microsoft.Logic/locations/workflowExport",
+ "Microsoft.Logic/locations",
+ "Microsoft.Logic/operations",
+ "Microsoft.Logic/integrationAccounts",
+ "Microsoft.Logic/integrationServiceEnvironments",
+ "Microsoft.Logic/integrationServiceEnvironments/managedApis",
+ "Microsoft.Logic/locations/generateCopilotResponse",
+ "Microsoft.MachineLearningServices/workspaces/batchEndpoints",
+ "Microsoft.MachineLearningServices/workspaces/batchEndpoints/deployments",
+ "Microsoft.MachineLearningServices/workspaces",
+ "Microsoft.MachineLearningServices/registries",
+ "Microsoft.MachineLearningServices/locations/registryOperationsStatus",
+ "Microsoft.MachineLearningServices/workspaces/onlineEndpoints",
+ "Microsoft.MachineLearningServices/workspaces/onlineEndpoints/deployments",
+ "Microsoft.MachineLearningServices/workspaces/onlineEndpoints/deployments/skus",
+ "Microsoft.MachineLearningServices/workspaces/computes",
+ "Microsoft.MachineLearningServices/workspaces/jobs",
+ "Microsoft.MachineLearningServices/workspaces/codes",
+ "Microsoft.MachineLearningServices/workspaces/codes/versions",
+ "Microsoft.MachineLearningServices/workspaces/components",
+ "Microsoft.MachineLearningServices/workspaces/components/versions",
+ "Microsoft.MachineLearningServices/workspaces/environments",
+ "Microsoft.MachineLearningServices/workspaces/environments/versions",
+ "Microsoft.MachineLearningServices/workspaces/data",
+ "Microsoft.MachineLearningServices/workspaces/data/versions",
+ "Microsoft.MachineLearningServices/workspaces/datasets",
+ "Microsoft.MachineLearningServices/workspaces/services",
+ "Microsoft.MachineLearningServices/workspaces/datastores",
+ "Microsoft.MachineLearningServices/workspaces/eventGridFilters",
+ "Microsoft.MachineLearningServices/workspaces/models",
+ "Microsoft.MachineLearningServices/workspaces/models/versions",
+ "Microsoft.MachineLearningServices/operations",
+ "Microsoft.MachineLearningServices/locations",
+ "Microsoft.MachineLearningServices/locations/computeOperationsStatus",
+ "Microsoft.MachineLearningServices/locations/mfeOperationResults",
+ "Microsoft.MachineLearningServices/locations/mfeOperationsStatus",
+ "Microsoft.MachineLearningServices/locations/workspaceOperationsStatus",
+ "Microsoft.MachineLearningServices/locations/usages",
+ "Microsoft.MachineLearningServices/locations/vmsizes",
+ "Microsoft.MachineLearningServices/locations/quotas",
+ "Microsoft.MachineLearningServices/locations/updatequotas",
+ "Microsoft.MachineLearningServices/workspaces/linkedServices",
+ "Microsoft.MachineLearningServices/workspaces/labelingJobs",
+ "Microsoft.MachineLearningServices/workspaces/schedules",
+ "Microsoft.MachineLearningServices/workspaces/featuresets",
+ "Microsoft.MachineLearningServices/workspaces/serverlessEndpoints",
+ "Microsoft.MachineLearningServices/workspaces/marketplaceSubscriptions",
+ "Microsoft.MachineLearningServices/workspaces/inferencePools",
+ "Microsoft.MachineLearningServices/workspaces/inferencePools/groups",
+ "Microsoft.MachineLearningServices/workspaces/inferencePools/endpoints",
+ "Microsoft.MachineLearningServices/workspaces/featuresets/versions",
+ "Microsoft.MachineLearningServices/workspaces/featurestoreEntities",
+ "Microsoft.MachineLearningServices/workspaces/featurestoreEntities/versions",
+ "Microsoft.MachineLearningServices/workspaces/endpoints",
+ "Microsoft.MachineLearningServices/registries/codes",
+ "Microsoft.MachineLearningServices/registries/codes/versions",
+ "Microsoft.MachineLearningServices/registries/components",
+ "Microsoft.MachineLearningServices/registries/components/versions",
+ "Microsoft.MachineLearningServices/registries/data",
+ "Microsoft.MachineLearningServices/registries/data/versions",
+ "Microsoft.MachineLearningServices/registries/datareferences",
+ "Microsoft.MachineLearningServices/registries/datareferences/versions",
+ "Microsoft.MachineLearningServices/registries/environments",
+ "Microsoft.MachineLearningServices/registries/environments/versions",
+ "Microsoft.MachineLearningServices/registries/models",
+ "Microsoft.MachineLearningServices/registries/models/versions",
+ "Microsoft.MachineLearningServices/capacityReservationGroups",
+ "Microsoft.ContainerInstance/containerGroups",
+ "Microsoft.ContainerInstance/serviceAssociationLinks",
+ "Microsoft.ContainerInstance/locations",
+ "Microsoft.ContainerInstance/locations/capabilities",
+ "Microsoft.ContainerInstance/locations/usages",
+ "Microsoft.ContainerInstance/locations/operations",
+ "Microsoft.ContainerInstance/locations/operationresults",
+ "Microsoft.ContainerInstance/operations",
+ "Microsoft.ContainerInstance/locations/cachedImages",
+ "Microsoft.ContainerInstance/locations/validateDeleteVirtualNetworkOrSubnets",
+ "Microsoft.ContainerInstance/locations/deleteVirtualNetworkOrSubnets",
+ "Microsoft.ManagedIdentity/Identities",
+ "Microsoft.ManagedIdentity/userAssignedIdentities",
+ "Microsoft.ManagedIdentity/operations",
+ "Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials",
+ "Microsoft.Cdn/profiles",
+ "Microsoft.Cdn/profiles/endpoints",
+ "Microsoft.Cdn/profiles/endpoints/origins",
+ "Microsoft.Cdn/profiles/endpoints/origingroups",
+ "Microsoft.Cdn/profiles/endpoints/customdomains",
+ "Microsoft.Cdn/operationresults",
+ "Microsoft.Cdn/operationresults/profileresults",
+ "Microsoft.Cdn/operationresults/profileresults/endpointresults",
+ "Microsoft.Cdn/operationresults/profileresults/endpointresults/originresults",
+ "Microsoft.Cdn/operationresults/profileresults/endpointresults/origingroupresults",
+ "Microsoft.Cdn/operationresults/profileresults/endpointresults/customdomainresults",
+ "Microsoft.Cdn/checkNameAvailability",
+ "Microsoft.Cdn/checkEndpointNameAvailability",
+ "Microsoft.Cdn/checkResourceUsage",
+ "Microsoft.Cdn/validateProbe",
+ "Microsoft.Cdn/canMigrate",
+ "Microsoft.Cdn/migrate",
+ "Microsoft.Cdn/operations",
+ "Microsoft.Cdn/edgenodes",
+ "Microsoft.Cdn/CdnWebApplicationFirewallPolicies",
+ "Microsoft.Cdn/operationresults/cdnwebapplicationfirewallpolicyresults",
+ "Microsoft.Cdn/CdnWebApplicationFirewallManagedRuleSets",
+ "Microsoft.Cdn/profiles/afdendpoints",
+ "Microsoft.Cdn/profiles/afdendpoints/routes",
+ "Microsoft.Cdn/profiles/customdomains",
+ "Microsoft.Cdn/profiles/origingroups",
+ "Microsoft.Cdn/profiles/origingroups/origins",
+ "Microsoft.Cdn/profiles/rulesets",
+ "Microsoft.Cdn/profiles/rulesets/rules",
+ "Microsoft.Cdn/profiles/secrets",
+ "Microsoft.Cdn/validateSecret",
+ "Microsoft.Cdn/profiles/keygroups",
+ "Microsoft.Cdn/profiles/securitypolicies",
+ "Microsoft.Cdn/operationresults/profileresults/afdendpointresults",
+ "Microsoft.Cdn/operationresults/profileresults/afdendpointresults/routeresults",
+ "Microsoft.Cdn/operationresults/profileresults/customdomainresults",
+ "Microsoft.Cdn/operationresults/profileresults/origingroupresults",
+ "Microsoft.Cdn/operationresults/profileresults/origingroupresults/originresults",
+ "Microsoft.Cdn/operationresults/profileresults/rulesetresults",
+ "Microsoft.Cdn/operationresults/profileresults/rulesetresults/ruleresults",
+ "Microsoft.Cdn/operationresults/profileresults/secretresults",
+ "Microsoft.Cdn/operationresults/profileresults/securitypolicyresults",
+ "Microsoft.Cdn/profiles/policies",
+ "Microsoft.Cdn/profiles/networkpolicies",
+ "Microsoft.Cdn/operationresults/profileresults/policyresults",
+ "Microsoft.BotService/botServices",
+ "Microsoft.BotService/botServices/channels",
+ "Microsoft.BotService/botServices/connections",
+ "Microsoft.BotService/listAuthServiceProviders",
+ "Microsoft.BotService/listQnAMakerEndpointKeys",
+ "Microsoft.BotService/hostSettings",
+ "Microsoft.BotService/checkNameAvailability",
+ "Microsoft.BotService/locations",
+ "Microsoft.BotService/locations/notifyNetworkSecurityPerimeterUpdatesAvailable",
+ "Microsoft.BotService/operations",
+ "Microsoft.BotService/botServices/privateEndpointConnectionProxies",
+ "Microsoft.BotService/botServices/privateEndpointConnections",
+ "Microsoft.BotService/botServices/privateLinkResources",
+ "Microsoft.BotService/operationResults",
+ "Microsoft.Devices/checkNameAvailability",
+ "Microsoft.Devices/checkProvisioningServiceNameAvailability",
+ "Microsoft.Devices/usages",
+ "Microsoft.Devices/operations",
+ "Microsoft.Devices/operationResults",
+ "Microsoft.Devices/provisioningServiceOperationResults",
+ "Microsoft.Devices/locations/provisioningServiceOperationResults",
+ "Microsoft.Devices/locations",
+ "Microsoft.Devices/locations/operationResults",
+ "Microsoft.Devices/IotHubs",
+ "Microsoft.Devices/IotHubs/eventGridFilters",
+ "Microsoft.Devices/IotHubs/failover",
+ "Microsoft.Devices/ProvisioningServices",
+ "Microsoft.Devices/IotHubs/securitySettings",
+ "Microsoft.Databricks/workspaces",
+ "Microsoft.Databricks/accessConnectors",
+ "Microsoft.Databricks/workspaces/virtualNetworkPeerings",
+ "Microsoft.Databricks/workspaces/dbWorkspaces",
+ "Microsoft.Databricks/operations",
+ "Microsoft.Databricks/locations",
+ "Microsoft.Databricks/locations/operationstatuses",
+ "Microsoft.Databricks/locations/getNetworkPolicies",
+ "Microsoft.EventGrid/locations",
+ "Microsoft.EventGrid/locations/eventSubscriptions",
+ "Microsoft.EventGrid/locations/notifyNetworkSecurityPerimeterUpdatesAvailable",
+ "Microsoft.EventGrid/eventSubscriptions",
+ "Microsoft.EventGrid/topics",
+ "Microsoft.EventGrid/domains",
+ "Microsoft.EventGrid/domains/topics",
+ "Microsoft.EventGrid/topicTypes",
+ "Microsoft.EventGrid/operations",
+ "Microsoft.EventGrid/locations/operationsStatus",
+ "Microsoft.EventGrid/locations/operationResults",
+ "Microsoft.EventGrid/locations/topicTypes",
+ "Microsoft.EventGrid/extensionTopics",
+ "Microsoft.EventGrid/operationResults",
+ "Microsoft.EventGrid/operationsStatus",
+ "Microsoft.EventGrid/systemTopics",
+ "Microsoft.EventGrid/systemTopics/eventSubscriptions",
+ "Microsoft.EventGrid/partnerRegistrations",
+ "Microsoft.EventGrid/partnerConfigurations",
+ "Microsoft.EventGrid/verifiedPartners",
+ "Microsoft.EventGrid/namespaces",
+ "Microsoft.EventGrid/partnerNamespaces",
+ "Microsoft.EventGrid/partnerTopics",
+ "Microsoft.EventGrid/partnerTopics/eventSubscriptions",
+ "Microsoft.EventGrid/partnerNamespaces/eventChannels",
+ "Microsoft.EventGrid/partnerNamespaces/channels",
+ "Microsoft.EventGrid/partnerDestinations",
+ "Microsoft.DBforPostgreSQL/operations",
+ "Microsoft.DBforPostgreSQL/servers",
+ "Microsoft.DBforPostgreSQL/serverGroupsv2",
+ "Microsoft.DBforPostgreSQL/flexibleServers",
+ "Microsoft.DBforPostgreSQL/locations/capabilities",
+ "Microsoft.DBforPostgreSQL/locations/checkNameAvailability",
+ "Microsoft.DBforPostgreSQL/servers/recoverableServers",
+ "Microsoft.DBforPostgreSQL/servers/virtualNetworkRules",
+ "Microsoft.DBforPostgreSQL/checkNameAvailability",
+ "Microsoft.DBforPostgreSQL/availableEngineVersions",
+ "Microsoft.DBforPostgreSQL/getPrivateDnsZoneSuffix",
+ "Microsoft.DBforPostgreSQL/locations",
+ "Microsoft.DBforPostgreSQL/locations/operationResults",
+ "Microsoft.DBforPostgreSQL/locations/azureAsyncOperation",
+ "Microsoft.DBforPostgreSQL/locations/administratorOperationResults",
+ "Microsoft.DBforPostgreSQL/locations/administratorAzureAsyncOperation",
+ "Microsoft.DBforPostgreSQL/locations/checkVirtualNetworkSubnetUsage",
+ "Microsoft.DBforPostgreSQL/locations/privateEndpointConnectionProxyOperationResults",
+ "Microsoft.DBforPostgreSQL/locations/privateEndpointConnectionProxyAzureAsyncOperation",
+ "Microsoft.DBforPostgreSQL/locations/privateEndpointConnectionOperationResults",
+ "Microsoft.DBforPostgreSQL/locations/privateEndpointConnectionAzureAsyncOperation",
+ "Microsoft.DBforPostgreSQL/locations/performanceTiers",
+ "Microsoft.DBforPostgreSQL/locations/securityAlertPoliciesAzureAsyncOperation",
+ "Microsoft.DBforPostgreSQL/locations/securityAlertPoliciesOperationResults",
+ "Microsoft.DBforPostgreSQL/locations/recommendedActionSessionsAzureAsyncOperation",
+ "Microsoft.DBforPostgreSQL/locations/recommendedActionSessionsOperationResults",
+ "Microsoft.DBforPostgreSQL/servers/topQueryStatistics",
+ "Microsoft.DBforPostgreSQL/servers/queryTexts",
+ "Microsoft.DBforPostgreSQL/servers/waitStatistics",
+ "Microsoft.DBforPostgreSQL/servers/resetQueryPerformanceInsightData",
+ "Microsoft.DBforPostgreSQL/servers/advisors",
+ "Microsoft.DBforPostgreSQL/servers/privateLinkResources",
+ "Microsoft.DBforPostgreSQL/servers/privateEndpointConnections",
+ "Microsoft.DBforPostgreSQL/servers/privateEndpointConnectionProxies",
+ "Microsoft.DBforPostgreSQL/servers/keys",
+ "Microsoft.DBforPostgreSQL/locations/serverKeyAzureAsyncOperation",
+ "Microsoft.DBforPostgreSQL/locations/serverKeyOperationResults",
+ "Microsoft.DBforPostgreSQL/locations/getCachedServerName",
+ "Microsoft.TimeSeriesInsights/environments",
+ "Microsoft.TimeSeriesInsights/environments/eventsources",
+ "Microsoft.TimeSeriesInsights/environments/referenceDataSets",
+ "Microsoft.TimeSeriesInsights/environments/accessPolicies",
+ "Microsoft.TimeSeriesInsights/environments/privateLinkResources",
+ "Microsoft.TimeSeriesInsights/environments/privateEndpointConnectionProxies",
+ "Microsoft.TimeSeriesInsights/environments/privateEndpointConnections",
+ "Microsoft.TimeSeriesInsights/operations",
+ "Microsoft.DBforMariaDB/operations",
+ "Microsoft.DBforMariaDB/servers",
+ "Microsoft.DBforMariaDB/servers/recoverableServers",
+ "Microsoft.DBforMariaDB/servers/virtualNetworkRules",
+ "Microsoft.DBforMariaDB/checkNameAvailability",
+ "Microsoft.DBforMariaDB/locations",
+ "Microsoft.DBforMariaDB/locations/operationResults",
+ "Microsoft.DBforMariaDB/locations/azureAsyncOperation",
+ "Microsoft.DBforMariaDB/locations/performanceTiers",
+ "Microsoft.DBforMariaDB/locations/securityAlertPoliciesAzureAsyncOperation",
+ "Microsoft.DBforMariaDB/locations/privateEndpointConnectionProxyOperationResults",
+ "Microsoft.DBforMariaDB/locations/privateEndpointConnectionProxyAzureAsyncOperation",
+ "Microsoft.DBforMariaDB/locations/privateEndpointConnectionOperationResults",
+ "Microsoft.DBforMariaDB/locations/privateEndpointConnectionAzureAsyncOperation",
+ "Microsoft.DBforMariaDB/locations/securityAlertPoliciesOperationResults",
+ "Microsoft.DBforMariaDB/locations/recommendedActionSessionsAzureAsyncOperation",
+ "Microsoft.DBforMariaDB/locations/recommendedActionSessionsOperationResults",
+ "Microsoft.DBforMariaDB/servers/topQueryStatistics",
+ "Microsoft.DBforMariaDB/servers/queryTexts",
+ "Microsoft.DBforMariaDB/servers/waitStatistics",
+ "Microsoft.DBforMariaDB/servers/resetQueryPerformanceInsightData",
+ "Microsoft.DBforMariaDB/servers/advisors",
+ "Microsoft.DBforMariaDB/servers/privateLinkResources",
+ "Microsoft.DBforMariaDB/servers/privateEndpointConnections",
+ "Microsoft.DBforMariaDB/servers/privateEndpointConnectionProxies",
+ "Microsoft.DBforMariaDB/servers/keys",
+ "Microsoft.DBforMariaDB/locations/serverKeyAzureAsyncOperation",
+ "Microsoft.DBforMariaDB/locations/serverKeyOperationResults",
+ "Microsoft.DBforMariaDB/servers/start",
+ "Microsoft.DBforMariaDB/servers/stop",
+ "Microsoft.Cache/Redis",
+ "Microsoft.Cache/Redis/privateEndpointConnectionProxies",
+ "Microsoft.Cache/Redis/privateEndpointConnectionProxies/validate",
+ "Microsoft.Cache/Redis/privateEndpointConnections",
+ "Microsoft.Cache/Redis/privateLinkResources",
+ "Microsoft.Cache/locations/asyncOperations",
+ "Microsoft.Cache/locations",
+ "Microsoft.Cache/locations/operationResults",
+ "Microsoft.Cache/locations/operationsStatus",
+ "Microsoft.Cache/checkNameAvailability",
+ "Microsoft.Cache/operations",
+ "Microsoft.Cache/redisEnterprise",
+ "Microsoft.Cache/RedisEnterprise/privateEndpointConnectionProxies",
+ "Microsoft.Cache/RedisEnterprise/privateEndpointConnectionProxies/validate",
+ "Microsoft.Cache/RedisEnterprise/privateEndpointConnectionProxies/operationresults",
+ "Microsoft.Cache/RedisEnterprise/privateEndpointConnections",
+ "Microsoft.Cache/RedisEnterprise/privateEndpointConnections/operationresults",
+ "Microsoft.Cache/RedisEnterprise/privateLinkResources",
+ "Microsoft.Cache/redisEnterprise/databases",
+ "Microsoft.Cache/locations/checkNameAvailability",
+ "Microsoft.Cache/Redis/EventGridFilters",
+ "Microsoft.RecoveryServices/vaults",
+ "Microsoft.RecoveryServices/operations",
+ "Microsoft.RecoveryServices/locations",
+ "Microsoft.RecoveryServices/locations/backupStatus",
+ "Microsoft.RecoveryServices/locations/checkNameAvailability",
+ "Microsoft.RecoveryServices/locations/allocatedStamp",
+ "Microsoft.RecoveryServices/locations/allocateStamp",
+ "Microsoft.RecoveryServices/locations/backupValidateFeatures",
+ "Microsoft.RecoveryServices/locations/backupPreValidateProtection",
+ "Microsoft.RecoveryServices/locations/backupCrrJobs",
+ "Microsoft.RecoveryServices/locations/backupCrrJob",
+ "Microsoft.RecoveryServices/locations/backupAadProperties",
+ "Microsoft.RecoveryServices/locations/backupCrossRegionRestore",
+ "Microsoft.RecoveryServices/locations/backupCrrOperationResults",
+ "Microsoft.RecoveryServices/locations/backupCrrOperationsStatus",
+ "Microsoft.RecoveryServices/backupProtectedItems",
+ "Microsoft.RecoveryServices/replicationEligibilityResults",
+ "Microsoft.RecoveryServices/locations/capabilities",
+ "Microsoft.ServiceBus/namespaces",
+ "Microsoft.ServiceBus/namespaces/authorizationrules",
+ "Microsoft.ServiceBus/namespaces/networkrulesets",
+ "Microsoft.ServiceBus/namespaces/privateEndpointConnections",
+ "Microsoft.ServiceBus/namespaces/privateEndpointConnectionProxies",
+ "Microsoft.ServiceBus/namespaces/queues",
+ "Microsoft.ServiceBus/namespaces/queues/authorizationrules",
+ "Microsoft.ServiceBus/namespaces/topics",
+ "Microsoft.ServiceBus/namespaces/topics/authorizationrules",
+ "Microsoft.ServiceBus/namespaces/topics/subscriptions",
+ "Microsoft.ServiceBus/namespaces/topics/subscriptions/rules",
+ "Microsoft.ServiceBus/checkNamespaceAvailability",
+ "Microsoft.ServiceBus/checkNameAvailability",
+ "Microsoft.ServiceBus/sku",
+ "Microsoft.ServiceBus/premiumMessagingRegions",
+ "Microsoft.ServiceBus/operations",
+ "Microsoft.ServiceBus/namespaces/eventgridfilters",
+ "Microsoft.ServiceBus/namespaces/disasterrecoveryconfigs",
+ "Microsoft.ServiceBus/namespaces/migrationConfigurations",
+ "Microsoft.ServiceBus/namespaces/disasterrecoveryconfigs/checkNameAvailability",
+ "Microsoft.ServiceBus/locations",
+ "Microsoft.ServiceBus/locations/operationStatus",
+ "Microsoft.ServiceBus/locations/namespaceOperationResults",
+ "Microsoft.ServiceBus/locations/deleteVirtualNetworkOrSubnets",
+ "Microsoft.ServiceFabricMesh/applications",
+ "Microsoft.ServiceFabricMesh/networks",
+ "Microsoft.ServiceFabricMesh/volumes",
+ "Microsoft.ServiceFabricMesh/secrets",
+ "Microsoft.ServiceFabricMesh/gateways",
+ "Microsoft.ServiceFabricMesh/locations",
+ "Microsoft.ServiceFabricMesh/locations/applicationOperations",
+ "Microsoft.ServiceFabricMesh/locations/networkOperations",
+ "Microsoft.ServiceFabricMesh/locations/volumeOperations",
+ "Microsoft.ServiceFabricMesh/locations/gatewayOperations",
+ "Microsoft.ServiceFabricMesh/locations/secretOperations",
+ "Microsoft.ServiceFabricMesh/operations",
+ "Microsoft.NotificationHubs/namespaces",
+ "Microsoft.NotificationHubs/namespaces/notificationHubs",
+ "Microsoft.NotificationHubs/checkNamespaceAvailability",
+ "Microsoft.NotificationHubs/checkNameAvailability",
+ "Microsoft.NotificationHubs/operations",
+ "Microsoft.ContainerRegistry/registries",
+ "Microsoft.ContainerRegistry/registries/cacheRules",
+ "Microsoft.ContainerRegistry/registries/credentialSets",
+ "Microsoft.ContainerRegistry/registries/connectedRegistries",
+ "Microsoft.ContainerRegistry/registries/connectedRegistries/deactivate",
+ "Microsoft.ContainerRegistry/registries/scopeMaps",
+ "Microsoft.ContainerRegistry/registries/tokens",
+ "Microsoft.ContainerRegistry/registries/generateCredentials",
+ "Microsoft.ContainerRegistry/registries/privateEndpointConnections",
+ "Microsoft.ContainerRegistry/registries/privateEndpointConnectionProxies",
+ "Microsoft.ContainerRegistry/registries/privateEndpointConnectionProxies/validate",
+ "Microsoft.ContainerRegistry/registries/privateLinkResources",
+ "Microsoft.ContainerRegistry/registries/importImage",
+ "Microsoft.ContainerRegistry/registries/exportPipelines",
+ "Microsoft.ContainerRegistry/registries/importPipelines",
+ "Microsoft.ContainerRegistry/registries/pipelineRuns",
+ "Microsoft.ContainerRegistry/registries/listBuildSourceUploadUrl",
+ "Microsoft.ContainerRegistry/registries/scheduleRun",
+ "Microsoft.ContainerRegistry/registries/runs",
+ "Microsoft.ContainerRegistry/registries/taskRuns",
+ "Microsoft.ContainerRegistry/registries/taskRuns/listDetails",
+ "Microsoft.ContainerRegistry/registries/agentPools",
+ "Microsoft.ContainerRegistry/registries/agentPoolsOperationResults",
+ "Microsoft.ContainerRegistry/registries/agentPools/listQueueStatus",
+ "Microsoft.ContainerRegistry/registries/runs/listLogSasUrl",
+ "Microsoft.ContainerRegistry/registries/runs/cancel",
+ "Microsoft.ContainerRegistry/registries/tasks",
+ "Microsoft.ContainerRegistry/registries/tasks/listDetails",
+ "Microsoft.ContainerRegistry/registries/replications",
+ "Microsoft.ContainerRegistry/registries/webhooks",
+ "Microsoft.ContainerRegistry/registries/webhooks/ping",
+ "Microsoft.ContainerRegistry/registries/webhooks/getCallbackConfig",
+ "Microsoft.ContainerRegistry/registries/webhooks/listEvents",
+ "Microsoft.ContainerRegistry/locations/operationResults",
+ "Microsoft.ContainerRegistry/locations/deleteVirtualNetworkOrSubnets",
+ "Microsoft.ContainerRegistry/registries/listCredentials",
+ "Microsoft.ContainerRegistry/registries/regenerateCredential",
+ "Microsoft.ContainerRegistry/registries/listUsages",
+ "Microsoft.ContainerRegistry/registries/listPolicies",
+ "Microsoft.ContainerRegistry/registries/updatePolicies",
+ "Microsoft.ContainerRegistry/registries/eventGridFilters",
+ "Microsoft.ContainerRegistry/checkNameAvailability",
+ "Microsoft.ContainerRegistry/operations",
+ "Microsoft.ContainerRegistry/locations",
+ "Microsoft.StreamAnalytics/streamingjobs",
+ "Microsoft.StreamAnalytics/clusters",
+ "Microsoft.StreamAnalytics/clusters/privateEndpoints",
+ "Microsoft.StreamAnalytics/locations",
+ "Microsoft.StreamAnalytics/locations/quotas",
+ "Microsoft.StreamAnalytics/locations/testQuery",
+ "Microsoft.StreamAnalytics/locations/compileQuery",
+ "Microsoft.StreamAnalytics/locations/sampleInput",
+ "Microsoft.StreamAnalytics/locations/testInput",
+ "Microsoft.StreamAnalytics/locations/testOutput",
+ "Microsoft.StreamAnalytics/locations/operationResults",
+ "Microsoft.StreamAnalytics/operations",
+ "Microsoft.DataLakeAnalytics/accounts",
+ "Microsoft.DataLakeAnalytics/accounts/dataLakeStoreAccounts",
+ "Microsoft.DataLakeAnalytics/accounts/storageAccounts",
+ "Microsoft.DataLakeAnalytics/accounts/storageAccounts/containers",
+ "Microsoft.DataLakeAnalytics/accounts/storageAccounts/containers/listSasTokens",
+ "Microsoft.DataLakeAnalytics/locations",
+ "Microsoft.DataLakeAnalytics/locations/operationresults",
+ "Microsoft.DataLakeAnalytics/locations/checkNameAvailability",
+ "Microsoft.DataLakeAnalytics/locations/capability",
+ "Microsoft.DataLakeAnalytics/locations/usages",
+ "Microsoft.DataLakeAnalytics/operations",
+ "Microsoft.Relay/namespaces",
+ "Microsoft.Relay/namespaces/authorizationrules",
+ "Microsoft.Relay/namespaces/privateEndpointConnections",
+ "Microsoft.Relay/namespaces/privateEndpointConnectionProxies",
+ "Microsoft.Relay/namespaces/hybridconnections",
+ "Microsoft.Relay/namespaces/hybridconnections/authorizationrules",
+ "Microsoft.Relay/namespaces/wcfrelays",
+ "Microsoft.Relay/namespaces/wcfrelays/authorizationrules",
+ "Microsoft.Relay/checkNameAvailability",
+ "Microsoft.Relay/operations",
+ "Microsoft.Relay/locations",
+ "Microsoft.Relay/locations/namespaceOperationResults",
+ // Not supported in Mooncake
+ /*
+ "Microsoft.DevTestLab/labs/environments",
+ "Microsoft.DevTestLab/labs",
+ "Microsoft.DevTestLab/schedules",
+ "Microsoft.DevTestLab/labs/virtualMachines",
+ "Microsoft.DevTestLab/labs/serviceRunners",
+ "Microsoft.DevTestLab/operations",
+ "Microsoft.DevTestLab/locations",
+ "Microsoft.DevTestLab/locations/operations",
+ */
+ "Microsoft.EventHub/namespaces",
+ "Microsoft.EventHub/clusters",
+ "Microsoft.EventHub/namespaces/authorizationrules",
+ "Microsoft.EventHub/namespaces/networkrulesets",
+ "Microsoft.EventHub/namespaces/privateEndpointConnections",
+ "Microsoft.EventHub/namespaces/privateEndpointConnectionProxies",
+ "Microsoft.EventHub/namespaces/networkSecurityPerimeterConfigurations",
+ "Microsoft.EventHub/namespaces/networkSecurityPerimeterAssociationProxies",
+ "Microsoft.EventHub/namespaces/eventhubs",
+ "Microsoft.EventHub/namespaces/eventhubs/authorizationrules",
+ "Microsoft.EventHub/namespaces/eventhubs/consumergroups",
+ "Microsoft.EventHub/namespaces/applicationGroups",
+ "Microsoft.EventHub/checkNamespaceAvailability",
+ "Microsoft.EventHub/checkNameAvailability",
+ "Microsoft.EventHub/sku",
+ "Microsoft.EventHub/operations",
+ "Microsoft.EventHub/namespaces/disasterrecoveryconfigs",
+ "Microsoft.EventHub/namespaces/disasterrecoveryconfigs/checkNameAvailability",
+ "Microsoft.EventHub/locations",
+ "Microsoft.EventHub/locations/operationStatus",
+ "Microsoft.EventHub/locations/clusterOperationResults",
+ "Microsoft.EventHub/locations/namespaceOperationResults",
+ "Microsoft.EventHub/locations/notifyNetworkSecurityPerimeterUpdatesAvailable",
+ "Microsoft.EventHub/locations/deleteVirtualNetworkOrSubnets",
+ "Microsoft.EventHub/availableClusterRegions",
+ "Microsoft.AppPlatform/Spring",
+ "Microsoft.AppPlatform/Spring/operationResults",
+ "Microsoft.AppPlatform/Spring/operationStatuses",
+ "Microsoft.AppPlatform/Spring/apps",
+ "Microsoft.AppPlatform/Spring/apps/operationResults",
+ "Microsoft.AppPlatform/Spring/apps/operationStatuses",
+ "Microsoft.AppPlatform/Spring/apps/deployments",
+ "Microsoft.AppPlatform/Spring/apps/deployments/operationResults",
+ "Microsoft.AppPlatform/Spring/apps/deployments/operationStatuses",
+ "Microsoft.AppPlatform/Spring/configServers",
+ "Microsoft.AppPlatform/Spring/configServers/operationResults",
+ "Microsoft.AppPlatform/Spring/configServers/operationStatuses",
+ "Microsoft.AppPlatform/Spring/eurekaServers",
+ "Microsoft.AppPlatform/Spring/eurekaServers/operationResults",
+ "Microsoft.AppPlatform/Spring/eurekaServers/operationStatuses",
+ "Microsoft.AppPlatform/Spring/apps/domains",
+ "Microsoft.AppPlatform/Spring/apps/domains/operationResults",
+ "Microsoft.AppPlatform/Spring/apps/domains/operationStatuses",
+ "Microsoft.AppPlatform/locations/checkNameAvailability",
+ "Microsoft.AppPlatform/operations",
+ "Microsoft.AppPlatform/locations",
+ "Microsoft.AppPlatform/runtimeVersions",
+ "Microsoft.AppPlatform/locations/operationResults",
+ "Microsoft.AppPlatform/locations/operationStatus",
+ "Microsoft.CustomProviders/resourceProviders",
+ "Microsoft.CustomProviders/resourceProviders/operationResults",
+ "Microsoft.CustomProviders/resourceProviders/operationStatuses",
+ "Microsoft.CustomProviders/associations",
+ "Microsoft.CustomProviders/operations",
+ "Microsoft.CustomProviders/locations",
+ "Microsoft.CustomProviders/locations/operationStatuses",
+ "Microsoft.CustomProviders/locations/operationResults",
+ "Microsoft.DocumentDB/databaseAccounts",
+ "Microsoft.DocumentDB/databaseAccountNames",
+ "Microsoft.DocumentDB/operations",
+ "Microsoft.DocumentDB/operationResults",
+ "Microsoft.DocumentDB/operationsStatus",
+ "Microsoft.DocumentDB/locations/operationsStatus",
+ "Microsoft.DocumentDB/locations/operationResults",
+ "Microsoft.DocumentDB/locations",
+ "Microsoft.DocumentDB/locations/deleteVirtualNetworkOrSubnets",
+ "Microsoft.DocumentDB/locations/restorableDatabaseAccounts",
+ "Microsoft.DocumentDB/restorableDatabaseAccounts",
+ "Microsoft.DocumentDB/cassandraClusters",
+ "Microsoft.DocumentDB/databaseAccounts/encryptionScopes",
+ "Microsoft.DocumentDB/mongoClusters",
+ "Microsoft.DocumentDB/locations/mongoClusterOperationResults",
+ "Microsoft.DocumentDB/locations/mongoClusterAzureAsyncOperation",
+ "Microsoft.DocumentDB/locations/checkMongoClusterNameAvailability",
+ "Microsoft.DocumentDB/locations/notifyNetworkSecurityPerimeterUpdatesAvailable",
+ "Microsoft.DocumentDB/throughputPools",
+ "Microsoft.DocumentDB/throughputPools/throughputPoolAccounts",
+ "Microsoft.Maintenance/maintenanceConfigurations",
+ "Microsoft.Maintenance/updates",
+ "Microsoft.Maintenance/configurationAssignments",
+ "Microsoft.Maintenance/applyUpdates",
+ "Microsoft.Maintenance/publicMaintenanceConfigurations",
+ "Microsoft.Maintenance/operations",
+ "Microsoft.Sql/operations",
+ "Microsoft.Sql/locations",
+ "Microsoft.Sql/locations/capabilities",
+ "Microsoft.Sql/locations/databaseAzureAsyncOperation",
+ "Microsoft.Sql/locations/databaseOperationResults",
+ "Microsoft.Sql/locations/databaseEncryptionProtectorRevalidateAzureAsyncOperation",
+ "Microsoft.Sql/locations/databaseEncryptionProtectorRevalidateOperationResults",
+ "Microsoft.Sql/locations/databaseEncryptionProtectorRevertAzureAsyncOperation",
+ "Microsoft.Sql/locations/databaseEncryptionProtectorRevertOperationResults",
+ "Microsoft.Sql/locations/serverKeyAzureAsyncOperation",
+ "Microsoft.Sql/locations/serverKeyOperationResults",
+ "Microsoft.Sql/servers/keys",
+ "Microsoft.Sql/servers/encryptionProtector",
+ "Microsoft.Sql/locations/encryptionProtectorOperationResults",
+ "Microsoft.Sql/locations/encryptionProtectorAzureAsyncOperation",
+ "Microsoft.Sql/locations/externalPolicyBasedAuthorizationsAzureAsycOperation",
+ "Microsoft.Sql/locations/externalPolicyBasedAuthorizationsOperationResults",
+ "Microsoft.Sql/locations/refreshExternalGovernanceStatusOperationResults",
+ "Microsoft.Sql/locations/refreshExternalGovernanceStatusAzureAsyncOperation",
+ "Microsoft.Sql/locations/refreshExternalGovernanceStatusMIOperationResults",
+ "Microsoft.Sql/locations/refreshExternalGovernanceStatusMIAzureAsyncOperation",
+ "Microsoft.Sql/locations/managedInstanceKeyAzureAsyncOperation",
+ "Microsoft.Sql/locations/managedInstanceKeyOperationResults",
+ "Microsoft.Sql/locations/managedInstanceEncryptionProtectorOperationResults",
+ "Microsoft.Sql/locations/managedInstanceEncryptionProtectorAzureAsyncOperation",
+ "Microsoft.Sql/locations/transparentDataEncryptionAzureAsyncOperation",
+ "Microsoft.Sql/locations/transparentDataEncryptionOperationResults",
+ "Microsoft.Sql/locations/managedtransparentDataEncryptionAzureAsyncOperation",
+ "Microsoft.Sql/locations/managedtransparentDataEncryptionOperationResults",
+ "Microsoft.Sql/servers/tdeCertificates",
+ "Microsoft.Sql/locations/tdeCertAzureAsyncOperation",
+ "Microsoft.Sql/locations/tdeCertOperationResults",
+ "Microsoft.Sql/locations/serverAzureAsyncOperation",
+ "Microsoft.Sql/locations/serverOperationResults",
+ "Microsoft.Sql/locations/usages",
+ "Microsoft.Sql/checkNameAvailability",
+ "Microsoft.Sql/servers",
+ "Microsoft.Sql/servers/databases",
+ "Microsoft.Sql/servers/serviceObjectives",
+ "Microsoft.Sql/servers/communicationLinks",
+ "Microsoft.Sql/servers/administrators",
+ "Microsoft.Sql/servers/administratorOperationResults",
+ "Microsoft.Sql/locations/serverAdministratorAzureAsyncOperation",
+ "Microsoft.Sql/locations/serverAdministratorOperationResults",
+ "Microsoft.Sql/servers/restorableDroppedDatabases",
+ "Microsoft.Sql/servers/recoverableDatabases",
+ "Microsoft.Sql/servers/databases/geoBackupPolicies",
+ "Microsoft.Sql/servers/import",
+ "Microsoft.Sql/servers/importExportOperationResults",
+ "Microsoft.Sql/servers/operationResults",
+ "Microsoft.Sql/servers/databases/backupLongTermRetentionPolicies",
+ "Microsoft.Sql/servers/databases/backupShortTermRetentionPolicies",
+ "Microsoft.Sql/servers/databaseSecurityPolicies",
+ "Microsoft.Sql/servers/automaticTuning",
+ "Microsoft.Sql/servers/databases/automaticTuning",
+ "Microsoft.Sql/servers/databases/transparentDataEncryption",
+ "Microsoft.Sql/servers/databases/ledgerDigestUploads",
+ "Microsoft.Sql/locations/ledgerDigestUploadsAzureAsyncOperation",
+ "Microsoft.Sql/locations/ledgerDigestUploadsOperationResults",
+ "Microsoft.Sql/servers/recommendedElasticPools",
+ "Microsoft.Sql/servers/databases/dataMaskingPolicies",
+ "Microsoft.Sql/servers/databases/dataMaskingPolicies/rules",
+ "Microsoft.Sql/servers/databases/securityAlertPolicies",
+ "Microsoft.Sql/servers/securityAlertPolicies",
+ "Microsoft.Sql/servers/databases/advancedThreatProtectionSettings",
+ "Microsoft.Sql/servers/advancedThreatProtectionSettings",
+ "Microsoft.Sql/managedInstances/databases/advancedThreatProtectionSettings",
+ "Microsoft.Sql/managedInstances/advancedThreatProtectionSettings",
+ "Microsoft.Sql/servers/databases/auditingSettings",
+ "Microsoft.Sql/servers/auditingSettings",
+ "Microsoft.Sql/servers/extendedAuditingSettings",
+ "Microsoft.Sql/servers/devOpsAuditingSettings",
+ "Microsoft.Sql/locations/auditingSettingsAzureAsyncOperation",
+ "Microsoft.Sql/locations/auditingSettingsOperationResults",
+ "Microsoft.Sql/locations/extendedAuditingSettingsAzureAsyncOperation",
+ "Microsoft.Sql/locations/extendedAuditingSettingsOperationResults",
+ "Microsoft.Sql/locations/devOpsAuditingSettingsOperationResults",
+ "Microsoft.Sql/locations/devOpsAuditingSettingsAzureAsyncOperation",
+ "Microsoft.Sql/locations/elasticPoolAzureAsyncOperation",
+ "Microsoft.Sql/locations/elasticPoolOperationResults",
+ "Microsoft.Sql/servers/elasticpools",
+ "Microsoft.Sql/servers/jobAccounts",
+ "Microsoft.Sql/servers/jobAgents",
+ "Microsoft.Sql/locations/jobAgentOperationResults",
+ "Microsoft.Sql/locations/jobAgentAzureAsyncOperation",
+ "Microsoft.Sql/servers/jobAgents/privateEndpoints",
+ "Microsoft.Sql/locations/jobAgentPrivateEndpointOperationResults",
+ "Microsoft.Sql/locations/jobAgentPrivateEndpointAzureAsyncOperation",
+ "Microsoft.Sql/servers/jobAgents/jobs",
+ "Microsoft.Sql/servers/jobAgents/jobs/steps",
+ "Microsoft.Sql/servers/jobAgents/jobs/executions",
+ "Microsoft.Sql/servers/disasterRecoveryConfiguration",
+ "Microsoft.Sql/servers/dnsAliases",
+ "Microsoft.Sql/locations/dnsAliasAsyncOperation",
+ "Microsoft.Sql/locations/dnsAliasOperationResults",
+ "Microsoft.Sql/servers/failoverGroups",
+ "Microsoft.Sql/locations/failoverGroupAzureAsyncOperation",
+ "Microsoft.Sql/locations/failoverGroupOperationResults",
+ "Microsoft.Sql/locations/firewallRulesOperationResults",
+ "Microsoft.Sql/locations/firewallRulesAzureAsyncOperation",
+ "Microsoft.Sql/locations/ipv6FirewallRulesOperationResults",
+ "Microsoft.Sql/locations/ipv6FirewallRulesAzureAsyncOperation",
+ "Microsoft.Sql/locations/deleteVirtualNetworkOrSubnets",
+ "Microsoft.Sql/servers/virtualNetworkRules",
+ "Microsoft.Sql/locations/virtualNetworkRulesOperationResults",
+ "Microsoft.Sql/locations/virtualNetworkRulesAzureAsyncOperation",
+ "Microsoft.Sql/locations/deleteVirtualNetworkOrSubnetsOperationResults",
+ "Microsoft.Sql/locations/deleteVirtualNetworkOrSubnetsAzureAsyncOperation",
+ "Microsoft.Sql/locations/databaseRestoreAzureAsyncOperation",
+ "Microsoft.Sql/servers/usages",
+ "Microsoft.Sql/servers/databases/metricDefinitions",
+ "Microsoft.Sql/servers/databases/metrics",
+ "Microsoft.Sql/servers/aggregatedDatabaseMetrics",
+ "Microsoft.Sql/servers/elasticpools/metrics",
+ "Microsoft.Sql/servers/elasticpools/metricdefinitions",
+ "Microsoft.Sql/servers/databases/topQueries",
+ "Microsoft.Sql/servers/databases/topQueries/queryText",
+ "Microsoft.Sql/servers/advisors",
+ "Microsoft.Sql/servers/elasticPools/advisors",
+ "Microsoft.Sql/servers/databases/advisors",
+ "Microsoft.Sql/servers/databases/extensions",
+ "Microsoft.Sql/servers/elasticPoolEstimates",
+ "Microsoft.Sql/servers/databases/auditRecords",
+ "Microsoft.Sql/servers/databases/VulnerabilityAssessmentScans",
+ "Microsoft.Sql/servers/databases/workloadGroups",
+ "Microsoft.Sql/servers/databases/vulnerabilityAssessments",
+ "Microsoft.Sql/servers/vulnerabilityAssessments",
+ "Microsoft.Sql/managedInstances/databases/vulnerabilityAssessments",
+ "Microsoft.Sql/managedInstances/vulnerabilityAssessments",
+ "Microsoft.Sql/servers/databases/VulnerabilityAssessmentSettings",
+ "Microsoft.Sql/servers/databases/VulnerabilityAssessment",
+ "Microsoft.Sql/locations/vulnerabilityAssessmentScanAzureAsyncOperation",
+ "Microsoft.Sql/locations/vulnerabilityAssessmentScanOperationResults",
+ "Microsoft.Sql/servers/databases/sqlvulnerabilityassessments",
+ "Microsoft.Sql/servers/sqlvulnerabilityassessments",
+ "Microsoft.Sql/locations/sqlVulnerabilityAssessmentAzureAsyncOperation",
+ "Microsoft.Sql/locations/sqlVulnerabilityAssessmentOperationResults",
+ "Microsoft.Sql/servers/databases/recommendedSensitivityLabels",
+ "Microsoft.Sql/servers/databases/syncGroups",
+ "Microsoft.Sql/servers/databases/syncGroups/syncMembers",
+ "Microsoft.Sql/servers/syncAgents",
+ "Microsoft.Sql/instancePools",
+ "Microsoft.Sql/locations/importExportOperationResults",
+ "Microsoft.Sql/locations/importExportAzureAsyncOperation",
+ "Microsoft.Sql/locations/instancePoolOperationResults",
+ "Microsoft.Sql/locations/instancePoolAzureAsyncOperation",
+ "Microsoft.Sql/managedInstances",
+ "Microsoft.Sql/managedInstances/administrators",
+ "Microsoft.Sql/managedInstances/databases",
+ "Microsoft.Sql/managedInstances/recoverableDatabases",
+ "Microsoft.Sql/managedInstances/metrics",
+ "Microsoft.Sql/managedInstances/metricDefinitions",
+ "Microsoft.Sql/managedInstances/databases/backupLongTermRetentionPolicies",
+ "Microsoft.Sql/managedInstances/sqlAgent",
+ "Microsoft.Sql/managedInstances/startStopSchedules",
+ "Microsoft.Sql/locations/managedInstancePrivateEndpointConnectionProxyOperationResults",
+ "Microsoft.Sql/locations/managedInstancePrivateEndpointConnectionProxyAzureAsyncOperation",
+ "Microsoft.Sql/locations/managedInstancePrivateEndpointConnectionOperationResults",
+ "Microsoft.Sql/locations/managedInstancePrivateEndpointConnectionAzureAsyncOperation",
+ "Microsoft.Sql/locations/longTermRetentionManagedInstances",
+ "Microsoft.Sql/locations/longTermRetentionManagedInstanceBackups",
+ "Microsoft.Sql/locations/managedInstanceLongTermRetentionPolicyOperationResults",
+ "Microsoft.Sql/locations/managedInstanceLongTermRetentionPolicyAzureAsyncOperation",
+ "Microsoft.Sql/locations/longTermRetentionManagedInstanceBackupOperationResults",
+ "Microsoft.Sql/locations/longTermRetentionManagedInstanceBackupAzureAsyncOperation",
+ "Microsoft.Sql/locations/managedDatabaseAzureAsyncOperation",
+ "Microsoft.Sql/locations/managedDatabaseOperationResults",
+ "Microsoft.Sql/locations/managedDatabaseRestoreAzureAsyncOperation",
+ "Microsoft.Sql/locations/managedDatabaseRestoreOperationResults",
+ "Microsoft.Sql/locations/managedDatabaseCompleteRestoreAzureAsyncOperation",
+ "Microsoft.Sql/locations/managedDatabaseCompleteRestoreOperationResults",
+ "Microsoft.Sql/locations/managedServerSecurityAlertPoliciesAzureAsyncOperation",
+ "Microsoft.Sql/locations/stopManagedInstanceAzureAsyncOperation",
+ "Microsoft.Sql/locations/stopManagedInstanceOperationResults",
+ "Microsoft.Sql/locations/startManagedInstanceAzureAsyncOperation",
+ "Microsoft.Sql/locations/startManagedInstanceOperationResults",
+ "Microsoft.Sql/managedInstances/tdeCertificates",
+ "Microsoft.Sql/locations/managedInstanceTdeCertAzureAsyncOperation",
+ "Microsoft.Sql/locations/managedInstanceTdeCertOperationResults",
+ "Microsoft.Sql/locations/managedServerSecurityAlertPoliciesOperationResults",
+ "Microsoft.Sql/locations/securityAlertPoliciesAzureAsyncOperation",
+ "Microsoft.Sql/locations/securityAlertPoliciesOperationResults",
+ "Microsoft.Sql/locations/advancedThreatProtectionAzureAsyncOperation",
+ "Microsoft.Sql/locations/advancedThreatProtectionOperationResults",
+ "Microsoft.Sql/locations/managedInstanceAdvancedThreatProtectionAzureAsyncOperation",
+ "Microsoft.Sql/locations/managedInstanceAdvancedThreatProtectionOperationResults",
+ "Microsoft.Sql/managedInstances/dnsAliases",
+ "Microsoft.Sql/locations/managedDnsAliasAsyncOperation",
+ "Microsoft.Sql/locations/managedDnsAliasOperationResults",
+ "Microsoft.Sql/virtualClusters",
+ "Microsoft.Sql/locations/virtualClusterAzureAsyncOperation",
+ "Microsoft.Sql/locations/virtualClusterOperationResults",
+ "Microsoft.Sql/locations/updateManagedInstanceDnsServersAzureAsyncOperation",
+ "Microsoft.Sql/locations/updateManagedInstanceDnsServersOperationResults",
+ "Microsoft.Sql/locations/managedInstanceAzureAsyncOperation",
+ "Microsoft.Sql/locations/managedInstanceOperationResults",
+ "Microsoft.Sql/locations/distributedAvailabilityGroupsOperationResults",
+ "Microsoft.Sql/locations/distributedAvailabilityGroupsAzureAsyncOperation",
+ "Microsoft.Sql/locations/serverTrustCertificatesOperationResults",
+ "Microsoft.Sql/locations/serverTrustCertificatesAzureAsyncOperation",
+ "Microsoft.Sql/locations/administratorAzureAsyncOperation",
+ "Microsoft.Sql/locations/administratorOperationResults",
+ "Microsoft.Sql/locations/syncGroupOperationResults",
+ "Microsoft.Sql/locations/syncGroupAzureAsyncOperation",
+ "Microsoft.Sql/locations/syncMemberOperationResults",
+ "Microsoft.Sql/locations/syncAgentOperationResults",
+ "Microsoft.Sql/locations/syncDatabaseIds",
+ "Microsoft.Sql/locations/longTermRetentionServers",
+ "Microsoft.Sql/locations/longTermRetentionBackups",
+ "Microsoft.Sql/locations/longTermRetentionPolicyOperationResults",
+ "Microsoft.Sql/locations/longTermRetentionPolicyAzureAsyncOperation",
+ "Microsoft.Sql/locations/longTermRetentionBackupOperationResults",
+ "Microsoft.Sql/locations/longTermRetentionBackupAzureAsyncOperation",
+ "Microsoft.Sql/locations/changeLongTermRetentionBackupAccessTierOperationResults",
+ "Microsoft.Sql/locations/changeLongTermRetentionBackupAccessTierAzureAsyncOperation",
+ "Microsoft.Sql/locations/shortTermRetentionPolicyOperationResults",
+ "Microsoft.Sql/locations/shortTermRetentionPolicyAzureAsyncOperation",
+ "Microsoft.Sql/locations/managedShortTermRetentionPolicyOperationResults",
+ "Microsoft.Sql/locations/managedShortTermRetentionPolicyAzureAsyncOperation",
+ "Microsoft.Sql/locations/instanceFailoverGroups",
+ "Microsoft.Sql/locations/instanceFailoverGroupAzureAsyncOperation",
+ "Microsoft.Sql/locations/instanceFailoverGroupOperationResults",
+ "Microsoft.Sql/locations/privateEndpointConnectionProxyOperationResults",
+ "Microsoft.Sql/locations/privateEndpointConnectionProxyAzureAsyncOperation",
+ "Microsoft.Sql/locations/privateEndpointConnectionOperationResults",
+ "Microsoft.Sql/locations/outboundFirewallRulesAzureAsyncOperation",
+ "Microsoft.Sql/locations/outboundFirewallRulesOperationResults",
+ "Microsoft.Sql/locations/privateEndpointConnectionAzureAsyncOperation",
+ "Microsoft.Sql/locations/notifyAzureAsyncOperation",
+ "Microsoft.Sql/locations/serverTrustGroups",
+ "Microsoft.Sql/locations/serverTrustGroupOperationResults",
+ "Microsoft.Sql/locations/serverTrustGroupAzureAsyncOperation",
+ "Microsoft.Sql/locations/managedDatabaseMoveOperationResults",
+ "Microsoft.Sql/locations/managedDatabaseMoveAzureAsyncOperation",
+ "Microsoft.Sql/servers/connectionPolicies",
+ "Microsoft.Sql/locations/connectionPoliciesAzureAsyncOperation",
+ "Microsoft.Sql/locations/connectionPoliciesOperationResults",
+ "Microsoft.Sql/locations/notifyNetworkSecurityPerimeterUpdatesAvailable",
+ "Microsoft.Sql/locations/replicationLinksAzureAsyncOperation",
+ "Microsoft.Sql/locations/replicationLinksOperationResults",
+ "Microsoft.Sql/locations/managedInstanceDtcAzureAsyncOperation",
+ "Microsoft.Sql/managedInstances/databases/ledgerDigestUploads",
+ "Microsoft.Sql/locations/managedLedgerDigestUploadsOperationResults",
+ "Microsoft.Sql/locations/managedLedgerDigestUploadsAzureAsyncOperation",
+ "Microsoft.Sql/locations/serverConfigurationOptionAzureAsyncOperation",
+ "Microsoft.Sql/servers/failoverGroups/tryPlannedBeforeForcedFailover",
+ "Microsoft.DBforMySQL/operations",
+ "Microsoft.DBforMySQL/servers",
+ "Microsoft.DBforMySQL/flexibleServers",
+ "Microsoft.DBforMySQL/servers/recoverableServers",
+ "Microsoft.DBforMySQL/servers/virtualNetworkRules",
+ "Microsoft.DBforMySQL/locations/capabilities",
+ "Microsoft.DBforMySQL/locations/capabilitySets",
+ "Microsoft.DBforMySQL/locations/checkNameAvailability",
+ "Microsoft.DBforMySQL/checkNameAvailability",
+ "Microsoft.DBforMySQL/assessForMigration",
+ "Microsoft.DBforMySQL/getPrivateDnsZoneSuffix",
+ "Microsoft.DBforMySQL/locations/checkVirtualNetworkSubnetUsage",
+ "Microsoft.DBforMySQL/locations/listMigrations",
+ "Microsoft.DBforMySQL/locations/updateMigration",
+ "Microsoft.DBforMySQL/locations",
+ "Microsoft.DBforMySQL/locations/operationResults",
+ "Microsoft.DBforMySQL/locations/operationProgress",
+ "Microsoft.DBforMySQL/locations/azureAsyncOperation",
+ "Microsoft.DBforMySQL/locations/administratorOperationResults",
+ "Microsoft.DBforMySQL/locations/administratorAzureAsyncOperation",
+ "Microsoft.DBforMySQL/locations/privateEndpointConnectionProxyOperationResults",
+ "Microsoft.DBforMySQL/locations/privateEndpointConnectionProxyAzureAsyncOperation",
+ "Microsoft.DBforMySQL/locations/privateEndpointConnectionOperationResults",
+ "Microsoft.DBforMySQL/locations/privateEndpointConnectionAzureAsyncOperation",
+ "Microsoft.DBforMySQL/locations/performanceTiers",
+ "Microsoft.DBforMySQL/locations/securityAlertPoliciesAzureAsyncOperation",
+ "Microsoft.DBforMySQL/locations/securityAlertPoliciesOperationResults",
+ "Microsoft.DBforMySQL/locations/recommendedActionSessionsAzureAsyncOperation",
+ "Microsoft.DBforMySQL/locations/recommendedActionSessionsOperationResults",
+ "Microsoft.DBforMySQL/servers/topQueryStatistics",
+ "Microsoft.DBforMySQL/servers/queryTexts",
+ "Microsoft.DBforMySQL/servers/waitStatistics",
+ "Microsoft.DBforMySQL/servers/resetQueryPerformanceInsightData",
+ "Microsoft.DBforMySQL/servers/advisors",
+ "Microsoft.DBforMySQL/servers/privateLinkResources",
+ "Microsoft.DBforMySQL/servers/privateEndpointConnections",
+ "Microsoft.DBforMySQL/servers/privateEndpointConnectionProxies",
+ "Microsoft.DBforMySQL/servers/keys",
+ "Microsoft.DBforMySQL/locations/serverKeyAzureAsyncOperation",
+ "Microsoft.DBforMySQL/locations/serverKeyOperationResults",
+ "Microsoft.DBforMySQL/servers/upgrade",
+ "Microsoft.CognitiveServices/accounts",
+ "Microsoft.CognitiveServices/operations",
+ "Microsoft.CognitiveServices/locations/operationResults",
+ "Microsoft.CognitiveServices/locations",
+ "Microsoft.CognitiveServices/locations/deleteVirtualNetworkOrSubnets",
+ "Microsoft.CognitiveServices/locations/checkSkuAvailability",
+ "Microsoft.CognitiveServices/checkDomainAvailability",
+ "Microsoft.CognitiveServices/accounts/privateLinkResources",
+ "Microsoft.CognitiveServices/accounts/privateEndpointConnections",
+ "Microsoft.CognitiveServices/accounts/privateEndpointConnectionProxies",
+ "Microsoft.CognitiveServices/deletedAccounts",
+ "Microsoft.CognitiveServices/locations/resourceGroups",
+ "Microsoft.CognitiveServices/locations/resourceGroups/deletedAccounts",
+ "Microsoft.CognitiveServices/locations/commitmentTiers",
+ "Microsoft.CognitiveServices/locations/models",
+ "Microsoft.CognitiveServices/locations/usages",
+ "Microsoft.CognitiveServices/locations/raiContentFilters",
+ "Microsoft.CognitiveServices/locations/notifyNetworkSecurityPerimeterUpdatesAvailable",
+ "Microsoft.CognitiveServices/accounts/networkSecurityPerimeterAssociationProxies",
+ "Microsoft.CognitiveServices/accounts/encryptionScopes",
+ "Microsoft.CognitiveServices/commitmentPlans",
+ "Microsoft.CognitiveServices/attestations",
+ "Microsoft.CognitiveServices/attestationDefinitions",
+ "Microsoft.Media/mediaservices",
+ "Microsoft.Media/mediaservices/assets",
+ "Microsoft.Media/mediaservices/assets/tracks",
+ "Microsoft.Media/mediaservices/assets/tracks/operationstatuses",
+ "Microsoft.Media/mediaservices/assets/tracks/operationResults",
+ "Microsoft.Media/mediaservices/contentKeyPolicies",
+ "Microsoft.Media/mediaservices/streamingLocators",
+ "Microsoft.Media/mediaservices/streamingPolicies",
+ "Microsoft.Media/mediaservices/eventGridFilters",
+ "Microsoft.Media/mediaservices/transforms",
+ "Microsoft.Media/mediaservices/transforms/jobs",
+ "Microsoft.Media/mediaservices/streamingEndpoints",
+ "Microsoft.Media/mediaservices/liveEvents",
+ "Microsoft.Media/mediaservices/liveEvents/liveOutputs",
+ "Microsoft.Media/mediaservices/streamingEndpointOperations",
+ "Microsoft.Media/mediaservices/liveEventOperations",
+ "Microsoft.Media/mediaservices/liveOutputOperations",
+ "Microsoft.Media/mediaservices/streamingendpoints/operationlocations",
+ "Microsoft.Media/mediaservices/liveevents/operationlocations",
+ "Microsoft.Media/mediaservices/liveevents/liveoutputs/operationlocations",
+ "Microsoft.Media/mediaservices/privateEndpointConnectionProxies",
+ "Microsoft.Media/mediaservices/privateEndpointConnections",
+ "Microsoft.Media/mediaservices/privateEndpointConnectionOperations",
+ "Microsoft.Media/locations/mediaServicesOperationStatuses",
+ "Microsoft.Media/locations/mediaServicesOperationResults",
+ "Microsoft.Media/mediaservices/assets/assetFilters",
+ "Microsoft.Media/mediaservices/accountFilters",
+ "Microsoft.Media/operations",
+ "Microsoft.Media/checknameavailability",
+ "Microsoft.Media/locations",
+ "Microsoft.Media/locations/checkNameAvailability",
+ "Microsoft.Web/publishingUsers",
+ "Microsoft.Web/ishostnameavailable",
+ "Microsoft.Web/validate",
+ "Microsoft.Web/isusernameavailable",
+ "Microsoft.Web/generateGithubAccessTokenForAppserviceCLI",
+ "Microsoft.Web/sourceControls",
+ "Microsoft.Web/availableStacks",
+ "Microsoft.Web/webAppStacks",
+ "Microsoft.Web/locations/webAppStacks",
+ "Microsoft.Web/functionAppStacks",
+ "Microsoft.Web/locations/functionAppStacks",
+ "Microsoft.Web/staticSites",
+ "Microsoft.Web/locations/previewStaticSiteWorkflowFile",
+ "Microsoft.Web/staticSites/userProvidedFunctionApps",
+ "Microsoft.Web/staticSites/linkedBackends",
+ "Microsoft.Web/staticSites/builds/linkedBackends",
+ "Microsoft.Web/staticSites/databaseConnections",
+ "Microsoft.Web/staticSites/builds/databaseConnections",
+ "Microsoft.Web/staticSites/builds",
+ "Microsoft.Web/staticSites/builds/userProvidedFunctionApps",
+ "Microsoft.Web/listSitesAssignedToHostName",
+ "Microsoft.Web/locations/getNetworkPolicies",
+ "Microsoft.Web/locations/operations",
+ "Microsoft.Web/locations/operationResults",
+ "Microsoft.Web/sites/networkConfig",
+ "Microsoft.Web/sites/slots/networkConfig",
+ "Microsoft.Web/sites/hostNameBindings",
+ "Microsoft.Web/sites/slots/hostNameBindings",
+ "Microsoft.Web/operations",
+ "Microsoft.Web/certificates",
+ "Microsoft.Web/serverFarms",
+ "Microsoft.Web/sites",
+ "Microsoft.Web/sites/slots",
+ "Microsoft.Web/runtimes",
+ "Microsoft.Web/recommendations",
+ "Microsoft.Web/resourceHealthMetadata",
+ "Microsoft.Web/aseregions",
+ "Microsoft.Web/georegions",
+ "Microsoft.Web/sites/premieraddons",
+ "Microsoft.Web/hostingEnvironments",
+ "Microsoft.Web/hostingEnvironments/multiRolePools",
+ "Microsoft.Web/hostingEnvironments/workerPools",
+ "Microsoft.Web/kubeEnvironments",
+ "Microsoft.Web/deploymentLocations",
+ "Microsoft.Web/deletedSites",
+ "Microsoft.Web/locations/deletedSites",
+ "Microsoft.Web/ishostingenvironmentnameavailable",
+ "Microsoft.Web/locations/deleteVirtualNetworkOrSubnets",
+ "Microsoft.Web/locations/validateDeleteVirtualNetworkOrSubnets",
+ "Microsoft.Web/connections",
+ "Microsoft.Web/customApis",
+ "Microsoft.Web/locations",
+ "Microsoft.Web/locations/listWsdlInterfaces",
+ "Microsoft.Web/locations/extractApiDefinitionFromWsdl",
+ "Microsoft.Web/locations/managedApis",
+ "Microsoft.Web/locations/runtimes",
+ "Microsoft.Web/locations/apiOperations",
+ "Microsoft.Web/connectionGateways",
+ "Microsoft.Web/locations/connectionGatewayInstallations",
+ "Microsoft.Web/checkNameAvailability",
+ "Microsoft.Web/billingMeters",
+ "Microsoft.Web/verifyHostingEnvironmentVnet",
+ "Microsoft.Web/serverFarms/eventGridFilters",
+ "Microsoft.Web/sites/eventGridFilters",
+ "Microsoft.Web/sites/slots/eventGridFilters",
+ "Microsoft.Web/hostingEnvironments/eventGridFilters",
+ "Microsoft.Web/serverFarms/firstPartyApps",
+ "Microsoft.Web/serverFarms/firstPartyApps/keyVaultSettings",
+ "Microsoft.Web/containerApps",
+ "Microsoft.Web/customhostnameSites",
+ "Microsoft.Web/locations/usages",
+ "Microsoft.Search/searchServices",
+ "Microsoft.Search/checkServiceNameAvailability",
+ "Microsoft.Search/checkNameAvailability",
+ "Microsoft.Search/resourceHealthMetadata",
+ "Microsoft.Search/operations",
+ "Microsoft.Search/locations",
+ "Microsoft.Search/locations/notifyNetworkSecurityPerimeterUpdatesAvailable",
+ "Microsoft.Search/locations/usages",
+ "Microsoft.Search/locations/operationResults",
+ "Microsoft.DataLakeStore/accounts",
+ "Microsoft.DataLakeStore/accounts/firewallRules",
+ "Microsoft.DataLakeStore/accounts/eventGridFilters",
+ "Microsoft.DataLakeStore/locations",
+ "Microsoft.DataLakeStore/locations/operationresults",
+ "Microsoft.DataLakeStore/locations/checkNameAvailability",
+ "Microsoft.DataLakeStore/locations/capability",
+ "Microsoft.DataLakeStore/locations/usages",
+ "Microsoft.DataLakeStore/locations/deleteVirtualNetworkOrSubnets",
+ "Microsoft.DataLakeStore/operations",
+ "Microsoft.DataMigration/locations",
+ "Microsoft.DataMigration/services",
+ "Microsoft.DataMigration/services/projects",
+ "Microsoft.DataMigration/locations/operationResults",
+ "Microsoft.DataMigration/locations/operationStatuses",
+ "Microsoft.DataMigration/locations/checkNameAvailability",
+ "Microsoft.DataMigration/operations",
+ "Microsoft.DataMigration/migrationServices",
+ "Microsoft.DataMigration/SqlMigrationServices",
+ "Microsoft.DataMigration/DatabaseMigrations",
+ "Microsoft.DataMigration/Locations/OperationTypes",
+ "Microsoft.DataMigration/locations/migrationServiceOperationResults",
+ "Microsoft.DataMigration/Locations/sqlMigrationServiceOperationResults",
+ "Microsoft.Kusto/clusters",
+ "Microsoft.Kusto/clusters/databases",
+ "Microsoft.Kusto/clusters/attacheddatabaseconfigurations",
+ "Microsoft.Kusto/clusters/principalassignments",
+ "Microsoft.Kusto/clusters/databases/eventhubconnections",
+ "Microsoft.Kusto/clusters/databases/dataconnections",
+ "Microsoft.Kusto/clusters/databases/principalassignments",
+ "Microsoft.Kusto/locations/operationResults",
+ "Microsoft.Kusto/locations",
+ "Microsoft.Kusto/locations/checkNameAvailability",
+ "Microsoft.Kusto/locations/skus",
+ "Microsoft.Kusto/operations",
+ "Microsoft.Kusto/clusters/databases/scripts",
+ "Microsoft.Kusto/clusters/managedPrivateEndpoints",
+ "Microsoft.Kusto/clusters/sandboxCustomImages",
+ "Microsoft.ApiManagement/service",
+ "Microsoft.ApiManagement/deletedServices",
+ "Microsoft.ApiManagement/locations",
+ "Microsoft.ApiManagement/locations/deletedServices",
+ "Microsoft.ApiManagement/validateServiceName",
+ "Microsoft.ApiManagement/checkServiceNameAvailability",
+ "Microsoft.ApiManagement/checkNameAvailability",
+ "Microsoft.ApiManagement/reportFeedback",
+ "Microsoft.ApiManagement/checkFeedbackRequired",
+ "Microsoft.ApiManagement/operations",
+ "Microsoft.ApiManagement/getDomainOwnershipIdentifier",
+ "Microsoft.ApiManagement/service/eventGridFilters",
+ "Microsoft.MixedReality/locations",
+ "Microsoft.MixedReality/locations/checkNameAvailability",
+ "Microsoft.MixedReality/operations",
+ "Microsoft.MixedReality/spatialAnchorsAccounts",
+ "Microsoft.MixedReality/remoteRenderingAccounts",
+ "Microsoft.MixedReality/objectAnchorsAccounts",
+ "Microsoft.Maps/accounts",
+ "Microsoft.Maps/accounts/creators",
+ "Microsoft.Maps/accounts/eventGridFilters",
+ "Microsoft.Maps/operations",
+ "Microsoft.AVS/locations",
+ "Microsoft.AVS/locations/checkQuotaAvailability",
+ "Microsoft.AVS/locations/checkTrialAvailability",
+ "Microsoft.AVS/locations/usages",
+ "Microsoft.AVS/operations",
+ "Microsoft.AVS/privateClouds",
+ "Microsoft.AVS/privateClouds/addons",
+ "Microsoft.AVS/privateClouds/authorizations",
+ "Microsoft.AVS/privateClouds/cloudLinks",
+ "Microsoft.AVS/privateClouds/clusters",
+ "Microsoft.AVS/privateClouds/clusters/datastores",
+ "Microsoft.AVS/privateClouds/clusters/placementPolicies",
+ "Microsoft.AVS/privateClouds/clusters/virtualMachines",
+ "Microsoft.AVS/privateClouds/eventGridFilters",
+ "Microsoft.AVS/privateClouds/globalReachConnections",
+ "Microsoft.AVS/privateClouds/hcxEnterpriseSites",
+ "Microsoft.AVS/privateClouds/scriptExecutions",
+ "Microsoft.AVS/privateClouds/scriptPackages",
+ "Microsoft.AVS/privateClouds/scriptPackages/scriptCmdlets",
+ "Microsoft.AVS/privateClouds/workloadNetworks",
+ "Microsoft.AVS/privateClouds/workloadNetworks/dhcpConfigurations",
+ "Microsoft.AVS/privateClouds/workloadNetworks/dnsServices",
+ "Microsoft.AVS/privateClouds/workloadNetworks/dnsZones",
+ "Microsoft.AVS/privateClouds/workloadNetworks/gateways",
+ "Microsoft.AVS/privateClouds/workloadNetworks/portMirroringProfiles",
+ "Microsoft.AVS/privateClouds/workloadNetworks/publicIPs",
+ "Microsoft.AVS/privateClouds/workloadNetworks/segments",
+ "Microsoft.AVS/privateClouds/workloadNetworks/virtualMachines",
+ "Microsoft.AVS/privateClouds/workloadNetworks/vmGroups",
+ "Microsoft.Blueprint/blueprints",
+ "Microsoft.Blueprint/blueprints/artifacts",
+ "Microsoft.Blueprint/blueprints/versions",
+ "Microsoft.Blueprint/blueprints/versions/artifacts",
+ "Microsoft.Blueprint/blueprintAssignments",
+ "Microsoft.Blueprint/blueprintAssignments/operations",
+ "Microsoft.Blueprint/blueprintAssignments/assignmentOperations",
+ "Microsoft.Blueprint/operations",
+ "Microsoft.HealthcareApis/services",
+ "Microsoft.HealthcareApis/services/privateEndpointConnectionProxies",
+ "Microsoft.HealthcareApis/services/privateEndpointConnections",
+ "Microsoft.HealthcareApis/services/privateLinkResources",
+ "Microsoft.HealthcareApis/services/iomtconnectors",
+ "Microsoft.HealthcareApis/services/iomtconnectors/connections",
+ "Microsoft.HealthcareApis/services/iomtconnectors/mappings",
+ "Microsoft.HealthcareApis/workspaces",
+ "Microsoft.HealthcareApis/workspaces/privateEndpointConnectionProxies",
+ "Microsoft.HealthcareApis/workspaces/privateEndpointConnections",
+ "Microsoft.HealthcareApis/workspaces/privateLinkResources",
+ "Microsoft.HealthcareApis/workspaces/dicomservices",
+ "Microsoft.HealthcareApis/workspaces/iotconnectors",
+ "Microsoft.HealthcareApis/workspaces/iotconnectors/fhirdestinations",
+ "Microsoft.HealthcareApis/workspaces/fhirservices",
+ "Microsoft.HealthcareApis/workspaces/eventGridFilters",
+ "Microsoft.HealthcareApis/locations",
+ "Microsoft.HealthcareApis/locations/operationresults",
+ "Microsoft.HealthcareApis/checkNameAvailability",
+ "Microsoft.HealthcareApis/operations",
+ "Microsoft.HealthcareApis/validateMedtechMappings",
+ "Microsoft.Advisor/suppressions",
+ "Microsoft.Advisor/configurations",
+ "Microsoft.Advisor/metadata",
+ "Microsoft.Advisor/recommendations",
+ "Microsoft.Advisor/generateRecommendations",
+ "Microsoft.Advisor/operations",
+ "Microsoft.Advisor/advisorScore",
+ "Microsoft.Advisor/predict",
+ "Microsoft.MarketplaceNotifications/reviewsnotifications",
+ "Microsoft.MarketplaceNotifications/operations",
+ "Microsoft.ServiceLinker/locations",
+ "Microsoft.ServiceLinker/locations/operationStatuses",
+ "Microsoft.ServiceLinker/operations",
+ "Microsoft.ServiceLinker/linkers",
+ "Microsoft.ServiceLinker/dryruns",
+ "Microsoft.ServiceLinker/locations/connectors",
+ "Microsoft.ServiceLinker/locations/dryruns",
+ "Microsoft.ServiceLinker/configurationNames",
+ "Microsoft.ServiceLinker/daprConfigurations",
+ "Microsoft.DataProtection/BackupVaults",
+ "Microsoft.DataProtection/ResourceGuards",
+ "Microsoft.DataProtection/operations",
+ "Microsoft.DataProtection/locations",
+ "Microsoft.DataProtection/locations/operationResults",
+ "Microsoft.DataProtection/locations/operationStatus",
+ "Microsoft.DataProtection/locations/checkNameAvailability",
+ "Microsoft.DataProtection/locations/checkFeatureSupport",
+ "Microsoft.DataProtection/backupInstances",
+ "Microsoft.DataProtection/locations/fetchSecondaryRecoveryPoints",
+ "Microsoft.DataProtection/locations/fetchCrossRegionRestoreJobs",
+ "Microsoft.DataProtection/locations/fetchCrossRegionRestoreJob",
+ "Microsoft.DataProtection/locations/validateCrossRegionRestore",
+ "Microsoft.DataProtection/locations/crossRegionRestore",
+ "Microsoft.Consumption/Forecasts",
+ "Microsoft.Consumption/AggregatedCost",
+ "Microsoft.Consumption/tenants",
+ "Microsoft.Consumption/ReservationRecommendations",
+ "Microsoft.Consumption/ReservationRecommendationDetails",
+ "Microsoft.Consumption/ReservationSummaries",
+ "Microsoft.Consumption/ReservationTransactions",
+ "Microsoft.Consumption/Balances",
+ "Microsoft.Consumption/Marketplaces",
+ "Microsoft.Consumption/Pricesheets",
+ "Microsoft.Consumption/ReservationDetails",
+ "Microsoft.Consumption/Budgets",
+ "Microsoft.Consumption/CostTags",
+ "Microsoft.Consumption/Tags",
+ "Microsoft.Consumption/Terms",
+ "Microsoft.Consumption/UsageDetails",
+ "Microsoft.Consumption/Charges",
+ "Microsoft.Consumption/credits",
+ "Microsoft.Consumption/events",
+ "Microsoft.Consumption/lots",
+ "Microsoft.Consumption/products",
+ "Microsoft.Consumption/OperationStatus",
+ "Microsoft.Consumption/OperationResults",
+ "Microsoft.Consumption/Operations",
+ "Microsoft.GuestConfiguration/guestConfigurationAssignments",
+ "Microsoft.GuestConfiguration/operations",
+ "Astronomer.Astro/locations",
+ "Astronomer.Astro/operations",
+ "Astronomer.Astro/organizations",
+ "Astronomer.Astro/locations/operationStatuses",
+ "Dynatrace.Observability/operations",
+ "Dynatrace.Observability/registeredSubscriptions",
+ "Dynatrace.Observability/locations",
+ "Dynatrace.Observability/locations/operationStatuses",
+ "Dynatrace.Observability/monitors",
+ "Dynatrace.Observability/monitors/tagRules",
+ "Dynatrace.Observability/monitors/singleSignOnConfigurations",
+ "Dynatrace.Observability/checkNameAvailability",
+ "Dynatrace.Observability/getMarketplaceSaaSResourceDetails",
+ "GitHub.Network/Operations",
+ "GitHub.Network/networkSettings",
+ "GitHub.Network/registeredSubscriptions",
+ "Microsoft.AAD/DomainServices",
+ "Microsoft.AAD/DomainServices/oucontainer",
+ "Microsoft.AAD/locations",
+ "Microsoft.AAD/locations/operationresults",
+ "Microsoft.AAD/operations",
+ "Microsoft.AadCustomSecurityAttributesDiagnosticSettings/operations",
+ "Microsoft.AadCustomSecurityAttributesDiagnosticSettings/diagnosticSettings",
+ "Microsoft.AadCustomSecurityAttributesDiagnosticSettings/diagnosticSettingsCategories",
+ "microsoft.aadiam/azureADMetrics",
+ "microsoft.aadiam/privateLinkForAzureAD",
+ "microsoft.aadiam/tenants",
+ "microsoft.aadiam/operations",
+ "microsoft.aadiam/diagnosticSettings",
+ "microsoft.aadiam/diagnosticSettingsCategories",
+ "Microsoft.Addons/supportProviders",
+ "Microsoft.Addons/operations",
+ "Microsoft.Addons/operationResults",
+ "Microsoft.ADHybridHealthService/services",
+ "Microsoft.ADHybridHealthService/addsservices",
+ "Microsoft.ADHybridHealthService/configuration",
+ "Microsoft.ADHybridHealthService/operations",
+ "Microsoft.ADHybridHealthService/agents",
+ "Microsoft.ADHybridHealthService/aadsupportcases",
+ "Microsoft.ADHybridHealthService/reports",
+ "Microsoft.ADHybridHealthService/servicehealthmetrics",
+ "Microsoft.ADHybridHealthService/logs",
+ "Microsoft.ADHybridHealthService/anonymousapiusers",
+ "Microsoft.AgFoodPlatform/operations",
+ "Microsoft.AgFoodPlatform/farmBeatsExtensionDefinitions",
+ "Microsoft.AgFoodPlatform/farmBeatsSolutionDefinitions",
+ "Microsoft.AgFoodPlatform/checkNameAvailability",
+ "Microsoft.AgFoodPlatform/locations",
+ "Microsoft.AksHybrid/locations",
+ "Microsoft.AnalysisServices/servers",
+ "Microsoft.AnalysisServices/locations",
+ "Microsoft.AnalysisServices/locations/checkNameAvailability",
+ "Microsoft.AnalysisServices/locations/operationresults",
+ "Microsoft.AnalysisServices/locations/operationstatuses",
+ "Microsoft.AnalysisServices/operations",
+ "Microsoft.AnyBuild/Locations",
+ "Microsoft.AnyBuild/Locations/OperationStatuses",
+ "Microsoft.AnyBuild/clusters",
+ "Microsoft.AnyBuild/Operations",
+ "Microsoft.ApiCenter/services",
+ "Microsoft.ApiCenter/operations",
+ "Microsoft.ApiCenter/services/eventGridFilters",
+ "Microsoft.ApiSecurity/Locations",
+ "Microsoft.ApiSecurity/Locations/OperationStatuses",
+ "Microsoft.ApiSecurity/Operations",
+ "Microsoft.ApiSecurity/apiCollections",
+ "Microsoft.ApiSecurity/apiCollections/apiCollectionDetails",
+ "Microsoft.ApiSecurity/apiCollectionsMeta",
+ "Microsoft.ApiSecurity/apiCollectionsMeta/apiCollectionMetaDetails",
+ "Microsoft.App/managedEnvironments",
+ "Microsoft.App/managedEnvironments/certificates",
+ "Microsoft.App/managedEnvironments/managedCertificates",
+ "Microsoft.App/containerApps",
+ "Microsoft.App/jobs",
+ "Microsoft.App/locations",
+ "Microsoft.App/locations/managedEnvironmentOperationResults",
+ "Microsoft.App/locations/managedEnvironmentOperationStatuses",
+ "Microsoft.App/locations/containerappOperationResults",
+ "Microsoft.App/locations/containerappOperationStatuses",
+ "Microsoft.App/locations/containerappsjobOperationResults",
+ "Microsoft.App/locations/containerappsjobOperationStatuses",
+ "Microsoft.App/locations/sourceControlOperationResults",
+ "Microsoft.App/locations/sourceControlOperationStatuses",
+ "Microsoft.App/locations/usages",
+ "Microsoft.App/operations",
+ "Microsoft.App/connectedEnvironments",
+ "Microsoft.App/connectedEnvironments/certificates",
+ "Microsoft.App/locations/connectedEnvironmentOperationResults",
+ "Microsoft.App/locations/connectedEnvironmentOperationStatuses",
+ "Microsoft.App/locations/managedCertificateOperationStatuses",
+ "Microsoft.App/locations/billingMeters",
+ "Microsoft.App/locations/availableManagedEnvironmentsWorkloadProfileTypes",
+ "Microsoft.App/getCustomDomainVerificationId",
+ "Microsoft.App/builders",
+ "Microsoft.App/builders/builds",
+ "Microsoft.App/locations/OperationResults",
+ "Microsoft.App/locations/OperationStatuses",
+ "Microsoft.App/managedEnvironments/dotNetComponents",
+ "Microsoft.App/managedEnvironments/javaComponents",
+ "Microsoft.App/managedEnvironments/daprComponents",
+ "Microsoft.AppAssessment/Locations",
+ "Microsoft.AppAssessment/operations",
+ "Microsoft.AppAssessment/Locations/OperationStatuses",
+ "Microsoft.AppAssessment/Locations/osVersions",
+ "Microsoft.AppComplianceAutomation/operations",
+ "Microsoft.AppComplianceAutomation/locations",
+ "Microsoft.AppComplianceAutomation/locations/operationStatuses",
+ "Microsoft.AppComplianceAutomation/reports",
+ "Microsoft.AppComplianceAutomation/reports/snapshots",
+ "Microsoft.AppComplianceAutomation/onboard",
+ "Microsoft.AppComplianceAutomation/triggerEvaluation",
+ "Microsoft.AppComplianceAutomation/reports/webhooks",
+ "Microsoft.AppComplianceAutomation/reports/evidences",
+ "Microsoft.AppComplianceAutomation/listInUseStorageAccounts",
+ "Microsoft.AppComplianceAutomation/checkNameAvailability",
+ "Microsoft.AppComplianceAutomation/getCollectionCount",
+ "Microsoft.AppComplianceAutomation/getOverviewStatus",
+ "Microsoft.AppComplianceAutomation/reports/scopingConfigurations",
+ "Microsoft.AppConfiguration/configurationStores",
+ "Microsoft.AppConfiguration/configurationStores/keyValues",
+ "Microsoft.AppConfiguration/configurationStores/eventGridFilters",
+ "Microsoft.AppConfiguration/checkNameAvailability",
+ "Microsoft.AppConfiguration/locations/checkNameAvailability",
+ "Microsoft.AppConfiguration/locations",
+ "Microsoft.AppConfiguration/locations/operationsStatus",
+ "Microsoft.AppConfiguration/operations",
+ "Microsoft.AppConfiguration/deletedConfigurationStores",
+ "Microsoft.AppConfiguration/locations/deletedConfigurationStores",
+ "Microsoft.AppConfiguration/configurationStores/replicas",
+ "Microsoft.AppConfiguration/configurationStores/snapshots",
+ "Microsoft.AppConfiguration/locations/notifyNetworkSecurityPerimeterUpdatesAvailable",
+ "Microsoft.AppSecurity/operationStatuses",
+ "Microsoft.ArcNetworking/locations",
+ "Microsoft.ArcNetworking/locations/operationStatuses",
+ "Microsoft.ArcNetworking/arcNwLoadBalancers",
+ "Microsoft.Attestation/attestationProviders",
+ "Microsoft.Attestation/defaultProviders",
+ "Microsoft.Attestation/locations",
+ "Microsoft.Attestation/locations/defaultProvider",
+ "Microsoft.Attestation/operations",
+ "Microsoft.Authorization/roleAssignmentScheduleRequests",
+ "Microsoft.Authorization/roleEligibilityScheduleRequests",
+ "Microsoft.Authorization/roleAssignmentSchedules",
+ "Microsoft.Authorization/roleEligibilitySchedules",
+ "Microsoft.Authorization/roleAssignmentScheduleInstances",
+ "Microsoft.Authorization/roleEligibilityScheduleInstances",
+ "Microsoft.Authorization/roleManagementPolicies",
+ "Microsoft.Authorization/roleManagementPolicyAssignments",
+ "Microsoft.Authorization/eligibleChildResources",
+ "Microsoft.Authorization/roleManagementAlerts",
+ "Microsoft.Authorization/roleManagementAlertConfigurations",
+ "Microsoft.Authorization/roleManagementAlertDefinitions",
+ "Microsoft.Authorization/roleManagementAlertOperations",
+ "Microsoft.Authorization/roleAssignments",
+ "Microsoft.Authorization/roleDefinitions",
+ "Microsoft.Authorization/classicAdministrators",
+ "Microsoft.Authorization/permissions",
+ "Microsoft.Authorization/denyAssignments",
+ "Microsoft.Authorization/locks",
+ "Microsoft.Authorization/operations",
+ "Microsoft.Authorization/policyDefinitions",
+ "Microsoft.Authorization/policyDefinitions/versions",
+ "Microsoft.Authorization/policySetDefinitions",
+ "Microsoft.Authorization/policySetDefinitions/versions",
+ "Microsoft.Authorization/policyAssignments",
+ "Microsoft.Authorization/policyExemptions",
+ "Microsoft.Authorization/listPolicyDefinitionVersions",
+ "Microsoft.Authorization/listPolicySetDefinitionVersions",
+ "Microsoft.Authorization/dataAliases",
+ "Microsoft.Authorization/dataPolicyManifests",
+ "Microsoft.Authorization/providerOperations",
+ "Microsoft.Authorization/elevateAccess",
+ "Microsoft.Authorization/checkAccess",
+ "Microsoft.Authorization/batchResourceCheckAccess",
+ "Microsoft.Authorization/findOrphanRoleAssignments",
+ "Microsoft.Authorization/roleAssignmentsUsageMetrics",
+ "Microsoft.Authorization/accessReviewScheduleDefinitions",
+ "Microsoft.Authorization/accessReviewScheduleSettings",
+ "Microsoft.Authorization/accessReviewHistoryDefinitions",
+ "Microsoft.Authorization/roleAssignmentApprovals",
+ "Microsoft.Authorization/privateLinkAssociations",
+ "Microsoft.Authorization/resourceManagementPrivateLinks",
+ "Microsoft.Authorization/EnablePrivateLinkNetworkAccess",
+ "Microsoft.Authorization/operationStatus",
+ "Microsoft.Authorization/diagnosticSettings",
+ "Microsoft.Authorization/diagnosticSettingsCategories",
+ "Microsoft.Automanage/configurationProfileAssignments",
+ "Microsoft.Automanage/configurationProfiles",
+ "Microsoft.Automanage/configurationProfiles/versions",
+ "Microsoft.Automanage/bestPractices",
+ "Microsoft.Automanage/bestPractices/versions",
+ "Microsoft.Automanage/operations",
+ "Microsoft.Automanage/servicePrincipals",
+ "Microsoft.AutonomousDevelopmentPlatform/operations",
+ "Microsoft.AutonomousDevelopmentPlatform/locations",
+ "Microsoft.AutonomousDevelopmentPlatform/locations/operationstatuses",
+ "Microsoft.AutonomousDevelopmentPlatform/checknameavailability",
+ "Microsoft.AutonomousDevelopmentPlatform/workspaces/eventgridfilters",
+ "Microsoft.AwsConnector/Locations",
+ "Microsoft.AwsConnector/Operations",
+ "Microsoft.AzureActiveDirectory/ciamDirectories",
+ "Microsoft.AzureActiveDirectory/guestUsages",
+ "Microsoft.AzureActiveDirectory/b2cDirectories",
+ "Microsoft.AzureActiveDirectory/checkNameAvailability",
+ "Microsoft.AzureActiveDirectory/operations",
+ "Microsoft.AzureActiveDirectory/b2ctenants",
+ "Microsoft.AzureActiveDirectory/operationStatuses",
+ "Microsoft.AzureArcData/Locations",
+ "Microsoft.AzureArcData/Locations/OperationStatuses",
+ "Microsoft.AzureArcData/DataControllers",
+ "Microsoft.AzureArcData/SqlManagedInstances",
+ "Microsoft.AzureArcData/PostgresInstances",
+ "Microsoft.AzureArcData/SqlServerInstances",
+ "Microsoft.AzureArcData/Operations",
+ "Microsoft.AzureArcData/DataControllers/ActiveDirectoryConnectors",
+ "Microsoft.AzureArcData/SqlServerInstances/Databases",
+ "Microsoft.AzureArcData/SqlManagedInstances/FailoverGroups",
+ "Microsoft.AzureArcData/SqlServerInstances/AvailabilityGroups",
+ "Microsoft.AzureFleet/locations",
+ "Microsoft.AzureLargeInstance/azureLargeInstances",
+ "Microsoft.AzureLargeInstance/azureLargeStorageInstances",
+ "Microsoft.AzureLargeInstance/locations",
+ "Microsoft.AzureLargeInstance/locations/operationsStatus",
+ "Microsoft.AzureLargeInstance/operations",
+ "Microsoft.AzurePercept/checkNameAvailability",
+ "Microsoft.AzurePercept/operations",
+ "Microsoft.AzurePlaywrightService/operations",
+ "Microsoft.AzurePlaywrightService/checkNameAvailability",
+ "Microsoft.AzurePlaywrightService/Locations",
+ "Microsoft.AzurePlaywrightService/Locations/OperationStatuses",
+ "Microsoft.AzurePlaywrightService/accounts",
+ "Microsoft.AzurePlaywrightService/registeredSubscriptions",
+ "Microsoft.AzurePlaywrightService/Locations/Quotas",
+ "Microsoft.AzureScan/scanningAccounts",
+ "Microsoft.AzureScan/locations",
+ "Microsoft.AzureScan/locations/OperationStatuses",
+ "Microsoft.AzureScan/Operations",
+ "Microsoft.AzureScan/checkNameAvailability",
+ "Microsoft.AzureSphere/catalogs",
+ "Microsoft.AzureSphere/catalogs/products",
+ "Microsoft.AzureSphere/catalogs/products/devicegroups",
+ "Microsoft.AzureSphere/locations",
+ "Microsoft.AzureSphere/catalogs/certificates",
+ "Microsoft.AzureSphere/catalogs/images",
+ "Microsoft.AzureSphere/operations",
+ "Microsoft.AzureSphere/locations/operationStatuses",
+ "Microsoft.AzureSphere/catalogs/products/devicegroups/devices",
+ "Microsoft.AzureSphere/catalogs/products/devicegroups/deployments",
+ "Microsoft.AzureStack/operations",
+ "Microsoft.AzureStack/registrations",
+ "Microsoft.AzureStack/registrations/products",
+ "Microsoft.AzureStack/registrations/customerSubscriptions",
+ "Microsoft.AzureStack/cloudManifestFiles",
+ "Microsoft.AzureStack/linkedSubscriptions",
+ "Microsoft.AzureStack/generateDeploymentLicense",
+ "Microsoft.AzureStackHCI/operations",
+ "Microsoft.AzureStackHCI/locations",
+ "Microsoft.AzureStackHCI/locations/operationstatuses",
+ "Microsoft.AzureStackHCI/galleryImages",
+ "Microsoft.AzureStackHCI/networkInterfaces",
+ "Microsoft.AzureStackHCI/virtualMachines",
+ "Microsoft.AzureStackHCI/virtualNetworks",
+ "Microsoft.AzureStackHCI/virtualHardDisks",
+ "Microsoft.AzureStackHCI/clusters",
+ "Microsoft.AzureStackHCI/clusters/arcSettings",
+ "Microsoft.AzureStackHCI/clusters/arcSettings/extensions",
+ "Microsoft.AzureStackHCI/virtualMachines/extensions",
+ "Microsoft.AzureStackHCI/virtualMachines/hybrididentitymetadata",
+ "Microsoft.AzureStackHCI/clusters/publishers",
+ "Microsoft.AzureStackHCI/clusters/offers",
+ "Microsoft.AzureStackHCI/clusters/publishers/offers",
+ "Microsoft.AzureStackHCI/clusters/publishers/offers/skus",
+ "Microsoft.AzureStackHCI/marketplaceGalleryImages",
+ "Microsoft.AzureStackHCI/storageContainers",
+ "Microsoft.AzureStackHCI/clusters/updates",
+ "Microsoft.AzureStackHCI/clusters/updates/updateRuns",
+ "Microsoft.AzureStackHCI/clusters/updateSummaries",
+ "Microsoft.AzureStackHCI/registeredSubscriptions",
+ "Microsoft.AzureStackHCI/virtualMachineInstances",
+ "Microsoft.AzureStackHCI/clusters/deploymentSettings",
+ "Microsoft.AzureStackHCI/edgeDevices",
+ "Microsoft.AzureStackHCI/logicalNetworks",
+ "Microsoft.AzureStackHCI/clusters/securitySettings",
+ "Microsoft.BackupSolutions/VMwareApplications",
+ "Microsoft.BackupSolutions/locations",
+ "Microsoft.BackupSolutions/locations/operationstatuses",
+ "Microsoft.BackupSolutions/operations",
+ "Microsoft.BareMetal/bareMetalConnections",
+ "Microsoft.BareMetal/operations",
+ "Microsoft.BareMetal/locations",
+ "Microsoft.BareMetal/locations/operationResults",
+ "Microsoft.BareMetal/utilization",
+ "Microsoft.BareMetalInfrastructure/bareMetalInstances",
+ "Microsoft.BareMetalInfrastructure/bareMetalStorageInstances",
+ "Microsoft.BareMetalInfrastructure/locations",
+ "Microsoft.BareMetalInfrastructure/locations/operationsStatus",
+ "Microsoft.BareMetalInfrastructure/operations",
+ "Microsoft.Batch/batchAccounts",
+ "Microsoft.Batch/batchAccounts/pools",
+ "Microsoft.Batch/batchAccounts/detectors",
+ "Microsoft.Batch/batchAccounts/certificates",
+ "Microsoft.Batch/batchAccounts/operationResults",
+ "Microsoft.Batch/batchAccounts/poolOperationResults",
+ "Microsoft.Batch/batchAccounts/certificateOperationResults",
+ "Microsoft.Batch/batchAccounts/privateEndpointConnectionProxyResults",
+ "Microsoft.Batch/batchAccounts/privateEndpointConnectionResults",
+ "Microsoft.Batch/operations",
+ "Microsoft.Batch/locations",
+ "Microsoft.Batch/locations/quotas",
+ "Microsoft.Batch/locations/checkNameAvailability",
+ "Microsoft.Batch/locations/accountOperationResults",
+ "Microsoft.Batch/locations/virtualMachineSkus",
+ "Microsoft.Batch/locations/cloudServiceSkus",
+ "Microsoft.Billing/billingPeriods",
+ "Microsoft.Billing/invoices",
+ "Microsoft.Billing/enrollmentAccounts",
+ "Microsoft.Billing/permissionRequests",
+ "Microsoft.Billing/billingAccounts/permissionRequests",
+ "Microsoft.Billing/billingAccounts/associatedTenants",
+ "Microsoft.Billing/billingRoleDefinitions",
+ "Microsoft.Billing/billingRoleAssignments",
+ "Microsoft.Billing/createBillingRoleAssignment",
+ "Microsoft.Billing/billingAccounts/createBillingRoleAssignment",
+ "Microsoft.Billing/billingAccounts/signAgreement",
+ "Microsoft.Billing/billingAccounts/previewAgreements",
+ "Microsoft.Billing/billingAccounts/billingProfiles/createBillingRoleAssignment",
+ "Microsoft.Billing/billingAccounts/billingProfiles/invoiceSections/createBillingRoleAssignment",
+ "Microsoft.Billing/billingAccounts/customers/createBillingRoleAssignment",
+ "Microsoft.Billing/billingPermissions",
+ "Microsoft.Billing/billingAccounts/billingRoleDefinitions",
+ "Microsoft.Billing/billingAccounts/billingRoleAssignments",
+ "Microsoft.Billing/billingAccounts/billingPermissions",
+ "Microsoft.Billing/billingAccounts",
+ "Microsoft.Billing/billingAccounts/billingProfilesSummaries",
+ "Microsoft.Billing/billingAccounts/billingProfiles/billingRoleDefinitions",
+ "Microsoft.Billing/billingAccounts/billingProfiles/billingRoleAssignments",
+ "Microsoft.Billing/billingAccounts/billingProfiles/billingPermissions",
+ "Microsoft.Billing/billingAccounts/customers",
+ "Microsoft.Billing/billingAccounts/billingProfiles/customers",
+ "Microsoft.Billing/billingAccounts/billingProfiles/instructions",
+ "Microsoft.Billing/billingAccounts/customers/billingSubscriptions",
+ "Microsoft.Billing/billingAccounts/customers/products",
+ "Microsoft.Billing/billingAccounts/customers/transactions",
+ "Microsoft.Billing/billingAccounts/invoiceSections",
+ "Microsoft.Billing/billingAccounts/billingProfiles/invoiceSections",
+ "Microsoft.Billing/billingAccounts/billingProfiles/invoiceSections/billingRoleDefinitions",
+ "Microsoft.Billing/billingAccounts/billingProfiles/invoiceSections/billingRoleAssignments",
+ "Microsoft.Billing/billingAccounts/billingProfiles/invoiceSections/billingPermissions",
+ "Microsoft.Billing/billingAccounts/customers/billingRoleDefinitions",
+ "Microsoft.Billing/billingAccounts/billingProfiles/customers/billingRoleDefinitions",
+ "Microsoft.Billing/billingAccounts/customers/billingRoleAssignments",
+ "Microsoft.Billing/billingAccounts/billingProfiles/customers/billingRoleAssignments",
+ "Microsoft.Billing/billingAccounts/customers/billingPermissions",
+ "Microsoft.Billing/billingAccounts/billingProfiles/customers/billingPermissions",
+ "Microsoft.Billing/billingAccounts/invoiceSections/elevate",
+ "Microsoft.Billing/billingAccounts/createInvoiceSectionOperations",
+ "Microsoft.Billing/billingAccounts/patchOperations",
+ "Microsoft.Billing/billingAccounts/invoiceSections/patchOperations",
+ "Microsoft.Billing/billingAccounts/invoiceSections/productMoveOperations",
+ "Microsoft.Billing/billingAccounts/invoiceSections/billingSubscriptionMoveOperations",
+ "Microsoft.Billing/billingAccounts/listInvoiceSectionsWithCreateSubscriptionPermission",
+ "Microsoft.Billing/billingAccounts/billingProfiles",
+ "Microsoft.Billing/billingAccounts/BillingProfiles/patchOperations",
+ "Microsoft.Billing/departments",
+ "Microsoft.Billing/billingAccounts/departments",
+ "Microsoft.Billing/billingAccounts/billingProfiles/departments",
+ "Microsoft.Billing/billingAccounts/notificationContacts",
+ "Microsoft.Billing/billingAccounts/billingProfiles/notificationContacts",
+ "Microsoft.Billing/billingAccounts/departments/billingRoleDefinitions",
+ "Microsoft.Billing/billingAccounts/billingProfiles/departments/billingRoleDefinitions",
+ "Microsoft.Billing/billingAccounts/departments/billingRoleAssignments",
+ "Microsoft.Billing/billingAccounts/billingProfiles/departments/billingRoleAssignments",
+ "Microsoft.Billing/billingAccounts/departments/billingPermissions",
+ "Microsoft.Billing/billingAccounts/billingProfiles/departments/billingPermissions",
+ "Microsoft.Billing/billingAccounts/enrollmentAccounts",
+ "Microsoft.Billing/billingAccounts/departments/enrollmentAccounts",
+ "Microsoft.Billing/billingAccounts/billingProfiles/enrollmentAccounts",
+ "Microsoft.Billing/billingAccounts/billingProfiles/departments/enrollmentAccounts",
+ "Microsoft.Billing/billingAccounts/enrollmentAccounts/billingRoleDefinitions",
+ "Microsoft.Billing/billingAccounts/enrollmentAccounts/billingRoleAssignments",
+ "Microsoft.Billing/billingAccounts/enrollmentAccounts/billingPermissions",
+ "Microsoft.Billing/billingAccounts/billingProfiles/enrollmentAccounts/billingPermissions",
+ "Microsoft.Billing/billingAccounts/enrollmentAccounts/billingSubscriptions",
+ "Microsoft.Billing/billingAccounts/departments/billingSubscriptions",
+ "Microsoft.Billing/billingAccounts/billingProfiles/paymentMethods",
+ "Microsoft.Billing/billingAccounts/availableBalance",
+ "Microsoft.Billing/billingAccounts/billingProfiles/availableBalance",
+ "Microsoft.Billing/billingAccounts/invoices",
+ "Microsoft.Billing/billingAccounts/billingProfiles/invoices",
+ "Microsoft.Billing/billingAccounts/transactions",
+ "Microsoft.Billing/billingAccounts/billingProfiles/transactions",
+ "Microsoft.Billing/billingAccounts/invoiceSections/transactions",
+ "Microsoft.Billing/billingAccounts/billingProfiles/invoiceSections/transactions",
+ "Microsoft.Billing/billingAccounts/billingProfiles/invoices/transactions",
+ "Microsoft.Billing/billingAccounts/invoices/transactions",
+ "Microsoft.Billing/billingAccounts/invoices/summary",
+ "Microsoft.Billing/billingAccounts/billingProfiles/validateDeleteBillingProfileEligibility",
+ "Microsoft.Billing/billingAccounts/billingProfiles/invoiceSections/validateDeleteInvoiceSectionEligibility",
+ "Microsoft.Billing/billingAccounts/invoices/transactionSummary",
+ "Microsoft.Billing/billingAccounts/billingSubscriptions",
+ "Microsoft.Billing/billingAccounts/billingSubscriptionAliases",
+ "Microsoft.Billing/billingAccounts/billingSubscriptions/invoices",
+ "Microsoft.Billing/billingAccounts/billingSubscriptions/policies",
+ "Microsoft.Billing/billingAccounts/billingProfiles/billingSubscriptions",
+ "Microsoft.Billing/billingAccounts/billingProfiles/departments/billingSubscriptions",
+ "Microsoft.Billing/billingAccounts/billingProfiles/enrollmentAccounts/billingSubscriptions",
+ "Microsoft.Billing/billingAccounts/invoiceSections/billingSubscriptions",
+ "Microsoft.Billing/billingAccounts/billingProfiles/invoiceSections/billingSubscriptions",
+ "Microsoft.Billing/billingAccounts/invoiceSections/products",
+ "Microsoft.Billing/billingAccounts/billingProfiles/invoiceSections/products",
+ "Microsoft.Billing/billingAccounts/invoiceSections/products/updateAutoRenew",
+ "Microsoft.Billing/billingAccounts/billingProfiles/invoiceSections/products/updateAutoRenew",
+ "Microsoft.Billing/billingAccounts/billingProfiles/products",
+ "Microsoft.Billing/billingAccounts/products",
+ "Microsoft.Billing/operations",
+ "Microsoft.Billing/billingAccounts/invoiceSections/initiateTransfer",
+ "Microsoft.Billing/billingAccounts/billingProfiles/invoiceSections/initiateTransfer",
+ "Microsoft.Billing/billingAccounts/invoiceSections/transfers",
+ "Microsoft.Billing/billingAccounts/billingProfiles/invoiceSections/transfers",
+ "Microsoft.Billing/transfers/acceptTransfer",
+ "Microsoft.Billing/transfers",
+ "Microsoft.Billing/transfers/declineTransfer",
+ "Microsoft.Billing/transfers/validateTransfer",
+ "Microsoft.Billing/billingAccounts/customers/initiateTransfer",
+ "Microsoft.Billing/billingAccounts/customers/transfers",
+ "Microsoft.Billing/billingAccounts/customers/transferSupportedAccounts",
+ "Microsoft.Billing/billingProperty",
+ "Microsoft.Billing/policies",
+ "Microsoft.Billing/billingAccounts/policies",
+ "Microsoft.Billing/billingAccounts/billingProfiles/policies",
+ "Microsoft.Billing/billingAccounts/customers/policies",
+ "Microsoft.Billing/billingAccounts/billingProfiles/invoices/pricesheet",
+ "Microsoft.Billing/billingAccounts/billingProfiles/pricesheet",
+ "Microsoft.Billing/billingAccounts/invoiceSections/billingSubscriptions/transfer",
+ "Microsoft.Billing/billingAccounts/invoiceSections/products/transfer",
+ "Microsoft.Billing/billingAccounts/billingProfiles/invoiceSections/products/transfer",
+ "Microsoft.Billing/billingAccounts/invoiceSections/productTransfersResults",
+ "Microsoft.Billing/billingAccounts/agreements",
+ "Microsoft.Billing/billingAccounts/lineOfCredit",
+ "Microsoft.Billing/billingAccounts/paymentMethods",
+ "Microsoft.Billing/paymentMethods",
+ "Microsoft.Billing/billingAccounts/billingProfiles/paymentMethodLinks",
+ "Microsoft.Billing/billingAccounts/payableOverage",
+ "Microsoft.Billing/billingAccounts/payNow",
+ "Microsoft.Billing/billingAccounts/reservationOrders",
+ "Microsoft.Billing/billingAccounts/reservationOrders/reservations",
+ "Microsoft.Billing/billingAccounts/reservations",
+ "Microsoft.Billing/billingAccounts/billingProfiles/reservations",
+ "Microsoft.Billing/billingAccounts/billingProfiles/validateDetachPaymentMethodEligibility",
+ "Microsoft.Billing/validateAddress",
+ "Microsoft.Billing/promotions",
+ "Microsoft.Billing/promotions/checkeligibility",
+ "Microsoft.Billing/billingAccounts/billingSubscriptions/elevateRole",
+ "Microsoft.Billing/billingAccounts/appliedReservationOrders",
+ "Microsoft.Billing/promotionalCredits",
+ "Microsoft.Billing/billingAccounts/promotionalCredits",
+ "Microsoft.Billing/billingAccounts/savingsPlanOrders/savingsPlans",
+ "Microsoft.Billing/billingAccounts/savingsPlanOrders",
+ "Microsoft.Billing/billingAccounts/savingsPlans",
+ "Microsoft.Billing/billingAccounts/alerts",
+ "Microsoft.Billing/billingAccounts/billingProfiles/alerts",
+ "Microsoft.Billing/billingAccounts/listProductRecommendations",
+ "Microsoft.Billing/billingAccounts/incentiveSchedules",
+ "Microsoft.Billing/billingAccounts/incentiveSchedules/milestones",
+ "Microsoft.Billing/operationStatus",
+ "Microsoft.Billing/transfers/operationStatus",
+ "Microsoft.Billing/operationResults",
+ "Microsoft.Billing/billingAccounts/operationResults",
+ "Microsoft.Billing/billingAccounts/billingProfiles/invoices/operationResults",
+ "Microsoft.Billing/billingAccounts/billingProfiles/pricesheetDownloadOperations",
+ "Microsoft.Billing/billingAccounts/billingSubscriptions/operationResults",
+ "Microsoft.Billing/billingAccounts/billingSubscriptions/invoices/operationResults",
+ "Microsoft.Billing/billingAccounts/enrollmentAccounts/activationStatus",
+ "Microsoft.Billing/billingAccounts/invoices/operationResults",
+ "Microsoft.Billing/promotionalCredits/operationResults",
+ "Microsoft.Billing/billingAccounts/addresses",
+ "Microsoft.BillingBenefits/savingsPlanOrders",
+ "Microsoft.BillingBenefits/savingsPlanOrders/savingsPlans",
+ "Microsoft.BillingBenefits/savingsPlanOrders/return",
+ "Microsoft.BillingBenefits/validate",
+ "Microsoft.BillingBenefits/calculateMigrationCost",
+ "Microsoft.BillingBenefits/operationResults",
+ "Microsoft.BillingBenefits/operations",
+ "Microsoft.BillingBenefits/savingsPlanOrderAliases",
+ "Microsoft.BillingBenefits/reservationOrderAliases",
+ "Microsoft.BillingBenefits/savingsPlans",
+ "Microsoft.BillingBenefits/incentiveSchedules",
+ "Microsoft.BillingBenefits/incentiveSchedules/milestones",
+ "Microsoft.BillingBenefits/maccs",
+ "Microsoft.BillingBenefits/maccs/contributors",
+ "Microsoft.BillingBenefits/listSellerResources",
+ "Microsoft.BillingBenefits/credits",
+ "Microsoft.Bing/locations",
+ "Microsoft.Bing/accounts/skus",
+ "Microsoft.Bing/accounts/usages",
+ "Microsoft.Bing/registeredSubscriptions",
+ "Microsoft.Bing/operations",
+ "Microsoft.Bing/locations/operationStatuses",
+ "Microsoft.Bing/accounts",
+ "Microsoft.BlockchainTokens/Operations",
+ "Microsoft.Capacity/resourceProviders",
+ "Microsoft.Capacity/resourceProviders/locations",
+ "Microsoft.Capacity/resourceProviders/locations/serviceLimits",
+ "Microsoft.Capacity/resourceProviders/locations/serviceLimitsRequests",
+ "Microsoft.Capacity/resources",
+ "Microsoft.Capacity/reservationOrders",
+ "Microsoft.Capacity/reservationOrders/reservations",
+ "Microsoft.Capacity/listbenefits",
+ "Microsoft.Capacity/reservations",
+ "Microsoft.Capacity/reservationOrders/reservations/revisions",
+ "Microsoft.Capacity/operations",
+ "Microsoft.Capacity/catalogs",
+ "Microsoft.Capacity/appliedReservations",
+ "Microsoft.Capacity/checkOffers",
+ "Microsoft.Capacity/checkScopes",
+ "Microsoft.Capacity/calculatePrice",
+ "Microsoft.Capacity/calculateExchange",
+ "Microsoft.Capacity/exchange",
+ "Microsoft.Capacity/reservationOrders/calculateRefund",
+ "Microsoft.Capacity/reservationOrders/return",
+ "Microsoft.Capacity/reservationOrders/split",
+ "Microsoft.Capacity/reservationOrders/merge",
+ "Microsoft.Capacity/reservationOrders/swap",
+ "Microsoft.Capacity/reservationOrders/changeDirectory",
+ "Microsoft.Capacity/validateReservationOrder",
+ "Microsoft.Capacity/reservationOrders/availableScopes",
+ "Microsoft.Capacity/reservationOrders/reservations/availableScopes",
+ "Microsoft.Capacity/commercialReservationOrders",
+ "Microsoft.Capacity/calculatePurchasePrice",
+ "Microsoft.Capacity/placePurchaseOrder",
+ "Microsoft.Capacity/checkPurchaseStatus",
+ "Microsoft.Capacity/ownReservations",
+ "Microsoft.Capacity/operationResults",
+ "Microsoft.Capacity/listSkus",
+ "Microsoft.Capacity/checkBenefitScopes",
+ "Microsoft.Carbon/carbonEmissionReports",
+ "Microsoft.Carbon/queryCarbonEmissionDataAvailableDateRange",
+ "Microsoft.Carbon/operations",
+ "Microsoft.CertificateRegistration/certificateOrders",
+ "Microsoft.CertificateRegistration/certificateOrders/certificates",
+ "Microsoft.CertificateRegistration/validateCertificateRegistrationInformation",
+ "Microsoft.CertificateRegistration/operations",
+ "Microsoft.Certify/operations",
+ "Microsoft.ChangeAnalysis/operations",
+ "Microsoft.ChangeAnalysis/resourceChanges",
+ "Microsoft.ChangeAnalysis/changes",
+ "Microsoft.ChangeAnalysis/changeSnapshots",
+ "Microsoft.ChangeAnalysis/computeChanges",
+ "Microsoft.Chaos/operations",
+ "Microsoft.Chaos/targets",
+ "Microsoft.Chaos/locations",
+ "Microsoft.Chaos/locations/targetTypes",
+ "Microsoft.Chaos/experiments",
+ "Microsoft.Chaos/locations/operationStatuses",
+ "Microsoft.Chaos/locations/operationResults",
+ "Microsoft.Chaos/privateAccesses",
+ "Microsoft.ClassicCompute/domainNames",
+ "Microsoft.ClassicCompute/domainNames/internalLoadBalancers",
+ "Microsoft.ClassicCompute/checkDomainNameAvailability",
+ "Microsoft.ClassicCompute/domainNames/slots",
+ "Microsoft.ClassicCompute/domainNames/slots/roles",
+ "Microsoft.ClassicCompute/domainNames/slots/roles/metricDefinitions",
+ "Microsoft.ClassicCompute/domainNames/slots/roles/metrics",
+ "Microsoft.ClassicCompute/virtualMachines",
+ "Microsoft.ClassicCompute/capabilities",
+ "Microsoft.ClassicCompute/domainNames/capabilities",
+ "Microsoft.ClassicCompute/domainNames/serviceCertificates",
+ "Microsoft.ClassicCompute/quotas",
+ "Microsoft.ClassicCompute/virtualMachines/diagnosticSettings",
+ "Microsoft.ClassicCompute/virtualMachines/metricDefinitions",
+ "Microsoft.ClassicCompute/virtualMachines/metrics",
+ "Microsoft.ClassicCompute/operations",
+ "Microsoft.ClassicCompute/resourceTypes",
+ "Microsoft.ClassicCompute/moveSubscriptionResources",
+ "Microsoft.ClassicCompute/validateSubscriptionMoveAvailability",
+ "Microsoft.ClassicCompute/operationStatuses",
+ "Microsoft.ClassicCompute/operatingSystems",
+ "Microsoft.ClassicCompute/operatingSystemFamilies",
+ "Microsoft.ClassicInfrastructureMigrate/classicInfrastructureResources",
+ "Microsoft.ClassicNetwork/virtualNetworks",
+ "Microsoft.ClassicNetwork/virtualNetworks/virtualNetworkPeerings",
+ "Microsoft.ClassicNetwork/virtualNetworks/remoteVirtualNetworkPeeringProxies",
+ "Microsoft.ClassicNetwork/reservedIps",
+ "Microsoft.ClassicNetwork/quotas",
+ "Microsoft.ClassicNetwork/gatewaySupportedDevices",
+ "Microsoft.ClassicNetwork/operations",
+ "Microsoft.ClassicNetwork/networkSecurityGroups",
+ "Microsoft.ClassicNetwork/capabilities",
+ "Microsoft.ClassicNetwork/expressRouteCrossConnections",
+ "Microsoft.ClassicNetwork/expressRouteCrossConnections/peerings",
+ "Microsoft.ClassicStorage/storageAccounts",
+ "Microsoft.ClassicStorage/quotas",
+ "Microsoft.ClassicStorage/checkStorageAccountAvailability",
+ "Microsoft.ClassicStorage/storageAccounts/services",
+ "Microsoft.ClassicStorage/storageAccounts/services/diagnosticSettings",
+ "Microsoft.ClassicStorage/storageAccounts/services/metricDefinitions",
+ "Microsoft.ClassicStorage/storageAccounts/services/metrics",
+ "Microsoft.ClassicStorage/storageAccounts/metricDefinitions",
+ "Microsoft.ClassicStorage/storageAccounts/metrics",
+ "Microsoft.ClassicStorage/capabilities",
+ "Microsoft.ClassicStorage/storageAccounts/blobServices",
+ "Microsoft.ClassicStorage/storageAccounts/tableServices",
+ "Microsoft.ClassicStorage/storageAccounts/fileServices",
+ "Microsoft.ClassicStorage/storageAccounts/queueServices",
+ "Microsoft.ClassicStorage/disks",
+ "Microsoft.ClassicStorage/images",
+ "Microsoft.ClassicStorage/vmImages",
+ "Microsoft.ClassicStorage/storageAccounts/vmImages",
+ "Microsoft.ClassicStorage/publicImages",
+ "Microsoft.ClassicStorage/osImages",
+ "Microsoft.ClassicStorage/osPlatformImages",
+ "Microsoft.ClassicStorage/operations",
+ "Microsoft.ClassicSubscription/operations",
+ "Microsoft.CleanRoom/Locations",
+ "Microsoft.CleanRoom/Operations",
+ "Microsoft.CleanRoom/Locations/OperationStatuses",
+ "Microsoft.CloudHealth/Locations",
+ "Microsoft.CloudHealth/Locations/operationstatuses",
+ "Microsoft.CloudHealth/Operations",
+ "Microsoft.CloudShell/operations",
+ "Microsoft.CloudTest/accounts",
+ "Microsoft.CloudTest/pools",
+ "Microsoft.CloudTest/hostedpools",
+ "Microsoft.CloudTest/images",
+ "Microsoft.CloudTest/operations",
+ "Microsoft.CloudTest/locations",
+ "Microsoft.CloudTest/locations/operations",
+ "Microsoft.CodeSigning/Locations",
+ "Microsoft.CodeSigning/Locations/OperationStatuses",
+ "Microsoft.CodeSigning/Operations",
+ "Microsoft.CodeSigning/checkNameAvailability",
+ "Microsoft.Commerce/UsageAggregates",
+ "Microsoft.Commerce/RateCard",
+ "Microsoft.Commerce/operations",
+ "Microsoft.Communication/Locations",
+ "Microsoft.Communication/CommunicationServices",
+ "Microsoft.Communication/CommunicationServices/eventGridFilters",
+ "Microsoft.Communication/operations",
+ "Microsoft.Communication/registeredSubscriptions",
+ "Microsoft.Communication/locations/operationStatuses",
+ "Microsoft.Communication/CheckNameAvailability",
+ "Microsoft.Communication/EmailServices",
+ "Microsoft.Communication/EmailServices/Domains",
+ "Microsoft.Communication/EmailServices/Domains/SenderUsernames",
+ "Microsoft.Community/communityTrainings",
+ "Microsoft.Community/Operations",
+ "Microsoft.Community/Locations",
+ "Microsoft.Community/Locations/OperationStatuses",
+ "Microsoft.ComputeSchedule/Locations",
+ "Microsoft.ConfidentialLedger/Locations",
+ "Microsoft.ConfidentialLedger/Ledgers",
+ "Microsoft.ConfidentialLedger/checkNameAvailability",
+ "Microsoft.ConfidentialLedger/Locations/operations",
+ "Microsoft.ConfidentialLedger/Locations/operationstatuses",
+ "Microsoft.ConfidentialLedger/ManagedCCFs",
+ "Microsoft.ConfidentialLedger/operations",
+ "Microsoft.Confluent/operations",
+ "Microsoft.Confluent/locations",
+ "Microsoft.Confluent/locations/OperationStatuses",
+ "Microsoft.Confluent/organizations",
+ "Microsoft.Confluent/checkNameAvailability",
+ "Microsoft.Confluent/agreements",
+ "Microsoft.Confluent/validations",
+ "Microsoft.Confluent/organizations/access",
+ "Microsoft.Confluent/organizations/access/deleteRoleBinding",
+ "Microsoft.Confluent/organizations/environments",
+ "Microsoft.Confluent/organizations/environments/clusters",
+ "Microsoft.Confluent/organizations/environments/schemaRegistryClusters",
+ "Microsoft.Confluent/organizations/environments/clusters/createAPIKey",
+ "Microsoft.Confluent/organizations/apiKeys",
+ "Microsoft.Confluent/organizations/listRegions",
+ "Microsoft.ConnectedCache/cacheNodes",
+ "Microsoft.ConnectedCache/enterpriseCustomers",
+ "Microsoft.ConnectedCache/Operations",
+ "Microsoft.ConnectedCache/locations",
+ "Microsoft.ConnectedCache/locations/operationstatuses",
+ "Microsoft.ConnectedCache/ispCustomers",
+ "Microsoft.ConnectedCache/ispCustomers/ispCacheNodes",
+ "Microsoft.ConnectedCache/enterpriseMccCustomers",
+ "Microsoft.ConnectedCache/enterpriseMccCustomers/enterpriseMccCacheNodes",
+ "Microsoft.ConnectedCache/registeredSubscriptions",
+ "Microsoft.ConnectedCredentials/locations",
+ "Microsoft.ConnectedCredentials/locations/operationstatuses",
+ "Microsoft.ConnectedCredentials/credentials",
+ "Microsoft.ConnectedCredentials/operations",
+ "microsoft.connectedopenstack/operations",
+ "microsoft.connectedopenstack/locations",
+ "microsoft.connectedopenstack/locations/operationStatuses",
+ "Microsoft.ConnectedVehicle/locations",
+ "Microsoft.ConnectedVehicle/operations",
+ "Microsoft.ConnectedVehicle/Locations/OperationStatuses",
+ "Microsoft.ConnectedVehicle/checkNameAvailability",
+ "Microsoft.ConnectedVehicle/registeredSubscriptions",
+ "Microsoft.ConnectedVMwarevSphere/locations",
+ "Microsoft.ConnectedVMwarevSphere/locations/operationstatuses",
+ "Microsoft.ConnectedVMwarevSphere/VCenters",
+ "Microsoft.ConnectedVMwarevSphere/resourcepools",
+ "Microsoft.ConnectedVMwarevSphere/virtualnetworks",
+ "Microsoft.ConnectedVMwarevSphere/virtualmachinetemplates",
+ "Microsoft.ConnectedVMwarevSphere/operations",
+ "Microsoft.ConnectedVMwarevSphere/virtualmachines",
+ "Microsoft.ConnectedVMwarevSphere/vcenters/inventoryitems",
+ "Microsoft.ConnectedVMwarevSphere/virtualmachines/hybrididentitymetadata",
+ "Microsoft.ConnectedVMwarevSphere/virtualmachines/extensions",
+ "Microsoft.ConnectedVMwarevSphere/virtualmachines/guestagents",
+ "Microsoft.ConnectedVMwarevSphere/clusters",
+ "Microsoft.ConnectedVMwarevSphere/datastores",
+ "Microsoft.ConnectedVMwarevSphere/hosts",
+ "Microsoft.ConnectedVMwarevSphere/virtualmachineinstances",
+ "Microsoft.CostManagement/Connectors",
+ "Microsoft.CostManagement/CloudConnectors",
+ "Microsoft.CostManagement/CheckConnectorEligibility",
+ "Microsoft.CostManagement/ExternalBillingAccounts",
+ "Microsoft.CostManagement/ExternalBillingAccounts/Dimensions",
+ "Microsoft.CostManagement/ExternalBillingAccounts/Query",
+ "Microsoft.CostManagement/ExternalSubscriptions/Dimensions",
+ "Microsoft.CostManagement/ExternalSubscriptions/Query",
+ "Microsoft.CostManagement/ExternalSubscriptions",
+ "Microsoft.CostManagement/Forecast",
+ "Microsoft.CostManagement/ExternalSubscriptions/Forecast",
+ "Microsoft.CostManagement/ExternalBillingAccounts/Forecast",
+ "Microsoft.CostManagement/Settings",
+ "Microsoft.CostManagement/operations",
+ "Microsoft.CostManagement/register",
+ "Microsoft.CostManagement/Query",
+ "Microsoft.CostManagement/Dimensions",
+ "Microsoft.CostManagement/Budgets",
+ "Microsoft.CostManagement/ExternalSubscriptions/Alerts",
+ "Microsoft.CostManagement/ExternalBillingAccounts/Alerts",
+ "Microsoft.CostManagement/Alerts",
+ "Microsoft.CostManagement/showbackRules",
+ "Microsoft.CostManagement/costAllocationRules",
+ "Microsoft.CostManagement/Exports",
+ "Microsoft.CostManagement/Reports",
+ "Microsoft.CostManagement/Reportconfigs",
+ "Microsoft.CostManagement/BillingAccounts",
+ "Microsoft.CostManagement/Departments",
+ "Microsoft.CostManagement/EnrollmentAccounts",
+ "Microsoft.CostManagement/Views",
+ "Microsoft.CostManagement/Publish",
+ "Microsoft.CostManagement/ScheduledActions",
+ "Microsoft.CostManagement/CheckNameAvailability",
+ "Microsoft.CostManagement/BenefitUtilizationSummaries",
+ "Microsoft.CostManagement/BenefitRecommendations",
+ "Microsoft.CostManagement/Insights",
+ "Microsoft.CostManagement/fetchPrices",
+ "Microsoft.CostManagement/fetchMicrosoftPrices",
+ "Microsoft.CostManagement/fetchMarketplacePrices",
+ "Microsoft.CostManagement/calculatePrice",
+ "Microsoft.CostManagement/CalculateCost",
+ "Microsoft.CostManagement/GenerateBenefitUtilizationSummariesReport",
+ "Microsoft.CostManagement/BenefitUtilizationSummariesOperationResults",
+ "Microsoft.CostManagement/GenerateReservationDetailsReport",
+ "Microsoft.CostManagement/ReservationDetailsOperationResults",
+ "Microsoft.CostManagement/GenerateDetailedCostReport",
+ "Microsoft.CostManagement/GenerateCostDetailsReport",
+ "Microsoft.CostManagement/CostDetailsOperationResults",
+ "Microsoft.CostManagement/OperationStatus",
+ "Microsoft.CostManagement/OperationResults",
+ "Microsoft.CostManagement/Pricesheets",
+ "Microsoft.CostManagement/MarkupRules",
+ "Microsoft.CostManagement/StartConversation",
+ "Microsoft.CostManagement/SendMessage",
+ "Microsoft.CostManagementExports/Operations",
+ "Microsoft.CustomerLockbox/operations",
+ "Microsoft.CustomerLockbox/TenantOptedIn",
+ "Microsoft.CustomerLockbox/EnableLockbox",
+ "Microsoft.CustomerLockbox/DisableLockbox",
+ "Microsoft.CustomerLockbox/requests",
+ "Microsoft.D365CustomerInsights/instances",
+ "Microsoft.D365CustomerInsights/operations",
+ "Microsoft.Dashboard/locations",
+ "Microsoft.Dashboard/checkNameAvailability",
+ "Microsoft.Dashboard/locations/operationStatuses",
+ "Microsoft.Dashboard/grafana",
+ "Microsoft.Dashboard/operations",
+ "Microsoft.Dashboard/grafana/privateEndpointConnections",
+ "Microsoft.Dashboard/grafana/privateLinkResources",
+ "Microsoft.Dashboard/locations/checkNameAvailability",
+ "Microsoft.Dashboard/grafana/managedPrivateEndpoints",
+ "Microsoft.DatabaseWatcher/locations",
+ "Microsoft.DatabaseWatcher/operations",
+ "Microsoft.DataBox/jobs",
+ "Microsoft.DataBox/locations",
+ "Microsoft.DataBox/locations/validateAddress",
+ "Microsoft.DataBox/locations/checkNameAvailability",
+ "Microsoft.DataBox/locations/operationresults",
+ "Microsoft.DataBox/operations",
+ "Microsoft.DataBox/locations/availableSkus",
+ "Microsoft.DataBox/locations/validateInputs",
+ "Microsoft.DataBox/locations/regionConfiguration",
+ "Microsoft.DataBox/jobs/eventGridFilters",
+ "Microsoft.DataBoxEdge/DataBoxEdgeDevices",
+ "Microsoft.DataBoxEdge/DataBoxEdgeDevices/checkNameAvailability",
+ "Microsoft.DataBoxEdge/operations",
+ "Microsoft.DataBoxEdge/availableSkus",
+ "Microsoft.DataCatalog/catalogs",
+ "Microsoft.DataCatalog/checkNameAvailability",
+ "Microsoft.DataCatalog/operations",
+ "Microsoft.DataCatalog/locations",
+ "Microsoft.DataCatalog/locations/jobs",
+ "Microsoft.Datadog/registeredSubscriptions",
+ "Microsoft.Datadog/locations",
+ "Microsoft.Datadog/locations/operationStatuses",
+ "Microsoft.Datadog/operations",
+ "Microsoft.Datadog/monitors",
+ "Microsoft.Datadog/monitors/tagRules",
+ "Microsoft.Datadog/monitors/listMonitoredResources",
+ "Microsoft.Datadog/monitors/listApiKeys",
+ "Microsoft.Datadog/monitors/getDefaultKey",
+ "Microsoft.Datadog/monitors/setDefaultKey",
+ "Microsoft.Datadog/monitors/singleSignOnConfigurations",
+ "Microsoft.Datadog/monitors/listHosts",
+ "Microsoft.Datadog/monitors/listLinkedResources",
+ "Microsoft.Datadog/monitors/refreshSetPasswordLink",
+ "Microsoft.Datadog/agreements",
+ "Microsoft.Datadog/monitors/monitoredSubscriptions",
+ "Microsoft.Datadog/subscriptionStatuses",
+ "Microsoft.DataFactory/factories",
+ "Microsoft.DataFactory/factories/integrationRuntimes",
+ "Microsoft.DataFactory/factories/privateEndpointConnectionProxies",
+ "Microsoft.DataFactory/CheckNameAvailability",
+ "Microsoft.DataFactory/operations",
+ "Microsoft.DataFactory/locations",
+ "Microsoft.DataFactory/locations/configureFactoryRepo",
+ "Microsoft.DataFactory/locations/getFeatureValue",
+ "Microsoft.DataReplication/replicationVaults",
+ "Microsoft.DataReplication/replicationFabrics",
+ "Microsoft.DataReplication/operations",
+ "Microsoft.DataShare/accounts",
+ "Microsoft.DataShare/accounts/shares",
+ "Microsoft.DataShare/accounts/shares/datasets",
+ "Microsoft.DataShare/accounts/shares/synchronizationSettings",
+ "Microsoft.DataShare/accounts/shares/invitations",
+ "Microsoft.DataShare/accounts/sharesubscriptions",
+ "Microsoft.DataShare/accounts/shares/providersharesubscriptions",
+ "Microsoft.DataShare/accounts/sharesubscriptions/datasetmappings",
+ "Microsoft.DataShare/accounts/sharesubscriptions/triggers",
+ "Microsoft.DataShare/accounts/sharesubscriptions/consumerSourceDataSets",
+ "Microsoft.DataShare/listinvitations",
+ "Microsoft.DataShare/locations",
+ "Microsoft.DataShare/locations/operationResults",
+ "Microsoft.DataShare/locations/registerEmail",
+ "Microsoft.DataShare/locations/activateEmail",
+ "Microsoft.DataShare/locations/rejectInvitation",
+ "Microsoft.DataShare/locations/consumerInvitations",
+ "Microsoft.DataShare/operations",
+ "Microsoft.DelegatedNetwork/operations",
+ "Microsoft.DevAI/Locations",
+ "Microsoft.DevAI/Locations/operationstatuses",
+ "Microsoft.DevAI/instances",
+ "Microsoft.DevAI/instances/experiments",
+ "Microsoft.DevAI/instances/sandboxes",
+ "Microsoft.DevAI/instances/sandboxes/experiments",
+ "Microsoft.DevAI/Operations",
+ "Microsoft.DevAI/registeredSubscriptions",
+ "Microsoft.DevCenter/operations",
+ "Microsoft.DevCenter/Locations",
+ "Microsoft.DevCenter/Locations/OperationStatuses",
+ "Microsoft.DevCenter/devcenters",
+ "Microsoft.DevCenter/devcenters/catalogs",
+ "Microsoft.DevCenter/devcenters/attachednetworks",
+ "Microsoft.DevCenter/devcenters/devboxdefinitions",
+ "Microsoft.DevCenter/devcenters/environmentTypes",
+ "Microsoft.DevCenter/devcenters/galleries",
+ "Microsoft.DevCenter/devcenters/galleries/images/versions",
+ "Microsoft.DevCenter/devcenters/galleries/images",
+ "Microsoft.DevCenter/devcenters/images",
+ "Microsoft.DevCenter/networkconnections",
+ "Microsoft.DevCenter/networkconnections/healthchecks",
+ "Microsoft.DevCenter/projects",
+ "Microsoft.DevCenter/projects/attachednetworks",
+ "Microsoft.DevCenter/projects/environmentTypes",
+ "Microsoft.DevCenter/projects/pools",
+ "Microsoft.DevCenter/projects/pools/schedules",
+ "Microsoft.DevCenter/projects/devboxdefinitions",
+ "Microsoft.DevCenter/projects/allowedEnvironmentTypes",
+ "Microsoft.DevCenter/checkNameAvailability",
+ "Microsoft.DevCenter/networkconnections/outboundNetworkDependenciesEndpoints",
+ "Microsoft.DevCenter/Locations/usages",
+ "Microsoft.DevCenter/devcenters/catalogs/devboxdefinitions",
+ "Microsoft.DevCenter/devcenters/catalogs/environmentDefinitions",
+ "Microsoft.DevCenter/devcenters/catalogs/tasks",
+ "Microsoft.DevCenter/checkScopedNameAvailability",
+ "Microsoft.DevelopmentWindows365/DevelopmentCloudPcDelegatedMsis",
+ "Microsoft.DevHub/operations",
+ "Microsoft.DevHub/workflows",
+ "Microsoft.DevHub/locations",
+ "Microsoft.DevHub/locations/githuboauth",
+ "Microsoft.DevHub/locations/generatePreviewArtifacts",
+ "Microsoft.DeviceRegistry/locations",
+ "Microsoft.DeviceRegistry/operations",
+ "Microsoft.DeviceRegistry/operationStatuses",
+ "Microsoft.DeviceRegistry/locations/operationStatuses",
+ "Microsoft.DeviceRegistry/assets",
+ "Microsoft.DeviceRegistry/assetEndpointProfiles",
+ "Microsoft.DeviceUpdate/locations",
+ "Microsoft.DeviceUpdate/locations/operationStatuses",
+ "Microsoft.DeviceUpdate/operations",
+ "Microsoft.DeviceUpdate/accounts",
+ "Microsoft.DeviceUpdate/accounts/instances",
+ "Microsoft.DeviceUpdate/checkNameAvailability",
+ "Microsoft.DeviceUpdate/registeredSubscriptions",
+ "Microsoft.DeviceUpdate/accounts/privateLinkResources",
+ "Microsoft.DeviceUpdate/accounts/privateEndpointConnections",
+ "Microsoft.DeviceUpdate/accounts/privateEndpointConnectionProxies",
+ "Microsoft.DigitalTwins/locations",
+ "Microsoft.DigitalTwins/locations/checkNameAvailability",
+ "Microsoft.DigitalTwins/digitalTwinsInstances",
+ "Microsoft.DigitalTwins/digitalTwinsInstances/operationResults",
+ "Microsoft.DigitalTwins/locations/operationResults",
+ "Microsoft.DigitalTwins/locations/operationsStatuses",
+ "Microsoft.DigitalTwins/digitalTwinsInstances/endpoints",
+ "Microsoft.DigitalTwins/digitalTwinsInstances/timeSeriesDatabaseConnections",
+ "Microsoft.DigitalTwins/operations",
+ "Microsoft.DomainRegistration/domains",
+ "Microsoft.DomainRegistration/domains/domainOwnershipIdentifiers",
+ "Microsoft.DomainRegistration/topLevelDomains",
+ "Microsoft.DomainRegistration/checkDomainAvailability",
+ "Microsoft.DomainRegistration/listDomainRecommendations",
+ "Microsoft.DomainRegistration/validateDomainRegistrationInformation",
+ "Microsoft.DomainRegistration/generateSsoRequest",
+ "Microsoft.DomainRegistration/operations",
+ "Microsoft.Easm/workspaces",
+ "Microsoft.Easm/workspaces/labels",
+ "Microsoft.Easm/operations",
+ "Microsoft.Easm/workspaces/tasks",
+ "Microsoft.EdgeManagement/locations",
+ "Microsoft.EdgeManagement/operations",
+ "Microsoft.EdgeMarketplace/operations",
+ "Microsoft.EdgeMarketplace/locations",
+ "Microsoft.EdgeMarketplace/locations/operationStatuses",
+ "Microsoft.EdgeMarketplace/publishers",
+ "Microsoft.EdgeMarketplace/offers",
+ "Microsoft.EdgeOrder/addresses",
+ "Microsoft.EdgeOrder/orderItems",
+ "Microsoft.EdgeOrder/orders",
+ "Microsoft.EdgeOrder/locations",
+ "Microsoft.EdgeOrder/locations/orders",
+ "Microsoft.EdgeOrder/listProductFamilies",
+ "Microsoft.EdgeOrder/listConfigurations",
+ "Microsoft.EdgeOrder/productFamiliesMetadata",
+ "Microsoft.EdgeOrder/locations/hciCatalog",
+ "Microsoft.EdgeOrder/locations/hciCatalog/vendors",
+ "Microsoft.EdgeOrder/locations/hciCatalog/platforms",
+ "Microsoft.EdgeOrder/locations/hciCatalog/projects",
+ "Microsoft.EdgeOrder/locations/hciFlightCatalog",
+ "Microsoft.EdgeOrder/locations/hciFlightCatalog/vendors",
+ "Microsoft.EdgeOrder/locations/hciFlightCatalog/platforms",
+ "Microsoft.EdgeOrder/locations/hciFlightCatalog/projects",
+ "Microsoft.EdgeOrder/operations",
+ "Microsoft.EdgeOrder/locations/operationresults",
+ "Microsoft.EdgeOrderPartner/operations",
+ "Microsoft.Elastic/operations",
+ "Microsoft.Elastic/locations",
+ "Microsoft.Elastic/locations/operationStatuses",
+ "Microsoft.Elastic/monitors",
+ "Microsoft.Elastic/monitors/tagRules",
+ "Microsoft.Elastic/checkNameAvailability",
+ "Microsoft.Elastic/elasticVersions",
+ "Microsoft.Elastic/getOrganizationApiKey",
+ "Microsoft.Elastic/getElasticOrganizationToAzureSubscriptionMapping",
+ "Microsoft.ElasticSan/elasticSans",
+ "Microsoft.ElasticSan/elasticSans/volumeGroups",
+ "Microsoft.ElasticSan/operations",
+ "Microsoft.ElasticSan/locations/asyncoperations",
+ "Microsoft.ElasticSan/locations",
+ "Microsoft.EnterpriseSupport/EnterpriseSupports",
+ "Microsoft.EnterpriseSupport/operationStatuses",
+ "Microsoft.EnterpriseSupport/validate",
+ "Microsoft.EnterpriseSupport/Operations",
+ "Microsoft.EntitlementManagement/Operations",
+ "Microsoft.Experimentation/Operations",
+ "Microsoft.ExtendedLocation/locations",
+ "Microsoft.ExtendedLocation/customLocations",
+ "Microsoft.ExtendedLocation/customLocations/enabledResourceTypes",
+ "Microsoft.ExtendedLocation/customLocations/resourceSyncRules",
+ "Microsoft.ExtendedLocation/locations/operationsstatus",
+ "Microsoft.ExtendedLocation/locations/operationresults",
+ "Microsoft.ExtendedLocation/operations",
+ "Microsoft.Fabric/capacities",
+ "Microsoft.Fabric/locations",
+ "Microsoft.Fabric/locations/checkNameAvailability",
+ "Microsoft.Fabric/locations/operationresults",
+ "Microsoft.Fabric/locations/operationstatuses",
+ "Microsoft.Fabric/operations",
+ "Microsoft.Falcon/namespaces",
+ "Microsoft.Features/features",
+ "Microsoft.Features/providers",
+ "Microsoft.Features/featureProviders",
+ "Microsoft.Features/subscriptionFeatureRegistrations",
+ "Microsoft.Features/featureProviderNamespaces",
+ "Microsoft.Features/featureConfigurations",
+ "Microsoft.Features/operations",
+ "Microsoft.FluidRelay/fluidRelayServers",
+ "Microsoft.FluidRelay/Operations",
+ "Microsoft.FluidRelay/fluidRelayServers/fluidRelayContainers",
+ "Microsoft.FluidRelay/Locations",
+ "Microsoft.FluidRelay/Locations/OperationStatuses",
+ "Microsoft.GraphServices/accounts",
+ "Microsoft.GraphServices/Operations",
+ "Microsoft.GraphServices/RegisteredSubscriptions",
+ "Microsoft.GraphServices/Locations",
+ "Microsoft.GraphServices/Locations/OperationStatuses",
+ "Microsoft.HanaOnAzure/hanaInstances",
+ "Microsoft.HanaOnAzure/locations/operationsStatus",
+ "Microsoft.HanaOnAzure/locations",
+ "Microsoft.HanaOnAzure/locations/operations",
+ "Microsoft.HanaOnAzure/operations",
+ "Microsoft.HardwareSecurityModules/cloudHsmClusters",
+ "Microsoft.HardwareSecurityModules/locations",
+ "Microsoft.HardwareSecurityModules/operations",
+ "Microsoft.HealthBot/Operations",
+ "Microsoft.HealthBot/Locations",
+ "Microsoft.HealthBot/Locations/OperationStatuses",
+ "Microsoft.HealthBot/healthBots",
+ "Microsoft.HealthDataAIServices/locations",
+ "Microsoft.HealthDataAIServices/locations/operationStatuses",
+ "Microsoft.HealthDataAIServices/Operations",
+ "Microsoft.HealthModel/Operations",
+ "Microsoft.Help/operations",
+ "Microsoft.Help/operationResults",
+ "Microsoft.Help/discoverySolutions",
+ "Microsoft.Help/discoverSolutions",
+ "Microsoft.Help/diagnostics",
+ "Microsoft.Help/checkNameAvailability",
+ "Microsoft.Help/solutions",
+ "Microsoft.Help/troubleshooters",
+ "Microsoft.Help/SelfHelp",
+ "Microsoft.HybridCloud/cloudConnectors",
+ "Microsoft.HybridCloud/cloudConnections",
+ "Microsoft.HybridCompute/machines",
+ "Microsoft.HybridCompute/machines/hybridIdentityMetadata",
+ "Microsoft.HybridCompute/machines/privateLinkScopes",
+ "Microsoft.HybridCompute/machines/extensions",
+ "Microsoft.HybridCompute/locations",
+ "Microsoft.HybridCompute/locations/publishers",
+ "Microsoft.HybridCompute/locations/publishers/extensionTypes",
+ "Microsoft.HybridCompute/locations/publishers/extensionTypes/versions",
+ "Microsoft.HybridCompute/locations/operationStatus",
+ "Microsoft.HybridCompute/locations/operationResults",
+ "Microsoft.HybridCompute/operations",
+ "Microsoft.HybridCompute/machines/assessPatches",
+ "Microsoft.HybridCompute/machines/installPatches",
+ "Microsoft.HybridCompute/locations/updateCenterOperationResults",
+ "Microsoft.HybridCompute/privateLinkScopes",
+ "Microsoft.HybridCompute/privateLinkScopes/privateEndpointConnections",
+ "Microsoft.HybridCompute/privateLinkScopes/privateEndpointConnectionProxies",
+ "Microsoft.HybridCompute/locations/privateLinkScopes",
+ "Microsoft.HybridCompute/osType",
+ "Microsoft.HybridCompute/osType/agentVersions",
+ "Microsoft.HybridCompute/osType/agentVersions/latest",
+ "Microsoft.HybridCompute/machines/runcommands",
+ "Microsoft.HybridCompute/machines/licenseProfiles",
+ "Microsoft.HybridCompute/licenses",
+ "Microsoft.HybridCompute/validateLicense",
+ "Microsoft.HybridCompute/networkConfigurations",
+ "Microsoft.HybridCompute/privateLinkScopes/networkSecurityPerimeterConfigurations",
+ "Microsoft.HybridCompute/privateLinkScopes/networkSecurityPerimeterAssociationProxies",
+ "Microsoft.HybridCompute/locations/notifyNetworkSecurityPerimeterUpdatesAvailable",
+ "Microsoft.HybridCompute/locations/notifyExtension",
+ "Microsoft.HybridConnectivity/endpoints",
+ "Microsoft.HybridConnectivity/Operations",
+ "Microsoft.HybridConnectivity/Locations",
+ "Microsoft.HybridConnectivity/Locations/OperationStatuses",
+ "Microsoft.HybridContainerService/Locations",
+ "Microsoft.HybridContainerService/Locations/operationStatuses",
+ "Microsoft.HybridContainerService/provisionedClusters",
+ "Microsoft.HybridContainerService/provisionedClusters/hybridIdentityMetadata",
+ "Microsoft.HybridContainerService/provisionedClusters/agentPools",
+ "Microsoft.HybridContainerService/virtualNetworks",
+ "Microsoft.HybridContainerService/Operations",
+ "Microsoft.HybridContainerService/provisionedClusters/upgradeProfiles",
+ "Microsoft.HybridContainerService/kubernetesVersions",
+ "Microsoft.HybridContainerService/skus",
+ "Microsoft.HybridContainerService/provisionedClusterInstances",
+ "Microsoft.HybridNetwork/Operations",
+ "Microsoft.HybridNetwork/Locations",
+ "Microsoft.HybridNetwork/Locations/OperationStatuses",
+ "Microsoft.HybridNetwork/devices",
+ "Microsoft.HybridNetwork/networkfunctions",
+ "Microsoft.HybridNetwork/networkFunctionVendors",
+ "Microsoft.HybridNetwork/networkFunctions/components",
+ "Microsoft.HybridNetwork/sites",
+ "Microsoft.HybridNetwork/siteNetworkServices",
+ "Microsoft.HybridNetwork/configurationGroupValues",
+ "Microsoft.HybridNetwork/publishers",
+ "Microsoft.HybridNetwork/publishers/networkFunctionDefinitionGroups",
+ "Microsoft.HybridNetwork/publishers/networkFunctionDefinitionGroups/networkFunctionDefinitionVersions",
+ "Microsoft.HybridNetwork/publishers/artifactStores",
+ "Microsoft.HybridNetwork/publishers/artifactStores/artifactManifests",
+ "Microsoft.HybridNetwork/publishers/artifactstores/artifacts",
+ "Microsoft.HybridNetwork/publishers/artifactstores/artifactversions",
+ "Microsoft.Impact/Operations",
+ "Microsoft.IntegrationSpaces/Spaces",
+ "Microsoft.IntegrationSpaces/Spaces/InfrastructureResources",
+ "Microsoft.IntegrationSpaces/Spaces/Applications",
+ "Microsoft.IntegrationSpaces/Spaces/applications/resources",
+ "Microsoft.IntegrationSpaces/Spaces/applications/BusinessProcesses",
+ "Microsoft.IntegrationSpaces/Spaces/applications/BusinessProcesses/versions",
+ "Microsoft.IntegrationSpaces/locations",
+ "Microsoft.IntegrationSpaces/locations/OperationStatuses",
+ "Microsoft.IntegrationSpaces/operations",
+ "Microsoft.IoTCentral/IoTApps",
+ "Microsoft.IoTCentral/checkNameAvailability",
+ "Microsoft.IoTCentral/checkSubdomainAvailability",
+ "Microsoft.IoTCentral/operations",
+ "Microsoft.IoTCentral/locations",
+ "Microsoft.IoTCentral/locations/operationResults",
+ "Microsoft.IoTCentral/appTemplates",
+ "Microsoft.IoTFirmwareDefense/operations",
+ "Microsoft.IoTFirmwareDefense/workspaces",
+ "Microsoft.IoTFirmwareDefense/workspaces/firmwares",
+ "Microsoft.IoTFirmwareDefense/workspaces/firmwares/sbomComponents",
+ "Microsoft.IoTFirmwareDefense/workspaces/firmwares/binaryHardeningResults",
+ "Microsoft.IoTFirmwareDefense/workspaces/firmwares/cryptoCertificates",
+ "Microsoft.IoTFirmwareDefense/workspaces/firmwares/cryptoKeys",
+ "Microsoft.IoTFirmwareDefense/workspaces/firmwares/passwordHashes",
+ "Microsoft.IoTFirmwareDefense/workspaces/firmwares/cves",
+ "Microsoft.IoTFirmwareDefense/workspaces/firmwares/summaries",
+ "Microsoft.IoTFirmwareDefense/locations",
+ "Microsoft.IoTFirmwareDefense/locations/operationStatuses",
+ "Microsoft.IoTOperationsDataProcessor/locations",
+ "Microsoft.IoTOperationsDataProcessor/locations/operationStatuses",
+ "Microsoft.IoTOperationsDataProcessor/instances",
+ "Microsoft.IoTOperationsDataProcessor/instances/datasets",
+ "Microsoft.IoTOperationsDataProcessor/instances/pipelines",
+ "Microsoft.IoTOperationsDataProcessor/operations",
+ "Microsoft.IoTOperationsMQ/Locations",
+ "Microsoft.IoTOperationsMQ/Operations",
+ "Microsoft.IoTOperationsMQ/Locations/OperationStatuses",
+ "Microsoft.IoTOperationsMQ/mq",
+ "Microsoft.IoTOperationsMQ/mq/broker",
+ "Microsoft.IoTOperationsMQ/mq/broker/authentication",
+ "Microsoft.IoTOperationsMQ/mq/broker/authorization",
+ "Microsoft.IoTOperationsMQ/mq/broker/listener",
+ "Microsoft.IoTOperationsMQ/mq/dataLakeConnector",
+ "Microsoft.IoTOperationsMQ/mq/dataLakeConnector/topicMap",
+ "Microsoft.IoTOperationsMQ/mq/diagnosticService",
+ "Microsoft.IoTOperationsMQ/mq/kafkaConnector",
+ "Microsoft.IoTOperationsMQ/mq/kafkaConnector/topicMap",
+ "Microsoft.IoTOperationsMQ/mq/mqttBridgeConnector",
+ "Microsoft.IoTOperationsMQ/mq/mqttBridgeConnector/topicMap",
+ "Microsoft.IoTOperationsOrchestrator/locations",
+ "Microsoft.IoTOperationsOrchestrator/locations/operationStatuses",
+ "Microsoft.IoTOperationsOrchestrator/targets",
+ "Microsoft.IoTOperationsOrchestrator/solutions",
+ "Microsoft.IoTOperationsOrchestrator/instances",
+ "Microsoft.IoTOperationsOrchestrator/operations",
+ "Microsoft.IoTSecurity/Operations",
+ "Microsoft.IoTSecurity/defenderSettings",
+ "Microsoft.IoTSecurity/locations",
+ "Microsoft.IoTSecurity/locations/deviceGroups",
+ "Microsoft.IoTSecurity/locations/deviceGroups/devices",
+ "Microsoft.IoTSecurity/locations/endpoints",
+ "Microsoft.IoTSecurity/locations/deviceGroups/vulnerabilities",
+ "Microsoft.IoTSecurity/locations/deviceGroups/alerts",
+ "Microsoft.IoTSecurity/locations/deviceGroups/alerts/pcaps",
+ "Microsoft.IoTSecurity/locations/deviceGroups/alerts/learn",
+ "Microsoft.IoTSecurity/locations/deviceGroups/recommendations",
+ "Microsoft.IoTSecurity/locations/sites",
+ "Microsoft.IoTSecurity/locations/sites/sensors",
+ "Microsoft.IoTSecurity/sites",
+ "Microsoft.IoTSecurity/sensors",
+ "Microsoft.IoTSecurity/onPremiseSensors",
+ "Microsoft.IoTSecurity/alertTypes",
+ "Microsoft.IoTSecurity/recommendationTypes",
+ "Microsoft.IoTSecurity/licenseSkus",
+ "Microsoft.Kubernetes/connectedClusters",
+ "Microsoft.Kubernetes/locations",
+ "Microsoft.Kubernetes/locations/operationStatuses",
+ "Microsoft.Kubernetes/registeredSubscriptions",
+ "Microsoft.Kubernetes/Operations",
+ "Microsoft.KubernetesConfiguration/sourceControlConfigurations",
+ "Microsoft.KubernetesConfiguration/extensions",
+ "Microsoft.KubernetesConfiguration/fluxConfigurations",
+ "Microsoft.KubernetesConfiguration/operations",
+ "Microsoft.KubernetesConfiguration/extensionTypes",
+ "Microsoft.KubernetesConfiguration/locations/extensionTypes",
+ "Microsoft.KubernetesConfiguration/locations/extensionTypes/versions",
+ "Microsoft.KubernetesConfiguration/privateLinkScopes",
+ "Microsoft.KubernetesConfiguration/privateLinkScopes/privateEndpointConnections",
+ "Microsoft.KubernetesConfiguration/privateLinkScopes/privateEndpointConnectionProxies",
+ "Microsoft.KubernetesRuntime/storageClasses",
+ "Microsoft.KubernetesRuntime/loadBalancers",
+ "Microsoft.KubernetesRuntime/bgpPeers",
+ "Microsoft.KubernetesRuntime/operations",
+ "Microsoft.KubernetesRuntime/locations",
+ "Microsoft.KubernetesRuntime/locations/operationStatuses",
+ "Microsoft.KubernetesRuntime/services",
+ "Microsoft.LabServices/labplans",
+ "Microsoft.LabServices/labs",
+ "Microsoft.LabServices/labaccounts",
+ "Microsoft.LabServices/locations/operationResults",
+ "Microsoft.LabServices/locations/operations",
+ "Microsoft.LabServices/operations",
+ "Microsoft.LabServices/users",
+ "Microsoft.LabServices/locations",
+ "Microsoft.LabServices/locations/usages",
+ "Microsoft.LoadTestService/operations",
+ "Microsoft.LoadTestService/checkNameAvailability",
+ "Microsoft.LoadTestService/loadtests",
+ "Microsoft.LoadTestService/Locations",
+ "Microsoft.LoadTestService/Locations/OperationStatuses",
+ "Microsoft.LoadTestService/registeredSubscriptions",
+ "Microsoft.LoadTestService/loadtests/outboundNetworkDependenciesEndpoints",
+ "Microsoft.LoadTestService/Locations/Quotas",
+ "Microsoft.Logz/operations",
+ "Microsoft.Logz/locations",
+ "Microsoft.Logz/registeredSubscriptions",
+ "Microsoft.Logz/locations/operationStatuses",
+ "Microsoft.Logz/monitors",
+ "Microsoft.Logz/monitors/tagRules",
+ "Microsoft.Logz/monitors/singleSignOnConfigurations",
+ "Microsoft.Logz/monitors/accounts",
+ "Microsoft.Logz/monitors/accounts/tagRules",
+ "Microsoft.MachineLearning/Workspaces",
+ "Microsoft.MachineLearning/webServices",
+ "Microsoft.MachineLearning/operations",
+ "Microsoft.MachineLearning/locations",
+ "Microsoft.MachineLearning/locations/operations",
+ "Microsoft.MachineLearning/locations/operationsStatus",
+ "Microsoft.MachineLearning/commitmentPlans",
+ "Microsoft.ManagedNetworkFabric/Operations",
+ "Microsoft.ManagedNetworkFabric/NetworkFabricControllers",
+ "Microsoft.ManagedNetworkFabric/Locations",
+ "Microsoft.ManagedNetworkFabric/Locations/OperationStatuses",
+ "Microsoft.ManagedNetworkFabric/NetworkFabrics",
+ "Microsoft.ManagedNetworkFabric/NetworkRacks",
+ "Microsoft.ManagedNetworkFabric/NetworkDevices",
+ "Microsoft.ManagedNetworkFabric/NetworkDevices/NetworkInterfaces",
+ "Microsoft.ManagedNetworkFabric/L2IsolationDomains",
+ "Microsoft.ManagedNetworkFabric/L3IsolationDomains",
+ "Microsoft.ManagedNetworkFabric/accesscontrollists",
+ "Microsoft.ManagedNetworkFabric/RoutePolicies",
+ "Microsoft.ManagedNetworkFabric/L3IsolationDomains/externalNetworks",
+ "Microsoft.ManagedNetworkFabric/L3IsolationDomains/internalNetworks",
+ "Microsoft.ManagedNetworkFabric/NetworkFabrics/NetworkToNetworkInterconnects",
+ "Microsoft.ManagedNetworkFabric/IpExtendedCommunities",
+ "Microsoft.ManagedNetworkFabric/IpCommunities",
+ "Microsoft.ManagedNetworkFabric/IpPrefixes",
+ "Microsoft.ManagedNetworkFabric/InternetGateways",
+ "Microsoft.ManagedNetworkFabric/internetgatewayrules",
+ "Microsoft.ManagedNetworkFabric/networkpacketbrokers",
+ "Microsoft.ManagedNetworkFabric/networktaps",
+ "Microsoft.ManagedNetworkFabric/networktaprules",
+ "Microsoft.ManagedNetworkFabric/neighborgroups",
+ "Microsoft.ManufacturingPlatform/locations",
+ "Microsoft.ManufacturingPlatform/operations",
+ "Microsoft.Marketplace/register",
+ "Microsoft.Marketplace/privategalleryitems",
+ "Microsoft.Marketplace/products",
+ "Microsoft.Marketplace/offers",
+ "Microsoft.Marketplace/macc",
+ "Microsoft.Marketplace/offerTypes",
+ "Microsoft.Marketplace/offerTypes/publishers",
+ "Microsoft.Marketplace/offerTypes/publishers/offers",
+ "Microsoft.Marketplace/offerTypes/publishers/offers/plans",
+ "Microsoft.Marketplace/offerTypes/publishers/offers/plans/configs",
+ "Microsoft.Marketplace/offerTypes/publishers/offers/plans/configs/importImage",
+ "Microsoft.Marketplace/offerTypes/publishers/offers/plans/agreements",
+ "Microsoft.Marketplace/operations",
+ "Microsoft.Marketplace/listAvailableOffers",
+ "Microsoft.Marketplace/publishers",
+ "Microsoft.Marketplace/publishers/offers",
+ "Microsoft.Marketplace/publishers/offers/amendments",
+ "Microsoft.Marketplace/privateStoreClient",
+ "Microsoft.Marketplace/privateStores",
+ "Microsoft.Marketplace/privateStores/offers",
+ "Microsoft.Marketplace/search",
+ "Microsoft.Marketplace/privateStores/requestApprovals/query",
+ "Microsoft.Marketplace/privateStores/requestApprovals/withdrawPlan",
+ "Microsoft.Marketplace/privateStores/RequestApprovals",
+ "Microsoft.Marketplace/privateStores/queryNotificationsState",
+ "Microsoft.Marketplace/privateStores/fetchAllSubscriptionsInTenant",
+ "Microsoft.Marketplace/privateStores/listNewPlansNotifications",
+ "Microsoft.Marketplace/privateStores/listStopSellOffersPlansNotifications",
+ "Microsoft.Marketplace/privateStores/listSubscriptionsContext",
+ "Microsoft.Marketplace/privateStores/offers/acknowledgeNotification",
+ "Microsoft.Marketplace/privateStores/AdminRequestApprovals",
+ "Microsoft.Marketplace/privateStores/collections",
+ "Microsoft.Marketplace/privateStores/collections/approveAllItems",
+ "Microsoft.Marketplace/privateStores/collections/disableApproveAllItems",
+ "Microsoft.Marketplace/privateStores/collections/offers",
+ "Microsoft.Marketplace/privateStores/collections/mapOffersToContexts",
+ "Microsoft.Marketplace/privateStores/collections/queryRules",
+ "Microsoft.Marketplace/privateStores/collections/setRules",
+ "Microsoft.Marketplace/privateStores/collections/offers/upsertOfferWithMultiContext",
+ "Microsoft.Marketplace/privateStores/bulkCollectionsAction",
+ "Microsoft.Marketplace/privateStores/collections/transferOffers",
+ "Microsoft.Marketplace/privateStores/anyExistingOffersInTheCollections",
+ "Microsoft.Marketplace/privateStores/queryOffers",
+ "Microsoft.Marketplace/privateStores/queryUserOffers",
+ "Microsoft.Marketplace/privateStores/queryUserRules",
+ "Microsoft.Marketplace/privateStores/collectionsToSubscriptionsMapping",
+ "Microsoft.Marketplace/privateStores/billingAccounts",
+ "Microsoft.Marketplace/privateStores/queryApprovedPlans",
+ "Microsoft.Marketplace/locations",
+ "Microsoft.Marketplace/locations/edgeZones",
+ "Microsoft.Marketplace/locations/edgeZones/products",
+ "Microsoft.Marketplace/mysolutions",
+ "Microsoft.Marketplace/products/reviews",
+ "Microsoft.Marketplace/products/reviews/comments",
+ "Microsoft.Marketplace/products/reviews/helpful",
+ "Microsoft.Marketplace/products/usermetadata",
+ "Microsoft.MarketplaceOrdering/agreements",
+ "Microsoft.MarketplaceOrdering/operations",
+ "Microsoft.MarketplaceOrdering/offertypes",
+ "Microsoft.Migrate/migrateprojects",
+ "Microsoft.Migrate/assessmentProjects",
+ "Microsoft.Migrate/moveCollections",
+ "Microsoft.Migrate/operations",
+ "Microsoft.Migrate/locations",
+ "Microsoft.Migrate/locations/rmsOperationResults",
+ "Microsoft.Migrate/modernizeProjects",
+ "Microsoft.Mission/Locations",
+ "Microsoft.Mission/Locations/OperationStatuses",
+ "Microsoft.Mission/Operations",
+ "Microsoft.Mission/virtualEnclaves/endpoints",
+ "Microsoft.Mission/checkNameAvailability",
+ "Microsoft.MobileNetwork/Locations",
+ "Microsoft.MobileNetwork/Locations/OperationStatuses",
+ "Microsoft.MobileNetwork/Operations",
+ "Microsoft.MobileNetwork/packetCoreControlPlaneVersions",
+ "Microsoft.MobilePacketCore/Locations",
+ "Microsoft.MobilePacketCore/Locations/OperationStatuses",
+ "Microsoft.MobilePacketCore/Operations",
+ "Microsoft.ModSimWorkbench/Locations/operationStatuses",
+ "Microsoft.ModSimWorkbench/Locations",
+ "Microsoft.ModSimWorkbench/Operations",
+ "Microsoft.Monitor/operations",
+ "Microsoft.Monitor/accounts",
+ "Microsoft.Monitor/locations/locationOperationStatuses",
+ "Microsoft.Monitor/locations/operationResults",
+ "Microsoft.Monitor/locations",
+ "Microsoft.Monitor/locations/operationStatuses",
+ "Microsoft.MySQLDiscovery/locations",
+ "Microsoft.MySQLDiscovery/locations/operationStatuses",
+ "Microsoft.MySQLDiscovery/MySQLSites",
+ "Microsoft.MySQLDiscovery/MySQLSites/MySQLServers",
+ "Microsoft.MySQLDiscovery/MySQLSites/Refresh",
+ "Microsoft.MySQLDiscovery/MySQLSites/Summaries",
+ "Microsoft.MySQLDiscovery/MySQLSites/ErrorSummaries",
+ "Microsoft.MySQLDiscovery/operations",
+ "Microsoft.NetApp/netAppAccounts",
+ "Microsoft.NetApp/netAppAccounts/snapshotPolicies",
+ "Microsoft.NetApp/netAppAccounts/volumeGroups",
+ "Microsoft.NetApp/netAppAccounts/capacityPools",
+ "Microsoft.NetApp/netAppAccounts/capacityPools/volumes",
+ "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/mountTargets",
+ "Microsoft.NetApp/netAppAccounts/capacityPools/volumes/snapshots",
+ "Microsoft.NetApp/locations",
+ "Microsoft.NetApp/locations/checkNameAvailability",
+ "Microsoft.NetApp/locations/checkFilePathAvailability",
+ "Microsoft.NetApp/operations",
+ "Microsoft.NetApp/locations/checkQuotaAvailability",
+ "Microsoft.NetApp/locations/queryNetworkSiblingSet",
+ "Microsoft.NetApp/locations/updateNetworkSiblingSet",
+ "Microsoft.NetApp/locations/regionInfo",
+ "Microsoft.NetApp/locations/regionInfos",
+ "Microsoft.NetApp/locations/QuotaLimits",
+ "Microsoft.NetApp/locations/CheckInventory",
+ "Microsoft.NetApp/locations/operationResults",
+ "Microsoft.NetworkAnalytics/Locations",
+ "Microsoft.NetworkAnalytics/Locations/OperationStatuses",
+ "Microsoft.NetworkAnalytics/Operations",
+ "Microsoft.NetworkAnalytics/registeredSubscriptions",
+ "Microsoft.NetworkCloud/locations",
+ "Microsoft.NetworkCloud/locations/operationStatuses",
+ "Microsoft.NetworkCloud/clusterManagers",
+ "Microsoft.NetworkCloud/racks",
+ "Microsoft.NetworkCloud/clusters",
+ "Microsoft.NetworkCloud/bareMetalMachines",
+ "Microsoft.NetworkCloud/virtualMachines",
+ "Microsoft.NetworkCloud/operations",
+ "Microsoft.NetworkCloud/rackSkus",
+ "Microsoft.NetworkCloud/cloudServicesNetworks",
+ "Microsoft.NetworkCloud/l2Networks",
+ "Microsoft.NetworkCloud/storageAppliances",
+ "Microsoft.NetworkCloud/trunkedNetworks",
+ "Microsoft.NetworkCloud/l3Networks",
+ "Microsoft.NetworkCloud/clusters/metricsConfigurations",
+ "Microsoft.NetworkCloud/virtualMachines/consoles",
+ "Microsoft.NetworkCloud/clusters/bareMetalMachineKeySets",
+ "Microsoft.NetworkCloud/clusters/bmcKeySets",
+ "Microsoft.NetworkCloud/volumes",
+ "Microsoft.NetworkCloud/registeredSubscriptions",
+ "Microsoft.NetworkCloud/kubernetesClusters",
+ "Microsoft.NetworkCloud/kubernetesClusters/agentPools",
+ "Microsoft.NetworkFunction/azureTrafficCollectors",
+ "Microsoft.NetworkFunction/azureTrafficCollectors/collectorPolicies",
+ "Microsoft.NetworkFunction/meshVpns",
+ "Microsoft.NetworkFunction/meshVpns/connectionPolicies",
+ "Microsoft.NetworkFunction/meshVpns/privateEndpointConnections",
+ "Microsoft.NetworkFunction/meshVpns/privateEndpointConnectionProxies",
+ "Microsoft.NetworkFunction/operations",
+ "Microsoft.NetworkFunction/locations",
+ "Microsoft.NetworkFunction/locations/nfvOperations",
+ "Microsoft.NetworkFunction/locations/nfvOperationResults",
+ "Microsoft.Nutanix/operations",
+ "Microsoft.Nutanix/locations",
+ "Microsoft.ObjectStore/osNamespaces",
+ "Microsoft.OffAzure/VMwareSites",
+ "Microsoft.OffAzure/HyperVSites",
+ "Microsoft.OffAzure/ServerSites",
+ "Microsoft.OffAzure/ImportSites",
+ "Microsoft.OffAzure/MasterSites",
+ "Microsoft.OffAzure/locations",
+ "Microsoft.OffAzure/locations/operationResults",
+ "Microsoft.OffAzure/operations",
+ "Microsoft.OffAzureSpringBoot/locations",
+ "Microsoft.OffAzureSpringBoot/locations/operationStatuses",
+ "Microsoft.OffAzureSpringBoot/springbootsites",
+ "Microsoft.OffAzureSpringBoot/springbootsites/springbootservers",
+ "Microsoft.OffAzureSpringBoot/springbootsites/springbootapps",
+ "Microsoft.OffAzureSpringBoot/operations",
+ "Microsoft.OffAzureSpringBoot/springbootsites/summaries",
+ "Microsoft.OffAzureSpringBoot/springbootsites/errorsummaries",
+ "Microsoft.OpenEnergyPlatform/Locations",
+ "Microsoft.OpenEnergyPlatform/Locations/OperationStatuses",
+ "Microsoft.OpenEnergyPlatform/energyservices",
+ "Microsoft.OpenEnergyPlatform/checkNameAvailability",
+ "Microsoft.OpenEnergyPlatform/Operations",
+ "Microsoft.OpenEnergyPlatform/energyservices/privateEndpointConnections",
+ "Microsoft.OpenEnergyPlatform/energyservices/privateLinkResources",
+ "Microsoft.OpenEnergyPlatform/energyservices/privateEndpointConnectionProxies",
+ "Microsoft.OperatorVoicemail/Operations",
+ "Microsoft.OperatorVoicemail/Locations",
+ "Microsoft.OperatorVoicemail/Locations/OperationStatuses",
+ "Microsoft.OperatorVoicemail/Locations/checkNameAvailability",
+ "Microsoft.OracleDiscovery/locations",
+ "Microsoft.OracleDiscovery/locations/operationStatuses",
+ "Microsoft.OracleDiscovery/oraclesites",
+ "Microsoft.OracleDiscovery/oraclesites/oracleservers",
+ "Microsoft.OracleDiscovery/oraclesites/oracledatabases",
+ "Microsoft.OracleDiscovery/oraclesites/summaries",
+ "Microsoft.OracleDiscovery/oraclesites/errorSummaries",
+ "Microsoft.OracleDiscovery/operations",
+ "Microsoft.Orbital/availableGroundStations",
+ "Microsoft.Orbital/contactProfiles",
+ "Microsoft.Orbital/spacecrafts",
+ "Microsoft.Orbital/spacecrafts/contacts",
+ "Microsoft.Orbital/groundStations",
+ "Microsoft.Orbital/globalCommunicationsSites",
+ "Microsoft.Orbital/l2Connections",
+ "Microsoft.Orbital/edgeSites",
+ "Microsoft.Orbital/operations",
+ "Microsoft.Orbital/locations",
+ "Microsoft.Orbital/locations/operationResults",
+ "Microsoft.Orbital/locations/operationStatuses",
+ "Microsoft.PartnerManagedConsumerRecurrence/recurrences",
+ "Microsoft.PartnerManagedConsumerRecurrence/operations",
+ "Microsoft.PartnerManagedConsumerRecurrence/checkEligibility",
+ "Microsoft.PartnerManagedConsumerRecurrence/operationStatuses",
+ "Microsoft.Peering/peerings",
+ "Microsoft.Peering/peeringLocations",
+ "Microsoft.Peering/legacyPeerings",
+ "Microsoft.Peering/peerAsns",
+ "Microsoft.Peering/peeringServices",
+ "Microsoft.Peering/peeringServiceCountries",
+ "Microsoft.Peering/peeringServiceLocations",
+ "Microsoft.Peering/peeringServiceProviders",
+ "Microsoft.Peering/checkServiceProviderAvailability",
+ "Microsoft.Peering/lookingGlass",
+ "Microsoft.Peering/cdnPeeringPrefixes",
+ "Microsoft.Peering/operations",
+ "Microsoft.Pki/Operations",
+ "Microsoft.Portal/dashboards",
+ "Microsoft.Portal/tenantconfigurations",
+ "Microsoft.Portal/listTenantConfigurationViolations",
+ "Microsoft.Portal/operations",
+ "Microsoft.Portal/locations",
+ "Microsoft.Portal/consoles",
+ "Microsoft.Portal/locations/consoles",
+ "Microsoft.Portal/userSettings",
+ "Microsoft.Portal/locations/userSettings",
+ "Microsoft.PowerBI/workspaceCollections",
+ "Microsoft.PowerBI/locations",
+ "Microsoft.PowerBI/locations/checkNameAvailability",
+ "Microsoft.PowerBI/privateLinkServicesForPowerBI",
+ "Microsoft.PowerBI/privateLinkServicesForPowerBI/operationResults",
+ "Microsoft.PowerBI/operations",
+ "Microsoft.PowerPlatform/operations",
+ "Microsoft.PowerPlatform/enterprisePolicies",
+ "Microsoft.PowerPlatform/accounts",
+ "Microsoft.PowerPlatform/locations",
+ "Microsoft.PowerPlatform/locations/deleteVirtualNetworkOrSubnets",
+ "Microsoft.PowerPlatform/locations/validateDeleteVirtualNetworkOrSubnets",
+ "Microsoft.ProfessionalService/checkNameAvailability",
+ "Microsoft.ProfessionalService/eligibilityCheck",
+ "Microsoft.ProfessionalService/operationResults",
+ "Microsoft.ProfessionalService/operations",
+ "Microsoft.ProfessionalService/resources",
+ "Microsoft.ProgrammableConnectivity/operations",
+ "Microsoft.ProgrammableConnectivity/locations",
+ "Microsoft.ProgrammableConnectivity/locations/operationStatuses",
+ "Microsoft.ProgrammableConnectivity/gateways",
+ "Microsoft.ProgrammableConnectivity/openApiGateways",
+ "Microsoft.ProgrammableConnectivity/openApiGatewayOfferings",
+ "Microsoft.ProgrammableConnectivity/OperatorOfferings",
+ "Microsoft.ProgrammableConnectivity/OperatorConnections",
+ "Microsoft.ProgrammableConnectivity/operatorApiPlans",
+ "Microsoft.ProgrammableConnectivity/operatorApiConnections",
+ "Microsoft.ProviderHub/providerRegistrations",
+ "Microsoft.ProviderHub/operationStatuses",
+ "Microsoft.ProviderHub/providerRegistrations/resourceTypeRegistrations",
+ "Microsoft.ProviderHub/providerRegistrations/defaultRollouts",
+ "Microsoft.ProviderHub/providerRegistrations/customRollouts",
+ "Microsoft.ProviderHub/providerRegistrations/checkinmanifest",
+ "Microsoft.ProviderHub/providerRegistrations/resourceActions",
+ "Microsoft.ProviderHub/availableAccounts",
+ "Microsoft.ProviderHub/providerRegistrations/authorizedApplications",
+ "Microsoft.Purview/accounts",
+ "Microsoft.Purview/accounts/kafkaConfigurations",
+ "Microsoft.Purview/operations",
+ "Microsoft.Purview/setDefaultAccount",
+ "Microsoft.Purview/removeDefaultAccount",
+ "Microsoft.Purview/getDefaultAccount",
+ "Microsoft.Purview/checkNameAvailability",
+ "Microsoft.Purview/locations",
+ "Microsoft.Purview/locations/operationResults",
+ "Microsoft.Purview/locations/listFeatures",
+ "Microsoft.Purview/locations/usages",
+ "Microsoft.Purview/policies",
+ "Microsoft.Quantum/Workspaces",
+ "Microsoft.Quantum/Operations",
+ "Microsoft.Quantum/Locations",
+ "Microsoft.Quantum/Locations/OperationStatuses",
+ "Microsoft.Quantum/locations/offerings",
+ "Microsoft.Quantum/Locations/CheckNameAvailability",
+ "Microsoft.Quota/usages",
+ "Microsoft.Quota/quotas",
+ "Microsoft.Quota/quotaRequests",
+ "Microsoft.Quota/operationsStatus",
+ "Microsoft.Quota/operations",
+ "Microsoft.Quota/groupQuotas",
+ "Microsoft.Quota/groupQuotas/groupQuotaLimits",
+ "Microsoft.Quota/groupQuotas/subscriptions",
+ "Microsoft.Quota/groupQuotas/groupQuotaRequests",
+ "Microsoft.Quota/groupQuotas/quotaAllocations",
+ "Microsoft.Quota/groupQuotas/quotaAllocationRequests",
+ "Microsoft.Quota/groupQuotas/groupQuotaOperationsStatus",
+ "Microsoft.Quota/groupQuotas/subscriptionRequests",
+ "Microsoft.Quota/groupQuotas/quotaAllocationOperationsStatus",
+ "Microsoft.RecommendationsService/locations",
+ "Microsoft.RecommendationsService/locations/operationStatuses",
+ "Microsoft.RecommendationsService/accounts",
+ "Microsoft.RecommendationsService/accounts/modeling",
+ "Microsoft.RecommendationsService/accounts/serviceEndpoints",
+ "Microsoft.RecommendationsService/operations",
+ "Microsoft.RecommendationsService/checkNameAvailability",
+ "Microsoft.RedHatOpenShift/locations",
+ "Microsoft.RedHatOpenShift/locations/operationresults",
+ "Microsoft.RedHatOpenShift/locations/operationsstatus",
+ "Microsoft.RedHatOpenShift/OpenShiftClusters",
+ "Microsoft.RedHatOpenShift/operations",
+ "Microsoft.RedHatOpenShift/locations/openshiftversions",
+ "Microsoft.ResourceConnector/locations",
+ "Microsoft.ResourceConnector/appliances",
+ "Microsoft.ResourceConnector/locations/operationsstatus",
+ "Microsoft.ResourceConnector/locations/operationresults",
+ "Microsoft.ResourceConnector/operations",
+ "Microsoft.ResourceConnector/telemetryconfig",
+ "Microsoft.ResourceGraph/resources",
+ "Microsoft.ResourceGraph/resourcesHistory",
+ "Microsoft.ResourceGraph/resourceChanges",
+ "Microsoft.ResourceGraph/resourceChangeDetails",
+ "Microsoft.ResourceGraph/operations",
+ "Microsoft.ResourceGraph/subscriptionsStatus",
+ "Microsoft.ResourceGraph/queries",
+ "Microsoft.ResourceGraph/generateQuery",
+ "Microsoft.ResourceNotifications/eventGridFilters",
+ "Microsoft.ResourceNotifications/operations",
+ "Microsoft.Resources/deploymentScripts",
+ "Microsoft.Resources/deploymentScripts/logs",
+ "Microsoft.Resources/locations/deploymentScriptOperationResults",
+ "Microsoft.Resources/templateSpecs",
+ "Microsoft.Resources/templateSpecs/versions",
+ "Microsoft.Resources/builtInTemplateSpecs",
+ "Microsoft.Resources/builtInTemplateSpecs/versions",
+ "Microsoft.Resources/deploymentStacks",
+ "Microsoft.Resources/locations/deploymentStackOperationStatus",
+ "Microsoft.Resources/mobobrokers",
+ "Microsoft.Resources/tenants",
+ "Microsoft.Resources/locations",
+ "Microsoft.Resources/operationresults",
+ "Microsoft.Resources/notifyResourceJobs",
+ "Microsoft.Resources/tags",
+ "Microsoft.Resources/checkPolicyCompliance",
+ "Microsoft.Resources/providers",
+ "Microsoft.Resources/checkresourcename",
+ "Microsoft.Resources/calculateTemplateHash",
+ "Microsoft.Resources/resources",
+ "Microsoft.Resources/subscriptions",
+ "Microsoft.Resources/subscriptions/resources",
+ "Microsoft.Resources/subscriptions/providers",
+ "Microsoft.Resources/subscriptions/operationresults",
+ "Microsoft.Resources/resourceGroups",
+ "Microsoft.Resources/subscriptions/resourceGroups",
+ "Microsoft.Resources/subscriptions/resourcegroups/resources",
+ "Microsoft.Resources/subscriptions/locations",
+ "Microsoft.Resources/subscriptions/tagnames",
+ "Microsoft.Resources/subscriptions/tagNames/tagValues",
+ "Microsoft.Resources/deployments",
+ "Microsoft.Resources/deployments/operations",
+ "Microsoft.Resources/validateResources",
+ "Microsoft.Resources/links",
+ "Microsoft.Resources/operations",
+ "Microsoft.Resources/bulkDelete",
+ "Microsoft.Resources/changes",
+ "Microsoft.Resources/snapshots",
+ "Microsoft.Resources/dataBoundaries",
+ "Microsoft.Resources/deploymentStacks/snapshots",
+ "Microsoft.Resources/checkZonePeers",
+ "Microsoft.SaaS/applications",
+ "Microsoft.SaaS/checknameavailability",
+ "Microsoft.SaaS/saasresources",
+ "Microsoft.SaaS/operationResults",
+ "Microsoft.SaaS/operations",
+ "Microsoft.SaaS/resources",
+ "Microsoft.SaaSHub/operationStatuses",
+ "Microsoft.SaaSHub/cloudServices",
+ "Microsoft.SaaSHub/operations",
+ "Microsoft.SaaSHub/registeredSubscriptions",
+ "Microsoft.SaaSHub/checkNameAvailability",
+ "Microsoft.SaaSHub/canCreate",
+ "Microsoft.SaaSHub/locations",
+ "Microsoft.SaaSHub/locations/operationStatuses",
+ "Microsoft.Scom/locations/operationStatuses",
+ "Microsoft.Scom/operations",
+ "Microsoft.Scom/locations",
+ "Microsoft.Scom/managedInstances",
+ "Microsoft.Scom/managedInstances/monitoredResources",
+ "Microsoft.Scom/managedInstances/managedGateways",
+ "Microsoft.ScVmm/locations",
+ "Microsoft.ScVmm/Locations/OperationStatuses",
+ "Microsoft.ScVmm/operations",
+ "Microsoft.ScVmm/VMMServers",
+ "Microsoft.ScVmm/Clouds",
+ "Microsoft.ScVmm/VirtualNetworks",
+ "Microsoft.ScVmm/VirtualMachineTemplates",
+ "Microsoft.ScVmm/VirtualMachines",
+ "Microsoft.ScVmm/AvailabilitySets",
+ "Microsoft.ScVmm/VMMServers/InventoryItems",
+ "Microsoft.ScVmm/VirtualMachines/HybridIdentityMetadata",
+ "Microsoft.ScVmm/VirtualMachines/GuestAgents",
+ "Microsoft.ScVmm/VirtualMachines/Extensions",
+ "Microsoft.ScVmm/VirtualMachineInstances",
+ "Microsoft.SecurityDetonation/chambers",
+ "Microsoft.SecurityDetonation/operations",
+ "Microsoft.SecurityDetonation/operationResults",
+ "Microsoft.SecurityDetonation/checkNameAvailability",
+ "Microsoft.SecurityDevOps/Locations",
+ "Microsoft.SecurityDevOps/Locations/OperationStatuses",
+ "Microsoft.SecurityDevOps/gitHubConnectors",
+ "Microsoft.SecurityDevOps/azureDevOpsConnectors",
+ "Microsoft.SecurityDevOps/azureDevOpsConnectors/orgs",
+ "Microsoft.SecurityDevOps/gitHubConnectors/owners",
+ "Microsoft.SecurityDevOps/azureDevOpsConnectors/orgs/projects",
+ "Microsoft.SecurityDevOps/gitHubConnectors/owners/repos",
+ "Microsoft.SecurityDevOps/azureDevOpsConnectors/orgs/projects/repos",
+ "Microsoft.SecurityDevOps/Operations",
+ "Microsoft.SecurityDevOps/gitHubConnectors/stats",
+ "Microsoft.SecurityDevOps/gitHubConnectors/repos",
+ "Microsoft.SecurityDevOps/azureDevOpsConnectors/stats",
+ "Microsoft.SecurityDevOps/azureDevOpsConnectors/repos",
+ "Microsoft.SecurityDevOps/gitLabConnectors",
+ "Microsoft.SecurityDevOps/gitHubConnectors/gitHubInstallations",
+ "Microsoft.SecurityDevOps/gitHubConnectors/gitHubInstallations/gitHubRepositories",
+ "Microsoft.SecurityDevOps/gitLabConnectors/groups",
+ "Microsoft.SecurityDevOps/gitLabConnectors/projects",
+ "Microsoft.SecurityDevOps/gitLabConnectors/stats",
+ "Microsoft.SecurityDevOps/gitLabConnectors/groups/projects",
+ "Microsoft.SerialConsole/consoleServices",
+ "Microsoft.SerialConsole/serialPorts",
+ "Microsoft.SerialConsole/locations",
+ "Microsoft.SerialConsole/locations/consoleServices",
+ "Microsoft.SerialConsole/operations",
+ "Microsoft.ServiceNetworking/trafficControllers",
+ "Microsoft.ServiceNetworking/trafficControllers/frontends",
+ "Microsoft.ServiceNetworking/trafficControllers/associations",
+ "Microsoft.ServiceNetworking/operations",
+ "Microsoft.ServiceNetworking/locations",
+ "Microsoft.ServiceNetworking/locations/operations",
+ "Microsoft.ServiceNetworking/locations/operationResults",
+ "Microsoft.ServicesHub/connectors",
+ "Microsoft.ServicesHub/workspaces",
+ "Microsoft.ServicesHub/supportOfferingEntitlement",
+ "Microsoft.ServicesHub/operations",
+ "Microsoft.ServicesHub/getRecommendationsContent",
+ "Microsoft.ServicesHub/connectors/connectorSpaces",
+ "Microsoft.SignalRService/SignalR",
+ "Microsoft.SignalRService/WebPubSub",
+ "Microsoft.SignalRService/SignalR/replicas",
+ "Microsoft.SignalRService/WebPubSub/replicas",
+ "Microsoft.SignalRService/locations",
+ "Microsoft.SignalRService/locations/operationResults",
+ "Microsoft.SignalRService/locations/operationStatuses",
+ "Microsoft.SignalRService/operations",
+ "Microsoft.SignalRService/locations/checkNameAvailability",
+ "Microsoft.SignalRService/locations/usages",
+ "Microsoft.SignalRService/SignalR/eventGridFilters",
+ "Microsoft.Singularity/accounts",
+ "Microsoft.Singularity/accounts/storageContainers",
+ "Microsoft.Singularity/accounts/networks",
+ "Microsoft.Singularity/accounts/secrets",
+ "Microsoft.Singularity/accounts/accountQuotaPolicies",
+ "Microsoft.Singularity/accounts/groupPolicies",
+ "Microsoft.Singularity/accounts/jobs",
+ "Microsoft.Singularity/accounts/models",
+ "Microsoft.Singularity/locations",
+ "Microsoft.Singularity/locations/instanceTypeSeries",
+ "Microsoft.Singularity/locations/instanceTypeSeries/instanceTypes",
+ "Microsoft.Singularity/locations/operationResults",
+ "Microsoft.Singularity/locations/operationStatus",
+ "Microsoft.Singularity/operations",
+ "Microsoft.Singularity/images",
+ "Microsoft.Singularity/quotas",
+ "Microsoft.SoftwarePlan/hybridUseBenefits",
+ "Microsoft.SoftwarePlan/operations",
+ "Microsoft.Solutions/applications",
+ "Microsoft.Solutions/applicationDefinitions",
+ "Microsoft.Solutions/locations",
+ "Microsoft.Solutions/jitRequests",
+ "Microsoft.Solutions/locations/operationstatuses",
+ "Microsoft.Solutions/Operations",
+ "Microsoft.Sovereign/Locations",
+ "Microsoft.Sovereign/Locations/OperationStatuses",
+ "Microsoft.Sovereign/landingZoneConfigurations",
+ "Microsoft.Sovereign/landingZoneRegistrations",
+ "Microsoft.Sovereign/Operations",
+ "Microsoft.Sovereign/checkNameAvailability",
+ "Microsoft.SqlVirtualMachine/SqlVirtualMachineGroups",
+ "Microsoft.SqlVirtualMachine/SqlVirtualMachines",
+ "Microsoft.SqlVirtualMachine/SqlVirtualMachineGroups/AvailabilityGroupListeners",
+ "Microsoft.SqlVirtualMachine/operations",
+ "Microsoft.SqlVirtualMachine/Locations",
+ "Microsoft.SqlVirtualMachine/Locations/OperationTypes",
+ "Microsoft.SqlVirtualMachine/Locations/sqlVirtualMachineOperationResults",
+ "Microsoft.SqlVirtualMachine/Locations/sqlVirtualMachineGroupOperationResults",
+ "Microsoft.SqlVirtualMachine/Locations/availabilityGroupListenerOperationResults",
+ "Microsoft.SqlVirtualMachine/Locations/registerSqlVmCandidate",
+ "Microsoft.StandbyPool/Locations",
+ "Microsoft.StandbyPool/Locations/OperationStatuses",
+ "Microsoft.StandbyPool/Operations",
+ "Microsoft.StorageActions/storageTasks",
+ "Microsoft.StorageActions/operations",
+ "Microsoft.StorageActions/locations/asyncoperations",
+ "Microsoft.StorageActions/locations/previewActions",
+ "Microsoft.StorageActions/locations",
+ "Microsoft.StorageCache/caches",
+ "Microsoft.StorageCache/caches/storageTargets",
+ "Microsoft.StorageCache/amlFilesystems",
+ "Microsoft.StorageCache/operations",
+ "Microsoft.StorageCache/usageModels",
+ "Microsoft.StorageCache/checkAmlFSSubnets",
+ "Microsoft.StorageCache/getRequiredAmlFSSubnetsSize",
+ "Microsoft.StorageCache/locations",
+ "Microsoft.StorageCache/locations/ascoperations",
+ "Microsoft.StorageCache/locations/usages",
+ "Microsoft.StorageMover/storageMovers",
+ "Microsoft.StorageMover/storageMovers/projects",
+ "Microsoft.StorageMover/storageMovers/agents",
+ "Microsoft.StorageMover/storageMovers/endpoints",
+ "Microsoft.StorageMover/storageMovers/projects/jobDefinitions",
+ "Microsoft.StorageMover/operations",
+ "Microsoft.StorageMover/storageMovers/projects/jobDefinitions/jobRuns",
+ "Microsoft.StorageMover/locations",
+ "Microsoft.StorageMover/locations/operationStatuses",
+ "Microsoft.StorageSync/storageSyncServices",
+ "Microsoft.StorageSync/storageSyncServices/syncGroups",
+ "Microsoft.StorageSync/storageSyncServices/syncGroups/cloudEndpoints",
+ "Microsoft.StorageSync/storageSyncServices/syncGroups/serverEndpoints",
+ "Microsoft.StorageSync/storageSyncServices/registeredServers",
+ "Microsoft.StorageSync/storageSyncServices/workflows",
+ "Microsoft.StorageSync/operations",
+ "Microsoft.StorageSync/locations",
+ "Microsoft.StorageSync/locations/checkNameAvailability",
+ "Microsoft.StorageSync/locations/workflows",
+ "Microsoft.StorageSync/locations/operations",
+ "Microsoft.StorageSync/locations/operationResults",
+ "Microsoft.StorageTasks/locations",
+ "Microsoft.Subscription/SubscriptionDefinitions",
+ "Microsoft.Subscription/SubscriptionOperations",
+ "Microsoft.Subscription/CreateSubscription",
+ "Microsoft.Subscription/operations",
+ "Microsoft.Subscription/cancel",
+ "Microsoft.Subscription/validateCancel",
+ "Microsoft.Subscription/rename",
+ "Microsoft.Subscription/enable",
+ "Microsoft.Subscription/subscriptions",
+ "Microsoft.Subscription/aliases",
+ "Microsoft.Subscription/operationResults",
+ "Microsoft.Subscription/acceptChangeTenant",
+ "Microsoft.Subscription/changeTenantStatus",
+ "Microsoft.Subscription/changeTenantRequest",
+ "Microsoft.Subscription/policies",
+ "Microsoft.Subscription/acceptOwnership",
+ "Microsoft.Subscription/acceptOwnershipStatus",
+ // Not supported in Mooncake
+ /*
+ "microsoft.support/operations",
+ "microsoft.support/checkNameAvailability",
+ "microsoft.support/classifyServices",
+ "microsoft.support/services",
+ "microsoft.support/services/problemclassifications",
+ "microsoft.support/supporttickets",
+ "microsoft.support/supporttickets/communications",
+ "microsoft.support/operationresults",
+ "microsoft.support/operationsstatus",
+ "microsoft.support/lookUpResourceId",
+ "microsoft.support/fileWorkspaces",
+ "microsoft.support/fileWorkspaces/files",
+ */
+ "Microsoft.Synapse/workspaces",
+ "Microsoft.Synapse/workspaces/bigDataPools",
+ "Microsoft.Synapse/workspaces/sqlPools",
+ "Microsoft.Synapse/workspaces/sqlDatabases",
+ "Microsoft.Synapse/locations/sqlDatabaseAzureAsyncOperation",
+ "Microsoft.Synapse/locations/sqlDatabaseOperationResults",
+ "Microsoft.Synapse/workspaces/kustoPools",
+ "Microsoft.Synapse/locations/kustoPoolOperationResults",
+ "Microsoft.Synapse/locations/kustoPoolCheckNameAvailability",
+ "Microsoft.Synapse/workspaces/kustoPools/databases",
+ "Microsoft.Synapse/workspaces/kustoPools/attacheddatabaseconfigurations",
+ "Microsoft.Synapse/workspaces/kustoPools/databases/dataconnections",
+ "Microsoft.Synapse/locations/sqlPoolAzureAsyncOperation",
+ "Microsoft.Synapse/locations/sqlPoolOperationResults",
+ "Microsoft.Synapse/workspaces/operationStatuses",
+ "Microsoft.Synapse/workspaces/operationResults",
+ "Microsoft.Synapse/checkNameAvailability",
+ "Microsoft.Synapse/operations",
+ "Microsoft.Synapse/kustoOperations",
+ "Microsoft.Synapse/privateLinkHubs",
+ "Microsoft.Synapse/locations",
+ "Microsoft.Synapse/locations/operationResults",
+ "Microsoft.Synapse/locations/operationStatuses",
+ "Microsoft.Synapse/locations/usages",
+ "Microsoft.Synapse/workspaces/usages",
+ "Microsoft.Syntex/documentProcessors",
+ "Microsoft.Syntex/operations",
+ "Microsoft.Syntex/accounts",
+ "Microsoft.Syntex/Locations",
+ "Microsoft.Syntex/Locations/OperationStatuses",
+ "Microsoft.TestBase/locations",
+ "Microsoft.TestBase/locations/operationstatuses",
+ "Microsoft.TestBase/skus",
+ "Microsoft.TestBase/operations",
+ "Microsoft.TestBase/testBaseAccounts",
+ "Microsoft.TestBase/testBaseAccounts/usages",
+ "Microsoft.TestBase/testBaseAccounts/availableOSs",
+ "Microsoft.TestBase/testBaseAccounts/testTypes",
+ "Microsoft.TestBase/testBaseAccounts/flightingRings",
+ "Microsoft.TestBase/testBaseAccounts/packages",
+ "Microsoft.TestBase/testBaseAccounts/packages/osUpdates",
+ "Microsoft.TestBase/testBaseAccounts/testSummaries",
+ "Microsoft.TestBase/testBaseAccounts/packages/favoriteProcesses",
+ "Microsoft.TestBase/testBaseAccounts/packages/testResults",
+ "Microsoft.TestBase/testBaseAccounts/packages/testResults/analysisResults",
+ "Microsoft.TestBase/testBaseAccounts/emailEvents",
+ "Microsoft.TestBase/testBaseAccounts/customerEvents",
+ "Microsoft.TestBase/testBaseAccounts/featureUpdateSupportedOses",
+ "Microsoft.TestBase/testBaseAccounts/availableInplaceUpgradeOSs",
+ "Microsoft.TestBase/testBaseAccounts/firstPartyApps",
+ "Microsoft.TestBase/testBaseAccounts/draftPackages",
+ "Microsoft.TestBase/testBaseAccounts/actionRequests",
+ "Microsoft.TestBase/testBaseAccounts/testConfigurations",
+ "Microsoft.TestBase/testBaseAccounts/availableVMConfigurationTypes",
+ "Microsoft.TestBase/testBaseAccounts/customImages",
+ "Microsoft.TestBase/testBaseAccounts/vhds",
+ "Microsoft.TestBase/testBaseAccounts/imageDefinitions",
+ "Microsoft.TestBase/testBaseAccounts/galleryApps",
+ "Microsoft.TestBase/testBaseAccounts/galleryApps/galleryAppSkus",
+ "Microsoft.TestBase/testBaseAccounts/chatSessions",
+ "Microsoft.TestBase/testBaseAccounts/freeHourBalances",
+ "Microsoft.TestBase/testBaseAccounts/credentials",
+ "Microsoft.TestBase/testBaseAccounts/testConfigurations/testResults",
+ "Microsoft.UsageBilling/operations",
+ "Microsoft.VideoIndexer/operations",
+ "Microsoft.VideoIndexer/locations",
+ "Microsoft.VideoIndexer/locations/operationstatuses",
+ "Microsoft.VideoIndexer/accounts",
+ "Microsoft.VideoIndexer/checknameavailability",
+ "Microsoft.VideoIndexer/locations/userclassicaccounts",
+ "Microsoft.VideoIndexer/locations/classicaccounts",
+ "Microsoft.VirtualMachineImages/imageTemplates",
+ "Microsoft.VirtualMachineImages/imageTemplates/runOutputs",
+ "Microsoft.VirtualMachineImages/imageTemplates/triggers",
+ "Microsoft.VirtualMachineImages/locations",
+ "Microsoft.VirtualMachineImages/locations/operations",
+ "Microsoft.VirtualMachineImages/operations",
+ "microsoft.visualstudio/account",
+ "microsoft.visualstudio/operations",
+ "microsoft.visualstudio/account/extension",
+ "microsoft.visualstudio/checkNameAvailability",
+ "Microsoft.VMware/Locations",
+ "Microsoft.VMware/Locations/OperationStatuses",
+ "Microsoft.VMware/Operations",
+ "Microsoft.VMware/VCenters/InventoryItems",
+ "Microsoft.VoiceServices/Operations",
+ "Microsoft.VoiceServices/locations",
+ "Microsoft.VoiceServices/locations/checkNameAvailability",
+ "Microsoft.VoiceServices/registeredSubscriptions",
+ "Microsoft.VSOnline/accounts",
+ "Microsoft.VSOnline/plans",
+ "Microsoft.VSOnline/operations",
+ "Microsoft.VSOnline/registeredSubscriptions",
+ "Microsoft.WindowsIoT/DeviceServices",
+ "Microsoft.WindowsIoT/operations",
+ "Microsoft.WindowsPushNotificationServices/checkNameAvailability",
+ "Microsoft.WorkloadBuilder/Locations",
+ "Microsoft.WorkloadBuilder/Locations/OperationStatuses",
+ "Microsoft.WorkloadBuilder/Operations",
+ "Microsoft.Workloads/Locations",
+ "Microsoft.Workloads/Locations/OperationStatuses",
+ "Microsoft.Workloads/sapVirtualInstances",
+ "Microsoft.Workloads/sapVirtualInstances/applicationInstances",
+ "Microsoft.Workloads/sapVirtualInstances/centralInstances",
+ "Microsoft.Workloads/sapVirtualInstances/databaseInstances",
+ "Microsoft.Workloads/Operations",
+ "Microsoft.Workloads/monitors",
+ "Microsoft.Workloads/monitors/providerInstances",
+ "Microsoft.Workloads/Locations/sapVirtualInstanceMetadata",
+ "Microsoft.Workloads/connectors",
+ "Microsoft.Workloads/connectors/acssBackups",
+ "Microsoft.Workloads/monitors/sapLandscapeMonitor",
+ "NewRelic.Observability/operations",
+ "NewRelic.Observability/registeredSubscriptions",
+ "NewRelic.Observability/locations",
+ "NewRelic.Observability/locations/operationStatuses",
+ "NewRelic.Observability/monitors",
+ "NewRelic.Observability/monitors/tagRules",
+ "NewRelic.Observability/checkNameAvailability",
+ "NewRelic.Observability/accounts",
+ "NewRelic.Observability/plans",
+ "NewRelic.Observability/organizations",
+ "NewRelic.Observability/monitors/monitoredSubscriptions",
+ "NGINX.NGINXPLUS/operations",
+ "NGINX.NGINXPLUS/locations",
+ "NGINX.NGINXPLUS/locations/operationStatuses",
+ "NGINX.NGINXPLUS/nginxDeployments/configurations",
+ "NGINX.NGINXPLUS/nginxDeployments",
+ "NGINX.NGINXPLUS/nginxDeployments/certificates",
+ "Oracle.Database/Locations",
+ "Oracle.Database/Locations/OperationStatuses",
+ "Oracle.Database/Operations",
+ "PaloAltoNetworks.Cloudngfw/operations",
+ "PaloAltoNetworks.Cloudngfw/locations",
+ "PaloAltoNetworks.Cloudngfw/registeredSubscriptions",
+ "PaloAltoNetworks.Cloudngfw/checkNameAvailability",
+ "PaloAltoNetworks.Cloudngfw/Locations/operationStatuses",
+ "PaloAltoNetworks.Cloudngfw/firewalls",
+ "PaloAltoNetworks.Cloudngfw/localRulestacks",
+ "PaloAltoNetworks.Cloudngfw/globalRulestacks",
+ "PaloAltoNetworks.Cloudngfw/localRulestacks/localRules",
+ "PaloAltoNetworks.Cloudngfw/localRulestacks/fqdnlists",
+ "PaloAltoNetworks.Cloudngfw/globalRulestacks/fqdnlists",
+ "PaloAltoNetworks.Cloudngfw/globalRulestacks/preRules",
+ "PaloAltoNetworks.Cloudngfw/globalRulestacks/postRules",
+ "PaloAltoNetworks.Cloudngfw/globalRulestacks/prefixlists",
+ "PaloAltoNetworks.Cloudngfw/localRulestacks/prefixlists",
+ "PaloAltoNetworks.Cloudngfw/globalRulestacks/certificates",
+ "PaloAltoNetworks.Cloudngfw/localRulestacks/certificates",
+ "PaloAltoNetworks.Cloudngfw/firewalls/statuses",
+ "PureStorage.Block/operations",
+ "PureStorage.Block/locations",
+ "PureStorage.Block/checkNameAvailability",
+ "PureStorage.Block/locations/operationStatuses",
+ "Qumulo.Storage/registeredSubscriptions",
+ "Qumulo.Storage/locations",
+ "Qumulo.Storage/locations/operationStatuses",
+ "Qumulo.Storage/checkNameAvailability",
+ "Qumulo.Storage/operations",
+ "Qumulo.Storage/fileSystems",
+ "SolarWinds.Observability/operations",
+ "SolarWinds.Observability/registeredSubscriptions",
+ "SolarWinds.Observability/locations",
+ "SolarWinds.Observability/locations/operationStatuses",
+ "SolarWinds.Observability/checkNameAvailability",
+ "SplitIO.Experimentation/operations",
+ "SplitIO.Experimentation/locations",
+ "SplitIO.Experimentation/locations/operationStatuses",
+ "SplitIO.Experimentation/checkNameAvailability",
+ "Wandisco.Fusion/Locations",
+ "Wandisco.Fusion/Locations/operationStatuses",
+ "Wandisco.Fusion/registeredSubscriptions",
+ "Wandisco.Fusion/Operations",
+ "Wandisco.Fusion/migrators",
+ "Wandisco.Fusion/migrators/targets",
+ "Wandisco.Fusion/migrators/liveDataMigrations",
+ "Wandisco.Fusion/migrators/exclusionTemplates",
+ "Wandisco.Fusion/migrators/metadataMigrations",
+ "Wandisco.Fusion/migrators/metadataTargets",
+ "Wandisco.Fusion/migrators/pathMappings",
+ "Wandisco.Fusion/migrators/dataTransferAgents",
+ "Wandisco.Fusion/migrators/verifications"
+ ]
+
+ },
+ "resources": [
+ {
+ "condition": "[not(contains(variables('knownPolicyInitativeDefinitionIdsThatRequireParamaeters'), parameters('policySetDefinitionId')))]",
+ "type": "Microsoft.Authorization/policyAssignments",
+ "apiVersion": "2022-06-01",
+ "name": "[parameters('policyAssignmentName')]",
+ "location": "[deployment().location]",
+ "identity": {
+ "type": "SystemAssigned"
+ },
+ "properties": {
+ "description": "[parameters('policySetDefinitionDescription')]",
+ "displayName": "[parameters('policySetDefinitionDisplayName')]",
+ "policyDefinitionId": "[parameters('policySetDefinitionId')]",
+ "enforcementMode": "[parameters('enforcementMode')]"
+ }
+ },
+ {
+ // [Preview]: Australian Government ISM PROTECTED
+ "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/27272c0b-c225-4cc3-b8b0-f2534b093077')]",
+ "type": "Microsoft.Authorization/policyAssignments",
+ "apiVersion": "2022-06-01",
+ "name": "[parameters('policyAssignmentName')]",
+ "location": "[deployment().location]",
+ "identity": {
+ "type": "SystemAssigned"
+ },
+ "properties": {
+ "description": "[parameters('policySetDefinitionDescription')]",
+ "displayName": "[parameters('policySetDefinitionDisplayName')]",
+ "policyDefinitionId": "[parameters('policySetDefinitionId')]",
+ "enforcementMode": "[parameters('enforcementMode')]",
+ "parameters": {
+ "membersToExclude": {
+ "value": "[parameters('regCompPolParAusGovIsmRestrictedVmAdminsExclude')]"
+ },
+ "logAnalyticsWorkspaceId": {
+ "value": "[parameters('logAnalyticsWorkspaceId')]"
+ },
+ "listOfResourceTypes": {
+ "value": "[if(equals(parameters('regCompPolParAusGovIsmRestrictedResourceTypes'), 'all'), variables('allResourceTypes'), createArray())]"
+ }
+ }
+ }
+ },
+ {
+ // [Preview]: Motion Picture Association of America (MPAA)
+ "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/92646f03-e39d-47a9-9e24-58d60ef49af8')]",
+ "type": "Microsoft.Authorization/policyAssignments",
+ "apiVersion": "2022-06-01",
+ "name": "[parameters('policyAssignmentName')]",
+ "location": "[deployment().location]",
+ "identity": {
+ "type": "SystemAssigned"
+ },
+ "properties": {
+ "description": "[parameters('policySetDefinitionDescription')]",
+ "displayName": "[parameters('policySetDefinitionDisplayName')]",
+ "policyDefinitionId": "[parameters('policySetDefinitionId')]",
+ "enforcementMode": "[parameters('enforcementMode')]",
+ "parameters": {
+ "certificateThumbprints": {
+ "value": "[parameters('regCompPolParMPAACertificateThumb')]"
+ },
+ "applicationName": {
+ "value": "[parameters('regCompPolParMPAAApplicationName')]"
+ },
+ "storagePrefix": {
+ "value": "[parameters('regCompPolParMPAAStoragePrefix')]"
+ },
+ "rgName": {
+ "value": "[parameters('regCompPolParMPAAResGroupPrefix')]"
+ },
+ "metricName": {
+ "value": "[parameters('regCompPolParMPAARBatchMetricName')]"
+ }
+ }
+ }
+ },
+ {
+ // [Preview]: Sovereignty Baseline - Confidential Policies
+ "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/03de05a4-c324-4ccd-882f-a814ea8ab9ea')]",
+ "type": "Microsoft.Authorization/policyAssignments",
+ "apiVersion": "2022-06-01",
+ "name": "[parameters('policyAssignmentName')]",
+ "location": "[deployment().location]",
+ "identity": {
+ "type": "SystemAssigned"
+ },
+ "properties": {
+ "description": "[parameters('policySetDefinitionDescription')]",
+ "displayName": "[parameters('policySetDefinitionDisplayName')]",
+ "policyDefinitionId": "[parameters('policySetDefinitionId')]",
+ "enforcementMode": "[parameters('enforcementMode')]",
+ "parameters": {
+ "listOfAllowedLocations": {
+ "value": "[parameters('regCompPolParSovBaseConfRegions')]"
+ }
+ }
+ }
+ },
+ {
+ // [Preview]: Sovereignty Baseline - Global Policies
+ "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/c1cbff38-87c0-4b9f-9f70-035c7a3b5523')]",
+ "type": "Microsoft.Authorization/policyAssignments",
+ "apiVersion": "2022-06-01",
+ "name": "[parameters('policyAssignmentName')]",
+ "location": "[deployment().location]",
+ "identity": {
+ "type": "SystemAssigned"
+ },
+ "properties": {
+ "description": "[parameters('policySetDefinitionDescription')]",
+ "displayName": "[parameters('policySetDefinitionDisplayName')]",
+ "policyDefinitionId": "[parameters('policySetDefinitionId')]",
+ "enforcementMode": "[parameters('enforcementMode')]",
+ "parameters": {
+ "listOfAllowedLocations": {
+ "value": "[parameters('regCompPolParSovBaseGlobalRegions')]"
+ }
+ }
+ }
+ },
+ {
+ // [Preview]: SWIFT CSP-CSCF v2020
+ "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/3e0c67fc-8c7c-406c-89bd-6b6bdc986a22')]",
+ "type": "Microsoft.Authorization/policyAssignments",
+ "apiVersion": "2022-06-01",
+ "name": "[parameters('policyAssignmentName')]",
+ "location": "[deployment().location]",
+ "identity": {
+ "type": "SystemAssigned"
+ },
+ "properties": {
+ "description": "[parameters('policySetDefinitionDescription')]",
+ "displayName": "[parameters('policySetDefinitionDisplayName')]",
+ "policyDefinitionId": "[parameters('policySetDefinitionId')]",
+ "enforcementMode": "[parameters('enforcementMode')]",
+ "parameters": {
+ "workspaceIDsLogAnalyticsAgentShouldConnectTo": {
+ "value": "[parameters('logAnalyticsWorkspaceId')]"
+ },
+ "listOfMembersToIncludeInWindowsVMAdministratorsGroup": {
+ "value": "[parameters('regCompPolParSwift2020VmAdminsInclude')]"
+ },
+ "domainNameFQDN": {
+ "value": "[parameters('regCompPolParSwift2020DomainFqdn')]"
+ }
+ }
+ }
+ },
+ {
+ // Canada Federal PBMM
+ "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/4c4a5f27-de81-430b-b4e5-9cbd50595a87')]",
+ "type": "Microsoft.Authorization/policyAssignments",
+ "apiVersion": "2022-06-01",
+ "name": "[parameters('policyAssignmentName')]",
+ "location": "[deployment().location]",
+ "identity": {
+ "type": "SystemAssigned"
+ },
+ "properties": {
+ "description": "[parameters('policySetDefinitionDescription')]",
+ "displayName": "[parameters('policySetDefinitionDisplayName')]",
+ "policyDefinitionId": "[parameters('policySetDefinitionId')]",
+ "enforcementMode": "[parameters('enforcementMode')]",
+ "parameters": {
+ "logAnalyticsWorkspaceIdforVMReporting": {
+ "value": "[parameters('logAnalyticsWorkspaceId')]"
+ },
+ "listOfMembersToExcludeFromWindowsVMAdministratorsGroup": {
+ "value": "[parameters('regCompPolParCanadaFedPbmmVmAdminsExclude')]"
+ },
+ "listOfMembersToIncludeInWindowsVMAdministratorsGroup": {
+ "value": "[parameters('regCompPolParCanadaFedPbmmVmAdminsInclude')]"
+ }
+ }
+ }
+ },
+ {
+ // CIS Microsoft Azure Foundations Benchmark v2.0.0
+ "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/06f19060-9e68-4070-92ca-f15cc126059e')]",
+ "type": "Microsoft.Authorization/policyAssignments",
+ "apiVersion": "2022-06-01",
+ "name": "[parameters('policyAssignmentName')]",
+ "location": "[deployment().location]",
+ "identity": {
+ "type": "SystemAssigned"
+ },
+ "properties": {
+ "description": "[parameters('policySetDefinitionDescription')]",
+ "displayName": "[parameters('policySetDefinitionDisplayName')]",
+ "policyDefinitionId": "[parameters('policySetDefinitionId')]",
+ "enforcementMode": "[parameters('enforcementMode')]",
+ "parameters": {
+ "maximumDaysToRotate-d8cf8476-a2ec-4916-896e-992351803c44": {
+ "value": "[parameters('regCompPolParCisV2KeyVaultKeysRotateDays')]"
+ }
+ }
+ }
+ },
+ {
+ // CMMC Level 3
+ "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/b5629c75-5c77-4422-87b9-2509e680f8de')]",
+ "type": "Microsoft.Authorization/policyAssignments",
+ "apiVersion": "2022-06-01",
+ "name": "[parameters('policyAssignmentName')]",
+ "location": "[deployment().location]",
+ "identity": {
+ "type": "SystemAssigned"
+ },
+ "properties": {
+ "description": "[parameters('policySetDefinitionDescription')]",
+ "displayName": "[parameters('policySetDefinitionDisplayName')]",
+ "policyDefinitionId": "[parameters('policySetDefinitionId')]",
+ "enforcementMode": "[parameters('enforcementMode')]",
+ "parameters": {
+ "logAnalyticsWorkspaceId-f47b5582-33ec-4c5c-87c0-b010a6b2e917": {
+ "value": "[parameters('logAnalyticsWorkspaceId')]"
+ },
+ "MembersToInclude-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7": {
+ "value": "[parameters('regCompPolParCmmcL3VmAdminsInclude')]"
+ },
+ "MembersToExclude-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f": {
+ "value": "[parameters('regCompPolParCmmcL3VmAdminsExclude')]"
+ }
+ }
+ }
+ },
+ {
+ // HITRUST/HIPAA
+ "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/a169a624-5599-4385-a696-c8d643089fab')]",
+ "type": "Microsoft.Authorization/policyAssignments",
+ "apiVersion": "2022-06-01",
+ "name": "[parameters('policyAssignmentName')]",
+ "location": "[deployment().location]",
+ "identity": {
+ "type": "SystemAssigned"
+ },
+ "properties": {
+ "description": "[parameters('policySetDefinitionDescription')]",
+ "displayName": "[parameters('policySetDefinitionDisplayName')]",
+ "policyDefinitionId": "[parameters('policySetDefinitionId')]",
+ "enforcementMode": "[parameters('enforcementMode')]",
+ "parameters": {
+ "CertificateThumbprints": {
+ "value": "[parameters('regCompPolParHitrustHipaaCertificateThumb')]"
+ },
+ "installedApplicationsOnWindowsVM": {
+ "value": "[parameters('regCompPolParHitrustHipaaApplicationName')]"
+ },
+ "DeployDiagnosticSettingsforNetworkSecurityGroupsstoragePrefix": {
+ "value": "[parameters('regCompPolParHitrustHipaaStoragePrefix')]"
+ },
+ "DeployDiagnosticSettingsforNetworkSecurityGroupsrgName": {
+ "value": "[parameters('regCompPolParHitrustHipaaResGroupPrefix')]"
+ }
+ }
+ }
+ },
+ {
+ // IRS1075 September 2016
+ "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/105e0327-6175-4eb2-9af4-1fba43bdb39d')]",
+ "type": "Microsoft.Authorization/policyAssignments",
+ "apiVersion": "2022-06-01",
+ "name": "[parameters('policyAssignmentName')]",
+ "location": "[deployment().location]",
+ "identity": {
+ "type": "SystemAssigned"
+ },
+ "properties": {
+ "description": "[parameters('policySetDefinitionDescription')]",
+ "displayName": "[parameters('policySetDefinitionDisplayName')]",
+ "policyDefinitionId": "[parameters('policySetDefinitionId')]",
+ "enforcementMode": "[parameters('enforcementMode')]",
+ "parameters": {
+ "logAnalyticsWorkspaceIdforVMReporting": {
+ "value": "[parameters('logAnalyticsWorkspaceId')]"
+ },
+ "listOfMembersToExcludeFromWindowsVMAdministratorsGroup": {
+ "value": "[parameters('regCompPolParIrs1075Sep2016VmAdminsExclude')]"
+ },
+ "listOfMembersToIncludeInWindowsVMAdministratorsGroup": {
+ "value": "[parameters('regCompPolParIrs1075Sep2016VmAdminsInclude')]"
+ }
+ }
+ }
+ },
+ {
+ // New Zealand ISM Restricted
+ "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/d1a462af-7e6d-4901-98ac-61570b4ed22a')]",
+ "type": "Microsoft.Authorization/policyAssignments",
+ "apiVersion": "2022-06-01",
+ "name": "[parameters('policyAssignmentName')]",
+ "location": "[deployment().location]",
+ "identity": {
+ "type": "SystemAssigned"
+ },
+ "properties": {
+ "description": "[parameters('policySetDefinitionDescription')]",
+ "displayName": "[parameters('policySetDefinitionDisplayName')]",
+ "policyDefinitionId": "[parameters('policySetDefinitionId')]",
+ "enforcementMode": "[parameters('enforcementMode')]",
+ "parameters": {
+ "MembersToInclude-30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7": {
+ "value": "[parameters('regCompPolParNZIsmRestrictedVmAdminsInclude')]"
+ },
+ "MembersToExclude-69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f": {
+ "value": "[parameters('regCompPolParNZIsmRestrictedVmAdminsExclude')]"
+ }
+ }
+ }
+ },
+ {
+ // NIST SP 800-171 Rev. 2
+ "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/03055927-78bd-4236-86c0-f36125a10dc9')]",
+ "type": "Microsoft.Authorization/policyAssignments",
+ "apiVersion": "2022-06-01",
+ "name": "[parameters('policyAssignmentName')]",
+ "location": "[deployment().location]",
+ "identity": {
+ "type": "SystemAssigned"
+ },
+ "properties": {
+ "description": "[parameters('policySetDefinitionDescription')]",
+ "displayName": "[parameters('policySetDefinitionDisplayName')]",
+ "policyDefinitionId": "[parameters('policySetDefinitionId')]",
+ "enforcementMode": "[parameters('enforcementMode')]",
+ "parameters": {
+ "logAnalyticsWorkspaceIDForVMAgents": {
+ "value": "[parameters('logAnalyticsWorkspaceId')]"
+ },
+ "membersToExcludeInLocalAdministratorsGroup": {
+ "value": "[parameters('regCompPolParNistSp800171R2VmAdminsExclude')]"
+ },
+ "membersToIncludeInLocalAdministratorsGroup": {
+ "value": "[parameters('regCompPolParNistSp800171R2VmAdminsInclude')]"
+ }
+ }
+ }
+ },
+ {
+ // SOC 2 Type 2
+ "condition": "[equals(parameters('policySetDefinitionId'), '/providers/Microsoft.Authorization/policySetDefinitions/4054785f-702b-4a98-9215-009cbd58b141')]",
+ "type": "Microsoft.Authorization/policyAssignments",
+ "apiVersion": "2022-06-01",
+ "name": "[parameters('policyAssignmentName')]",
+ "location": "[deployment().location]",
+ "identity": {
+ "type": "SystemAssigned"
+ },
+ "properties": {
+ "description": "[parameters('policySetDefinitionDescription')]",
+ "displayName": "[parameters('policySetDefinitionDisplayName')]",
+ "policyDefinitionId": "[parameters('policySetDefinitionId')]",
+ "enforcementMode": "[parameters('enforcementMode')]",
+ "parameters": {
+ "allowedContainerImagesRegex-febd0533-8e55-448f-b837-bd0e06f16469": {
+ "value": "[parameters('regCompPolParSoc2Type2AllowedRegistries')]"
+ },
+ "cpuLimit-e345eecc-fa47-480f-9e88-67dcc122b164": {
+ "value": "[parameters('regCompPolParSoc2Type2MaxCpuUnits')]"
+ },
+ "memoryLimit-e345eecc-fa47-480f-9e88-67dcc122b164": {
+ "value": "[parameters('regCompPolParSoc2Type2MaxMemoryBytes')]"
+ }
+ }
+ }
+ },
+ {
+ "type": "Microsoft.Authorization/roleAssignments",
+ "apiVersion": "2019-04-01-preview",
+ "name": "[variables('roleAssignmentNames').deployRoles]",
+ "dependsOn": [
+ "[parameters('policyAssignmentName')]"
+ ],
+ "properties": {
+ "principalType": "ServicePrincipal",
+ "roleDefinitionId": "[concat('/providers/Microsoft.Authorization/roleDefinitions/', variables('rbacContributor'))]",
+ "principalId": "[toLower(reference(concat('/providers/Microsoft.Authorization/policyAssignments/', parameters('policyAssignmentName')), '2019-09-01', 'Full' ).identity.principalId)]"
+ }
+ }
+ ],
+ "outputs": {}
+}
\ No newline at end of file
diff --git a/eslzArm/subscriptionTemplates/mcmdfcConfiguration.json b/eslzArm/subscriptionTemplates/mcmdfcConfiguration.json
new file mode 100644
index 0000000000..0811bbdaf3
--- /dev/null
+++ b/eslzArm/subscriptionTemplates/mcmdfcConfiguration.json
@@ -0,0 +1,683 @@
+{
+ "$schema": "https://schema.management.azure.com/schemas/2018-05-01/subscriptionDeploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {
+ "enableAscForServers": {
+ "type": "String",
+ "allowedValues": [
+ "DeployIfNotExists",
+ "Disabled"
+ ],
+ "defaultValue": "DeployIfNotExists",
+ "metadata": {
+ "displayName": "Effect",
+ "description": "Enable or disable the execution of the policy"
+ }
+ },
+ "enableAscForCosmosDbs": {
+ "type": "String",
+ "allowedValues": [
+ "DeployIfNotExists",
+ "Disabled"
+ ],
+ "defaultValue": "DeployIfNotExists",
+ "metadata": {
+ "displayName": "Effect",
+ "description": "Enable or disable the execution of the policy"
+ }
+ },
+ "enableAscForSql": {
+ "type": "String",
+ "allowedValues": [
+ "DeployIfNotExists",
+ "Disabled"
+ ],
+ "defaultValue": "DeployIfNotExists",
+ "metadata": {
+ "displayName": "Effect",
+ "description": "Enable or disable the execution of the policy"
+ }
+ },
+ "enableAscForSqlOnVm": {
+ "type": "String",
+ "allowedValues": [
+ "DeployIfNotExists",
+ "Disabled"
+ ],
+ "defaultValue": "DeployIfNotExists",
+ "metadata": {
+ "displayName": "Effect",
+ "description": "Enable or disable the execution of the policy"
+ }
+ },
+ "enableAscForArm": {
+ "type": "String",
+ "allowedValues": [
+ "DeployIfNotExists",
+ "Disabled"
+ ],
+ "defaultValue": "DeployIfNotExists",
+ "metadata": {
+ "displayName": "Effect",
+ "description": "Enable or disable the execution of the policy"
+ }
+ },
+ "enableAscForOssDb": {
+ "type": "String",
+ "allowedValues": [
+ "DeployIfNotExists",
+ "Disabled"
+ ],
+ "defaultValue": "DeployIfNotExists",
+ "metadata": {
+ "displayName": "Effect",
+ "description": "Enable or disable the execution of the policy"
+ }
+ },
+ "enableAscForAppServices": {
+ "type": "String",
+ "allowedValues": [
+ "DeployIfNotExists",
+ "Disabled"
+ ],
+ "defaultValue": "DeployIfNotExists",
+ "metadata": {
+ "displayName": "Effect",
+ "description": "Enable or disable the execution of the policy"
+ }
+ },
+ "enableAscForKeyVault": {
+ "type": "String",
+ "allowedValues": [
+ "DeployIfNotExists",
+ "Disabled"
+ ],
+ "defaultValue": "DeployIfNotExists",
+ "metadata": {
+ "displayName": "Effect",
+ "description": "Enable or disable the execution of the policy"
+ }
+ },
+ "enableAscForStorage": {
+ "type": "String",
+ "allowedValues": [
+ "DeployIfNotExists",
+ "Disabled"
+ ],
+ "defaultValue": "DeployIfNotExists",
+ "metadata": {
+ "displayName": "Effect",
+ "description": "Enable or disable the execution of the policy"
+ }
+ },
+ "enableAscForContainers": {
+ "type": "String",
+ "allowedValues": [
+ "DeployIfNotExists",
+ "Disabled"
+ ],
+ "defaultValue": "DeployIfNotExists",
+ "metadata": {
+ "displayName": "Effect",
+ "description": "Enable or disable the execution of the policy"
+ }
+ },
+ "enableAscForApis": {
+ "type": "String",
+ "allowedValues": [
+ "DeployIfNotExists",
+ "Disabled"
+ ],
+ "defaultValue": "DeployIfNotExists",
+ "metadata": {
+ "displayName": "Effect",
+ "description": "Enable or disable the execution of the policy"
+ }
+ },
+ "enableAscForCspm": {
+ "type": "String",
+ "allowedValues": [
+ "DeployIfNotExists",
+ "Disabled"
+ ],
+ "defaultValue": "DeployIfNotExists",
+ "metadata": {
+ "displayName": "Effect",
+ "description": "Enable or disable the execution of the policy"
+ }
+ },
+ "resourceGroupLocation": {
+ "type": "String",
+ "metadata": {
+ "displayName": "Resource group location",
+ "description": "The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured.",
+ "strongType": "location"
+ }
+ },
+ "resourceGroupName": {
+ "type": "String",
+ "metadata": {
+ "displayName": "Resource group name",
+ "description": "The name of the resource group hosting the Log Analytics workspace."
+ }
+ },
+ "logAnalyticsResourceId": {
+ "type": "String",
+ "metadata": {
+ "displayName": "Log Analytics workspace",
+ "description": "The Log Analytics workspace of where the data should be exported to.",
+ "strongType": "Microsoft.OperationalInsights/workspaces",
+ "assignPermissions": true
+ }
+ },
+ "emailContactAsc": {
+ "type": "String",
+ "metadata": {
+ "displayName": "Resource group name",
+ "description": "The resource group name where the export to Log Analytics workspace configuration is created. If you enter a name for a resource group that doesn't exist, it'll be created in the subscription. Note that each resource group can only have one export to Log Analytics workspace configured."
+ }
+ },
+ "exportedDataTypes": {
+ "type": "Array",
+ "metadata": {
+ "displayName": "Exported data types",
+ "description": "The data types to be exported. To export a snapshot (preview) of the data once a week, choose the data types which contains 'snapshot', other data types will be sent in real-time streaming."
+ },
+ "allowedValues": [
+ "Security recommendations",
+ "Security alerts",
+ "Overall secure score",
+ "Secure score controls",
+ "Regulatory compliance",
+ "Overall secure score - snapshot",
+ "Secure score controls - snapshot",
+ "Regulatory compliance - snapshot",
+ "Security recommendations - snapshot",
+ "Security findings - snapshot"
+ ],
+ "defaultValue": [
+ "Security recommendations",
+ "Security alerts",
+ "Overall secure score",
+ "Secure score controls",
+ "Regulatory compliance",
+ "Overall secure score - snapshot",
+ "Secure score controls - snapshot",
+ "Regulatory compliance - snapshot",
+ "Security recommendations - snapshot",
+ "Security findings - snapshot"
+ ]
+ },
+ "recommendationNames": {
+ "type": "Array",
+ "metadata": {
+ "displayName": "Recommendation IDs",
+ "description": "Applicable only for export of security recommendations. To export all recommendations, leave this empty. To export specific recommendations, enter a list of recommendation IDs separated by semicolons (';'). Recommendation IDs are available through the Assessments API (https://docs.microsoft.com/rest/api/securitycenter/assessments), or Azure Resource Graph Explorer, choose securityresources and microsoft.security/assessments."
+ },
+ "defaultValue": []
+ },
+ "recommendationSeverities": {
+ "type": "Array",
+ "metadata": {
+ "displayName": "Recommendation severities",
+ "description": "Applicable only for export of security recommendations. Determines recommendation severities. Example: High;Medium;Low;"
+ },
+ "allowedValues": [
+ "High",
+ "Medium",
+ "Low"
+ ],
+ "defaultValue": [
+ "High",
+ "Medium",
+ "Low"
+ ]
+ },
+ "isSecurityFindingsEnabled": {
+ "type": "bool",
+ "metadata": {
+ "displayName": "Include security findings",
+ "description": "Security findings are results from vulnerability assessment solutions, and can be thought of as 'sub' recommendations grouped into a 'parent' recommendation."
+ },
+ "allowedValues": [
+ true,
+ false
+ ],
+ "defaultValue": true
+ },
+ "secureScoreControlsNames": {
+ "type": "Array",
+ "metadata": {
+ "displayName": "Secure Score Controls IDs",
+ "description": "Applicable only for export of secure score controls. To export all secure score controls, leave this empty. To export specific secure score controls, enter a list of secure score controls IDs separated by semicolons (';'). Secure score controls IDs are available through the Secure score controls API (https://docs.microsoft.com/rest/api/securitycenter/securescorecontrols), or Azure Resource Graph Explorer, choose securityresources and microsoft.security/securescores/securescorecontrols."
+ },
+ "defaultValue": []
+ },
+ "alertSeverities": {
+ "type": "Array",
+ "metadata": {
+ "displayName": "Alert severities",
+ "description": "Applicable only for export of security alerts. Determines alert severities. Example: High;Medium;Low;"
+ },
+ "allowedValues": [
+ "High",
+ "Medium",
+ "Low"
+ ],
+ "defaultValue": [
+ "High",
+ "Medium",
+ "Low"
+ ]
+ },
+ "regulatoryComplianceStandardsNames": {
+ "type": "Array",
+ "metadata": {
+ "displayName": "Regulatory compliance standards names",
+ "description": "Applicable only for export of regulatory compliance. To export all regulatory compliance, leave this empty. To export specific regulatory compliance standards, enter a list of these standards names separated by semicolons (';'). Regulatory compliance standards names are available through the regulatory compliance standards API (https://docs.microsoft.com/rest/api/securitycenter/regulatorycompliancestandards), or Azure Resource Graph Explorer, choose securityresources and microsoft.security/regulatorycompliancestandards."
+ },
+ "defaultValue": []
+ },
+ "guidValue": {
+ "type": "string",
+ "defaultValue": "[newGuid()]"
+ }
+ },
+ "variables": {
+ "scopeDescription": "scope for subscription {0}",
+ "subAssessmentRuleExpectedValue": "/assessments/{0}/",
+ "recommendationNamesLength": "[length(parameters('recommendationNames'))]",
+ "secureScoreControlsNamesLength": "[length(parameters('secureScoreControlsNames'))]",
+ "secureScoreControlsLengthIfEmpty": "[if(equals(variables('secureScoreControlsNamesLength'), 0), 1, variables('secureScoreControlsNamesLength'))]",
+ "regulatoryComplianceStandardsNamesLength": "[length(parameters('regulatoryComplianceStandardsNames'))]",
+ "regulatoryComplianceStandardsNamesLengthIfEmpty": "[if(equals(variables('regulatoryComplianceStandardsNamesLength'), 0), 1, variables('regulatoryComplianceStandardsNamesLength'))]",
+ "recommendationSeveritiesLength": "[length(parameters('recommendationSeverities'))]",
+ "alertSeveritiesLength": "[length(parameters('alertSeverities'))]",
+ "recommendationNamesLengthIfEmpty": "[if(equals(variables('recommendationNamesLength'), 0), 1, variables('recommendationNamesLength'))]",
+ "recommendationSeveritiesLengthIfEmpty": "[if(equals(variables('recommendationSeveritiesLength'), 0), 1, variables('recommendationSeveritiesLength'))]",
+ "alertSeveritiesLengthIfEmpty": "[if(equals(variables('alertSeveritiesLength'), 0), 1, variables('alertSeveritiesLength'))]",
+ "totalRuleCombinationsForOneRecommendationName": "[variables('recommendationSeveritiesLengthIfEmpty')]",
+ "totalRuleCombinationsForOneRecommendationSeverity": 1,
+ "exportedDataTypesLength": "[length(parameters('exportedDataTypes'))]",
+ "exportedDataTypesLengthIfEmpty": "[if(equals(variables('exportedDataTypesLength'), 0), 1, variables('exportedDataTypesLength'))]",
+ "dataTypeMap": {
+ "Security recommendations": "Assessments",
+ "Security alerts": "Alerts",
+ "Overall secure score": "SecureScores",
+ "Secure score controls": "SecureScoreControls",
+ "Regulatory compliance": "RegulatoryComplianceAssessment",
+ "Overall secure score - snapshot": "SecureScoresSnapshot",
+ "Secure score controls - snapshot": "SecureScoreControlsSnapshot",
+ "Regulatory compliance - snapshot": "RegulatoryComplianceAssessmentSnapshot",
+ "Security recommendations - snapshot": "AssessmentsSnapshot",
+ "Security findings - snapshot": "SubAssessmentsSnapshot"
+ },
+ "alertSeverityMap": {
+ "High": "high",
+ "Medium": "medium",
+ "Low": "low"
+ },
+ "ruleSetsForAssessmentsObj": {
+ "copy": [
+ {
+ "name": "ruleSetsForAssessmentsArr",
+ "count": "[mul(variables('recommendationNamesLengthIfEmpty'),variables('recommendationSeveritiesLengthIfEmpty'))]",
+ "input": {
+ "rules": [
+ {
+ "propertyJPath": "[if(equals(variables('recommendationNamesLength'),0),'type','name')]",
+ "propertyType": "string",
+ "expectedValue": "[if(equals(variables('recommendationNamesLength'),0),'Microsoft.Security/assessments',parameters('recommendationNames')[mod(div(copyIndex('ruleSetsForAssessmentsArr'),variables('totalRuleCombinationsForOneRecommendationName')),variables('recommendationNamesLength'))])]",
+ "operator": "Contains"
+ },
+ {
+ "propertyJPath": "properties.metadata.severity",
+ "propertyType": "string",
+ "expectedValue": "[parameters('recommendationSeverities')[mod(div(copyIndex('ruleSetsForAssessmentsArr'),variables('totalRuleCombinationsForOneRecommendationSeverity')),variables('recommendationSeveritiesLength'))]]",
+ "operator": "Equals"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "customRuleSetsForSubAssessmentsObj": {
+ "copy": [
+ {
+ "name": "ruleSetsForSubAssessmentsArr",
+ "count": "[variables('recommendationNamesLengthIfEmpty')]",
+ "input": {
+ "rules": [
+ {
+ "propertyJPath": "id",
+ "propertyType": "string",
+ "expectedValue": "[if(equals(variables('recommendationNamesLength'), 0), json('null'), replace(variables('subAssessmentRuleExpectedValue'),'{0}', parameters('recommendationNames')[copyIndex('ruleSetsForSubAssessmentsArr')]))]",
+ "operator": "Contains"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "ruleSetsForAlertsObj": {
+ "copy": [
+ {
+ "name": "ruleSetsForAlertsArr",
+ "count": "[variables('alertSeveritiesLengthIfEmpty')]",
+ "input": {
+ "rules": [
+ {
+ "propertyJPath": "Severity",
+ "propertyType": "string",
+ "expectedValue": "[variables('alertSeverityMap')[parameters('alertSeverities')[mod(copyIndex('ruleSetsForAlertsArr'),variables('alertSeveritiesLengthIfEmpty'))]]]",
+ "operator": "Equals"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "customRuleSetsForSecureScoreControlsObj": {
+ "copy": [
+ {
+ "name": "ruleSetsForSecureScoreControlsArr",
+ "count": "[variables('secureScoreControlsLengthIfEmpty')]",
+ "input": {
+ "rules": [
+ {
+ "propertyJPath": "name",
+ "propertyType": "string",
+ "expectedValue": "[if(equals(variables('secureScoreControlsNamesLength'), 0), json('null'), parameters('secureScoreControlsNames')[copyIndex('ruleSetsForSecureScoreControlsArr')])]",
+ "operator": "Equals"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "customRuleSetsForRegulatoryComplianceObj": {
+ "copy": [
+ {
+ "name": "ruleSetsForRegulatoryCompliancArr",
+ "count": "[variables('regulatoryComplianceStandardsNamesLengthIfEmpty')]",
+ "input": {
+ "rules": [
+ {
+ "propertyJPath": "id",
+ "propertyType": "string",
+ "expectedValue": "[if(equals(variables('regulatoryComplianceStandardsNamesLength'), 0), json('null'), parameters('regulatoryComplianceStandardsNames')[copyIndex('ruleSetsForRegulatoryCompliancArr')])]",
+ "operator": "Contains"
+ }
+ ]
+ }
+ }
+ ]
+ },
+ "ruleSetsForSecureScoreControlsObj": "[if(equals(variables('secureScoreControlsNamesLength'), 0), json('null'), variables('customRuleSetsForSecureScoreControlsObj').ruleSetsForSecureScoreControlsArr)]",
+ "ruleSetsForSecureRegulatoryComplianceObj": "[if(equals(variables('regulatoryComplianceStandardsNamesLength'), 0), json('null'), variables('customRuleSetsForRegulatoryComplianceObj').ruleSetsForRegulatoryCompliancArr)]",
+ "ruleSetsForSubAssessmentsObj": "[if(equals(variables('recommendationNamesLength'), 0), json('null'), variables('customRuleSetsForSubAssessmentsObj').ruleSetsForSubAssessmentsArr)]",
+ "subAssessmentSource": [
+ {
+ "eventSource": "SubAssessments",
+ "ruleSets": "[variables('ruleSetsForSubAssessmentsObj')]"
+ }
+ ],
+ "ruleSetsMap": {
+ "Security recommendations": "[variables('ruleSetsForAssessmentsObj').ruleSetsForAssessmentsArr]",
+ "Security alerts": "[variables('ruleSetsForAlertsObj').ruleSetsForAlertsArr]",
+ "Overall secure score": null,
+ "Secure score controls": "[variables('ruleSetsForSecureScoreControlsObj')]",
+ "Regulatory compliance": "[variables('ruleSetsForSecureRegulatoryComplianceObj')]",
+ "Overall secure score - snapshot": null,
+ "Secure score controls - snapshot": "[variables('ruleSetsForSecureScoreControlsObj')]",
+ "Regulatory compliance - snapshot": "[variables('ruleSetsForSecureRegulatoryComplianceObj')]",
+ "Security recommendations - snapshot": "[variables('ruleSetsForAssessmentsObj').ruleSetsForAssessmentsArr]",
+ "Security findings - snapshot": "[variables('ruleSetsForSubAssessmentsObj')]"
+ },
+ "sourcesWithoutSubAssessments": {
+ "copy": [
+ {
+ "name": "sources",
+ "count": "[variables('exportedDataTypesLengthIfEmpty')]",
+ "input": {
+ "eventSource": "[variables('dataTypeMap')[parameters('exportedDataTypes')[copyIndex('sources')]]]",
+ "ruleSets": "[variables('ruleSetsMap')[parameters('exportedDataTypes')[copyIndex('sources')]]]"
+ }
+ }
+ ]
+ },
+ "sourcesWithSubAssessments": "[concat(variables('subAssessmentSource'),variables('sourcesWithoutSubAssessments').sources)]",
+ "sources": "[if(equals(parameters('isSecurityFindingsEnabled'),bool('true')),variables('sourcesWithSubAssessments'),variables('sourcesWithoutSubAssessments').sources)]"
+ },
+ "resources": [
+ {
+ "condition": "[equals(parameters('enableAscForStorage'), 'DeployIfNotExists')]",
+ "type": "Microsoft.Security/pricings",
+ "apiVersion": "2023-01-01",
+ "name": "StorageAccounts",
+ "properties": {
+ "pricingTier": "Standard",
+ "subPlan": "DefenderForStorageV2",
+ "extensions": [
+ {
+ "name": "OnUploadMalwareScanning",
+ "isEnabled": "True",
+ "additionalExtensionProperties": {
+ "CapGBPerMonthPerStorageAccount": "5000"
+ }
+ },
+ {
+ "name": "SensitiveDataDiscovery",
+ "isEnabled": "True"
+ }
+ ]
+ }
+ },
+ {
+ "condition": "[equals(parameters('enableAscForServers'), 'DeployIfNotExists')]",
+ "type": "Microsoft.Security/pricings",
+ "apiVersion": "2023-01-01",
+ "name": "VirtualMachines",
+ "dependsOn": [
+ "[resourceId('Microsoft.Security/pricings', 'StorageAccounts')]"
+ ],
+ "properties": {
+ "pricingTier": "Standard",
+ "subPlan": "P2",
+ "resourcesCoverageStatus": "FullyCovered"
+ }
+ },
+ {
+ "condition": "[equals(parameters('enableAscForSql'), 'DeployIfNotExists')]",
+ "type": "Microsoft.Security/pricings",
+ "apiVersion": "2023-01-01",
+ "name": "SqlServers",
+ "dependsOn": [
+ "[resourceId('Microsoft.Security/pricings', 'VirtualMachines')]"
+ ],
+ "properties": {
+ "pricingTier": "Standard"
+ }
+ },
+ {
+ "condition": "[equals(parameters('enableAscForAppServices'), 'DeployIfNotExists')]",
+ "type": "Microsoft.Security/pricings",
+ "apiVersion": "2023-01-01",
+ "name": "AppServices",
+ "dependsOn": [
+ "[resourceId('Microsoft.Security/pricings', 'SqlServers')]"
+ ],
+ "properties": {
+ "pricingTier": "Standard"
+ }
+ },
+ {
+ "condition": "[equals(parameters('enableAscForSqlOnVm'), 'DeployIfNotExists')]",
+ "type": "Microsoft.Security/pricings",
+ "apiVersion": "2023-01-01",
+ "name": "SqlServerVirtualMachines",
+ "dependsOn": [
+ "[resourceId('Microsoft.Security/pricings', 'AppServices')]"
+ ],
+ "properties": {
+ "pricingTier": "Standard"
+ }
+ },
+ {
+ "condition": "[equals(parameters('enableAscForContainers'), 'DeployIfNotExists')]",
+ "type": "Microsoft.Security/pricings",
+ "apiVersion": "2023-01-01",
+ "name": "Containers",
+ "dependsOn": [
+ "[resourceId('Microsoft.Security/pricings', 'SqlServerVirtualMachines')]"
+ ],
+ "properties": {
+ "pricingTier": "Standard"
+ }
+ },
+ {
+ "condition": "[equals(parameters('enableAscForKeyVault'), 'DeployIfNotExists')]",
+ "type": "Microsoft.Security/pricings",
+ "apiVersion": "2023-01-01",
+ "name": "KeyVaults",
+ "dependsOn": [
+ "[resourceId('Microsoft.Security/pricings', 'Containers')]"
+ ],
+ "properties": {
+ "pricingTier": "Standard"
+ }
+ },
+ {
+ "condition": "[equals(parameters('enableAscForArm'), 'DeployIfNotExists')]",
+ "type": "Microsoft.Security/pricings",
+ "apiVersion": "2023-01-01",
+ "name": "Arm",
+ "dependsOn": [
+ "[resourceId('Microsoft.Security/pricings', 'KeyVaults')]"
+ ],
+ "properties": {
+ "pricingTier": "Standard"
+ }
+ },
+ {
+ "condition": "[equals(parameters('enableAscForOssDb'), 'DeployIfNotExists')]",
+ "type": "Microsoft.Security/pricings",
+ "apiVersion": "2023-01-01",
+ "name": "OpenSourceRelationalDatabases",
+ "dependsOn": [
+ "[resourceId('Microsoft.Security/pricings', 'Arm')]"
+ ],
+ "properties": {
+ "pricingTier": "Standard"
+ }
+ },
+ {
+ "condition": "[equals(parameters('enableAscForCosmosDbs'), 'DeployIfNotExists')]",
+ "type": "Microsoft.Security/pricings",
+ "apiVersion": "2023-01-01",
+ "name": "CosmosDbs",
+ "dependsOn": [
+ "[resourceId('Microsoft.Security/pricings', 'OpenSourceRelationalDatabases')]"
+ ],
+ "properties": {
+ "pricingTier": "Standard"
+ }
+ },
+ {
+ "condition": "[equals(parameters('enableAscForCspm'), 'DeployIfNotExists')]",
+ "type": "Microsoft.Security/pricings",
+ "apiVersion": "2023-01-01",
+ "name": "CloudPosture",
+ "dependsOn": [
+ "[resourceId('Microsoft.Security/pricings', 'CosmosDbs')]"
+ ],
+ "properties": {
+ "pricingTier": "Standard"
+ }
+ },
+ {
+ "condition": "[equals(parameters('enableAscForApis'), 'DeployIfNotExists')]",
+ "type": "Microsoft.Security/pricings",
+ "apiVersion": "2023-01-01",
+ "name": "Api",
+ "dependsOn": [
+ "[resourceId('Microsoft.Security/pricings', 'CloudPosture')]"
+ ],
+ "properties": {
+ "pricingTier": "Standard",
+ "subPlan": "P1"
+ }
+ },
+ {
+ "type": "Microsoft.Security/securityContacts",
+ "apiVersion": "2020-01-01-preview",
+ "name": "default",
+ "properties": {
+ "description": "Defender for Cloud security contacts",
+ "emails": "[parameters('emailContactAsc')]",
+ "notificationsByRole": {
+ "state": "On",
+ "roles": [
+ "Owner"
+ ]
+ },
+ "alertNotifications": {
+ "state": "On",
+ "minimalSeverity": "Medium"
+ }
+ }
+ },
+ {
+ "name": "[parameters('resourceGroupName')]",
+ "type": "Microsoft.Resources/resourceGroups",
+ "apiVersion": "2019-10-01",
+ "location": "[parameters('resourceGroupLocation')]"
+ },
+ {
+ "type": "Microsoft.Resources/deployments",
+ "apiVersion": "2019-10-01",
+ "name": "[concat('nestedAutomationDeployment', '_', parameters('guidValue'))]",
+ "resourceGroup": "[parameters('resourceGroupName')]",
+ "dependsOn": [
+ "[resourceId('Microsoft.Resources/resourceGroups/', parameters('resourceGroupName'))]"
+ ],
+ "properties": {
+ "mode": "Incremental",
+ "template": {
+ "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
+ "contentVersion": "1.0.0.0",
+ "parameters": {},
+ "variables": {},
+ "resources": [
+ {
+ "tags": {},
+ "apiVersion": "2019-01-01-preview",
+ "location": "[parameters('resourceGroupLocation')]",
+ "name": "ExportToWorkspace",
+ "type": "Microsoft.Security/automations",
+ "dependsOn": [],
+ "properties": {
+ "description": "Export Microsoft Defender for Cloud data to Log Analytics workspace via policy",
+ "isEnabled": true,
+ "scopes": [
+ {
+ "description": "[replace(variables('scopeDescription'),'{0}', subscription().subscriptionId)]",
+ "scopePath": "[subscription().id]"
+ }
+ ],
+ "sources": "[variables('sources')]",
+ "actions": [
+ {
+ "actionType": "Workspace",
+ "workspaceResourceId": "[parameters('logAnalyticsResourceId')]"
+ }
+ ]
+ }
+ }
+ ]
+ }
+ }
+ }
+ ],
+ "outputs": {}
+}
\ No newline at end of file
diff --git a/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown.json b/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown.json
index e42d6a8f66..7fef29646c 100644
--- a/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown.json
+++ b/src/resources/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown.json
@@ -13,10 +13,7 @@
"category": "Compute",
"source": "https://github.com/Azure/Enterprise-Scale/",
"alzCloudEnvironments": [
- "AzureCloud",
- "AzureChinaCloud",
- "AzureUSGovernment"
- ]
+ "AzureCloud" ]
},
"parameters": {
"time": {
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Deny-PublicPaaSEndpoints.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Deny-PublicPaaSEndpoints.AzureChinaCloud.json
index 5cb86665e4..8b402911cb 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Deny-PublicPaaSEndpoints.AzureChinaCloud.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Deny-PublicPaaSEndpoints.AzureChinaCloud.json
@@ -1,5 +1,5 @@
{
- "name": "Deny-PublicPaaSEndpoints",
+ "name": "Deny-PublicPaaSEndpoints-AzureChinaCloud",
"type": "Microsoft.Authorization/policySetDefinitions",
"apiVersion": "2021-06-01",
"scope": null,
@@ -20,7 +20,7 @@
"type": "String",
"metadata": {
"displayName": "Public network access should be disabled for CosmosDB",
- "description": "This policy denies that Cosmos database accounts are created with out public network access is disabled."
+ "description": "This policy denies that Cosmos database accounts are created with out public network access is disabled."
},
"allowedValues": [
"Audit",
@@ -85,7 +85,7 @@
"type": "String",
"metadata": {
"displayName": "Public network access on Azure Container Registry disabled",
- "description": "This policy denies the creation of Azure Container Registires with exposed public endpoints "
+ "description": "This policy denies the creation of Azure Container Registries with exposed public endpoints "
},
"allowedValues": [
"Audit",
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-Diagnostics-LogAnalytics.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-Diagnostics-LogAnalytics.AzureChinaCloud.json
index ee18af091c..880d6ef31a 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-Diagnostics-LogAnalytics.AzureChinaCloud.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-Diagnostics-LogAnalytics.AzureChinaCloud.json
@@ -1,5 +1,5 @@
{
- "name": "Deploy-Diagnostics-LogAnalytics",
+ "name": "Deploy-Diagnostics-LogAnalytics-AzureChinaCloud",
"type": "Microsoft.Authorization/policySetDefinitions",
"apiVersion": "2021-06-01",
"scope": null,
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config.AzureChinaCloud.json
index 130a3b563d..f14b18081c 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config.AzureChinaCloud.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config.AzureChinaCloud.json
@@ -1,5 +1,5 @@
{
- "name": "Deploy-MDFC-Config",
+ "name": "Deploy-MDFC-Config-AzureChinaCloud",
"type": "Microsoft.Authorization/policySetDefinitions",
"apiVersion": "2021-06-01",
"scope": null,
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones.AzureChinaCloud.json
index fc77ee5981..d0b0bb9424 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones.AzureChinaCloud.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones.AzureChinaCloud.json
@@ -1,5 +1,5 @@
{
- "name": "Deploy-Private-DNS-Zones",
+ "name": "Deploy-Private-DNS-Zones-AzureChinaCloud",
"type": "Microsoft.Authorization/policySetDefinitions",
"apiVersion": "2021-06-01",
"scope": null,
@@ -8,7 +8,7 @@
"displayName": "Configure Azure PaaS services to use private DNS zones",
"description": "This policy initiative is a group of policies that ensures private endpoints to Azure PaaS services are integrated with Azure Private DNS zones",
"metadata": {
- "version": "1.0.1",
+ "version": "1.1.0",
"category": "Network",
"source": "https://github.com/Azure/Enterprise-Scale/",
"alzCloudEnvironments": [
@@ -25,42 +25,268 @@
"description": "Private DNS Zone Identifier"
}
},
- "azureWebPrivateDnsZoneId": {
+ "azureAutomationWebhookPrivateDnsZoneId": {
"type": "string",
"defaultValue": "",
"metadata": {
- "displayName": "azureWebPrivateDnsZoneId",
+ "displayName": "azureAutomationWebhookPrivateDnsZoneId",
"strongType": "Microsoft.Network/privateDnsZones",
"description": "Private DNS Zone Identifier"
}
},
- "azureBatchPrivateDnsZoneId": {
+ "azureAutomationDSCHybridPrivateDnsZoneId": {
"type": "string",
"defaultValue": "",
"metadata": {
- "displayName": "azureBatchPrivateDnsZoneId",
+ "displayName": "azureAutomationDSCHybridPrivateDnsZoneId",
"strongType": "Microsoft.Network/privateDnsZones",
"description": "Private DNS Zone Identifier"
}
},
- "azureAppPrivateDnsZoneId": {
+ "azureCosmosSQLPrivateDnsZoneId": {
"type": "string",
"defaultValue": "",
"metadata": {
- "displayName": "azureAppPrivateDnsZoneId",
+ "displayName": "azureCosmosSQLPrivateDnsZoneId",
+ "strongType": "Microsoft.Network/privateDnsZones",
+ "description": "Private DNS Zone Identifier"
+ }
+ },
+ "azureCosmosMongoPrivateDnsZoneId": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "displayName": "azureCosmosMongoPrivateDnsZoneId",
+ "strongType": "Microsoft.Network/privateDnsZones",
+ "description": "Private DNS Zone Identifier"
+ }
+ },
+ "azureCosmosCassandraPrivateDnsZoneId": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "displayName": "azureCosmosCassandraPrivateDnsZoneId",
+ "strongType": "Microsoft.Network/privateDnsZones",
+ "description": "Private DNS Zone Identifier"
+ }
+ },
+ "azureCosmosGremlinPrivateDnsZoneId": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "displayName": "azureCosmosGremlinPrivateDnsZoneId",
+ "strongType": "Microsoft.Network/privateDnsZones",
+ "description": "Private DNS Zone Identifier"
+ }
+ },
+ "azureCosmosTablePrivateDnsZoneId": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "displayName": "azureCosmosTablePrivateDnsZoneId",
+ "strongType": "Microsoft.Network/privateDnsZones",
+ "description": "Private DNS Zone Identifier"
+ }
+ },
+ "azureDataFactoryPrivateDnsZoneId": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "displayName": "azureDataFactoryPrivateDnsZoneId",
+ "strongType": "Microsoft.Network/privateDnsZones",
+ "description": "Private DNS Zone Identifier"
+ }
+ },
+ "azureDataFactoryPortalPrivateDnsZoneId": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "displayName": "azureDataFactoryPortalPrivateDnsZoneId",
+ "strongType": "Microsoft.Network/privateDnsZones",
+ "description": "Private DNS Zone Identifier"
+ }
+ },
+ "azureHDInsightPrivateDnsZoneId": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "displayName": "azureHDInsightPrivateDnsZoneId",
+ "strongType": "Microsoft.Network/privateDnsZones",
+ "description": "Private DNS Zone Identifier"
+ }
+ },
+ "azureStorageBlobPrivateDnsZoneId": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "displayName": "azureStorageBlobPrivateDnsZoneId",
+ "strongType": "Microsoft.Network/privateDnsZones",
+ "description": "Private DNS Zone Identifier"
+ }
+ },
+ "azureStorageBlobSecPrivateDnsZoneId": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "displayName": "azureStorageBlobSecPrivateDnsZoneId",
+ "strongType": "Microsoft.Network/privateDnsZones",
+ "description": "Private DNS Zone Identifier"
+ }
+ },
+ "azureStorageQueuePrivateDnsZoneId": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "displayName": "azureStorageQueuePrivateDnsZoneId",
+ "strongType": "Microsoft.Network/privateDnsZones",
+ "description": "Private DNS Zone Identifier"
+ }
+ },
+ "azureStorageQueueSecPrivateDnsZoneId": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "displayName": "azureStorageQueueSecPrivateDnsZoneId",
+ "strongType": "Microsoft.Network/privateDnsZones",
+ "description": "Private DNS Zone Identifier"
+ }
+ },
+ "azureStorageFilePrivateDnsZoneId": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "displayName": "azureStorageFilePrivateDnsZoneId",
+ "strongType": "Microsoft.Network/privateDnsZones",
+ "description": "Private DNS Zone Identifier"
+ }
+ },
+ "azureStorageStaticWebPrivateDnsZoneId": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "displayName": "azureStorageStaticWebPrivateDnsZoneId",
+ "strongType": "Microsoft.Network/privateDnsZones",
+ "description": "Private DNS Zone Identifier"
+ }
+ },
+ "azureStorageStaticWebSecPrivateDnsZoneId": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "displayName": "azureStorageStaticWebSecPrivateDnsZoneId",
+ "strongType": "Microsoft.Network/privateDnsZones",
+ "description": "Private DNS Zone Identifier"
+ }
+ },
+ "azureStorageDFSPrivateDnsZoneId": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "displayName": "azureStorageDFSPrivateDnsZoneId",
+ "strongType": "Microsoft.Network/privateDnsZones",
+ "description": "Private DNS Zone Identifier"
+ }
+ },
+ "azureStorageDFSSecPrivateDnsZoneId": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "displayName": "azureStorageDFSSecPrivateDnsZoneId",
+ "strongType": "Microsoft.Network/privateDnsZones",
+ "description": "Private DNS Zone Identifier"
+ }
+ },
+ "azureSynapseSQLPrivateDnsZoneId": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "displayName": "azureSynapseSQLPrivateDnsZoneId",
+ "strongType": "Microsoft.Network/privateDnsZones",
+ "description": "Private DNS Zone Identifier"
+ }
+ },
+ "azureSynapseSQLODPrivateDnsZoneId": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "displayName": "azureSynapseSQLODPrivateDnsZoneId",
+ "strongType": "Microsoft.Network/privateDnsZones",
+ "description": "Private DNS Zone Identifier"
+ }
+ },
+ "azureSynapseDevPrivateDnsZoneId": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "displayName": "azureSynapseDevPrivateDnsZoneId",
+ "strongType": "Microsoft.Network/privateDnsZones",
+ "description": "Private DNS Zone Identifier"
+ }
+ },
+ "azureMonitorPrivateDnsZoneId1": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "displayName": "azureMonitorPrivateDnsZoneId1",
+ "strongType": "Microsoft.Network/privateDnsZones",
+ "description": "Private DNS Zone Identifier"
+ }
+ },
+ "azureMonitorPrivateDnsZoneId2": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "displayName": "azureMonitorPrivateDnsZoneId2",
+ "strongType": "Microsoft.Network/privateDnsZones",
+ "description": "Private DNS Zone Identifier"
+ }
+ },
+ "azureMonitorPrivateDnsZoneId3": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "displayName": "azureMonitorPrivateDnsZoneId3",
+ "strongType": "Microsoft.Network/privateDnsZones",
+ "description": "Private DNS Zone Identifier"
+ }
+ },
+ "azureMonitorPrivateDnsZoneId4": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "displayName": "azureMonitorPrivateDnsZoneId4",
"strongType": "Microsoft.Network/privateDnsZones",
"description": "Private DNS Zone Identifier"
}
},
- "azureAsrPrivateDnsZoneId": {
+ "azureMonitorPrivateDnsZoneId5": {
"type": "string",
"defaultValue": "",
"metadata": {
- "displayName": "azureAsrPrivateDnsZoneId",
+ "displayName": "azureMonitorPrivateDnsZoneId5",
"strongType": "Microsoft.Network/privateDnsZones",
"description": "Private DNS Zone Identifier"
}
},
+ "azureBatchPrivateDnsZoneId": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "displayName": "azureBatchPrivateDnsZoneId",
+ "strongType": "Microsoft.Network/privateDnsZones",
+ "description": "Private DNS Zone Identifier"
+ }
+ },
+ "azureAppPrivateDnsZoneId": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "displayName": "azureAppPrivateDnsZoneId",
+ "strongType": "Microsoft.Network/privateDnsZones",
+ "description": "Private DNS Zone Identifier"
+ }
+ },
+
"azureIotPrivateDnsZoneId": {
"type": "string",
"defaultValue": "",
@@ -124,110 +350,479 @@
"description": "Private DNS Zone Identifier"
}
},
- "azureIotHubsPrivateDnsZoneId": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "displayName": "azureIotHubsPrivateDnsZoneId",
- "strongType": "Microsoft.Network/privateDnsZones",
- "description": "Private DNS Zone Identifier"
- }
+ "azureIotHubsPrivateDnsZoneId": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "displayName": "azureIotHubsPrivateDnsZoneId",
+ "strongType": "Microsoft.Network/privateDnsZones",
+ "description": "Private DNS Zone Identifier"
+ }
+ },
+ "azureEventGridDomainsPrivateDnsZoneId": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "displayName": "azureEventGridDomainsPrivateDnsZoneId",
+ "strongType": "Microsoft.Network/privateDnsZones",
+ "description": "Private DNS Zone Identifier"
+ }
+ },
+ "azureRedisCachePrivateDnsZoneId": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "displayName": "azureRedisCachePrivateDnsZoneId",
+ "strongType": "Microsoft.Network/privateDnsZones",
+ "description": "Private DNS Zone Identifier"
+ }
+ },
+ "azureAcrPrivateDnsZoneId": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "displayName": "azureAcrPrivateDnsZoneId",
+ "strongType": "Microsoft.Network/privateDnsZones",
+ "description": "Private DNS Zone Identifier"
+ }
+ },
+ "azureEventHubNamespacePrivateDnsZoneId": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "displayName": "azureEventHubNamespacePrivateDnsZoneId",
+ "strongType": "Microsoft.Network/privateDnsZones",
+ "description": "Private DNS Zone Identifier"
+ }
+ },
+ "azureMachineLearningWorkspacePrivateDnsZoneId": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "displayName": "azureMachineLearningWorkspacePrivateDnsZoneId",
+ "strongType": "Microsoft.Network/privateDnsZones",
+ "description": "Private DNS Zone Identifier"
+ }
+ },
+ "azureMachineLearningWorkspaceSecondPrivateDnsZoneId": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "displayName": "azureMachineLearningWorkspaceSecondPrivateDnsZoneId",
+ "strongType": "Microsoft.Network/privateDnsZones",
+ "description": "Private DNS Zone Identifier"
+ }
+ },
+ "azureServiceBusNamespacePrivateDnsZoneId": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "displayName": "azureServiceBusNamespacePrivateDnsZoneId",
+ "strongType": "Microsoft.Network/privateDnsZones",
+ "description": "Private DNS Zone Identifier"
+ }
+ },
+ "azureCognitiveSearchPrivateDnsZoneId": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "displayName": "azureCognitiveSearchPrivateDnsZoneId",
+ "strongType": "Microsoft.Network/privateDnsZones",
+ "description": "Private DNS Zone Identifier"
+ }
+ },
+ "azureVirtualDesktopHostpoolPrivateDnsZoneId": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "displayName": "azureVirtualDesktopHostpoolPrivateDnsZoneId",
+ "strongType": "Microsoft.Network/privateDnsZones",
+ "description": "Private DNS Zone Identifier"
+ }
+ },
+ "azureVirtualDesktopWorkspacePrivateDnsZoneId": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "displayName": "azureVirtualDesktopWorkspacePrivateDnsZoneId",
+ "strongType": "Microsoft.Network/privateDnsZones",
+ "description": "Private DNS Zone Identifier"
+ }
+ },
+ "azureStorageTablePrivateDnsZoneId": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "displayName": "azureStorageTablePrivateDnsZoneId",
+ "strongType": "Microsoft.Network/privateDnsZones",
+ "description": "Private DNS Zone Identifier"
+ }
+ },
+ "azureStorageTableSecondaryPrivateDnsZoneId": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "displayName": "azureStorageTableSecondaryPrivateDnsZoneId",
+ "strongType": "Microsoft.Network/privateDnsZones",
+ "description": "Private DNS Zone Identifier"
+ }
+ },
+ "azureSiteRecoveryBackupPrivateDnsZoneID": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "displayName": "azureSiteRecoveryBackupPrivateDnsZoneID",
+ "strongType": "Microsoft.Network/privateDnsZones",
+ "description": "Private DNS Zone Identifier"
+ }
+ },
+ "azureSiteRecoveryBlobPrivateDnsZoneID": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "displayName": "azureSiteRecoveryBlobPrivateDnsZoneID",
+ "strongType": "Microsoft.Network/privateDnsZones",
+ "description": "Private DNS Zone Identifier"
+ }
+ },
+ "azureSiteRecoveryQueuePrivateDnsZoneID": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "displayName": "azureSiteRecoveryQueuePrivateDnsZoneID",
+ "strongType": "Microsoft.Network/privateDnsZones",
+ "description": "Private DNS Zone Identifier"
+ }
+ },
+ "effect": {
+ "type": "string",
+ "metadata": {
+ "displayName": "Effect",
+ "description": "Enable or disable the execution of the policy"
+ },
+ "allowedValues": [
+ "DeployIfNotExists",
+ "Disabled"
+ ],
+ "defaultValue": "DeployIfNotExists"
+ },
+ "effect1": {
+ "type": "string",
+ "metadata": {
+ "displayName": "Effect",
+ "description": "Enable or disable the execution of the policy"
+ },
+ "allowedValues": [
+ "deployIfNotExists",
+ "Disabled"
+ ],
+ "defaultValue": "deployIfNotExists"
+ }
+ },
+ "policyDefinitions": [
+ {
+ "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-File-Sync",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/06695360-db88-47f6-b976-7500d4297475",
+ "parameters": {
+ "privateDnsZoneId": {
+ "value": "[[parameters('azureFilePrivateDnsZoneId')]"
+ },
+ "effect": {
+ "value": "[[parameters('effect')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Automation-Webhook",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064",
+ "parameters": {
+ "privateDnsZoneId": {
+ "value": "[[parameters('azureAutomationWebhookPrivateDnsZoneId')]"
+ },
+ "privateEndpointGroupId": {
+ "value": "Webhook"
+ },
+ "effect": {
+ "value": "[[parameters('effect')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Automation-DSCHybrid",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6dd01e4f-1be1-4e80-9d0b-d109e04cb064",
+ "parameters": {
+ "privateDnsZoneId": {
+ "value": "[[parameters('azureAutomationDSCHybridPrivateDnsZoneId')]"
+ },
+ "privateEndpointGroupId": {
+ "value": "DSCAndHybridWorker"
+ },
+ "effect": {
+ "value": "[[parameters('effect')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Cosmos-SQL",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f",
+ "parameters": {
+ "privateDnsZoneId": {
+ "value": "[[parameters('azureCosmosSQLPrivateDnsZoneId')]"
+ },
+ "privateEndpointGroupId": {
+ "value": "SQL"
+ },
+ "effect": {
+ "value": "[[parameters('effect')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Cosmos-MongoDB",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f",
+ "parameters": {
+ "privateDnsZoneId": {
+ "value": "[[parameters('azureCosmosMongoPrivateDnsZoneId')]"
+ },
+ "privateEndpointGroupId": {
+ "value": "MongoDB"
+ },
+ "effect": {
+ "value": "[[parameters('effect')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Cosmos-Cassandra",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f",
+ "parameters": {
+ "privateDnsZoneId": {
+ "value": "[[parameters('azureCosmosCassandraPrivateDnsZoneId')]"
+ },
+ "privateEndpointGroupId": {
+ "value": "Cassandra"
+ },
+ "effect": {
+ "value": "[[parameters('effect')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Cosmos-Gremlin",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f",
+ "parameters": {
+ "privateDnsZoneId": {
+ "value": "[[parameters('azureCosmosGremlinPrivateDnsZoneId')]"
+ },
+ "privateEndpointGroupId": {
+ "value": "Gremlin"
+ },
+ "effect": {
+ "value": "[[parameters('effect')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Cosmos-Table",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a63cc0bd-cda4-4178-b705-37dc439d3e0f",
+ "parameters": {
+ "privateDnsZoneId": {
+ "value": "[[parameters('azureCosmosTablePrivateDnsZoneId')]"
+ },
+ "privateEndpointGroupId": {
+ "value": "Table"
+ },
+ "effect": {
+ "value": "[[parameters('effect')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-DataFactory",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4",
+ "parameters": {
+ "privateDnsZoneId": {
+ "value": "[[parameters('azureDataFactoryPrivateDnsZoneId')]"
+ },
+ "listOfGroupIds": {
+ "value": [
+ "dataFactory"
+ ]
+ },
+ "effect": {
+ "value": "[[parameters('effect')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-DataFactory-Portal",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/86cd96e1-1745-420d-94d4-d3f2fe415aa4",
+ "parameters": {
+ "privateDnsZoneId": {
+ "value": "[[parameters('azureDataFactoryPortalPrivateDnsZoneId')]"
+ },
+ "listOfGroupIds": {
+ "value": [
+ "portal"
+ ]
+ },
+ "effect": {
+ "value": "[[parameters('effect')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-HDInsight",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/43d6e3bd-fc6a-4b44-8b4d-2151d8736a11",
+ "parameters": {
+ "privateDnsZoneId": {
+ "value": "[[parameters('azureHDInsightPrivateDnsZoneId')]"
+ },
+ "groupId": {
+ "value": "cluster"
+ },
+ "effect": {
+ "value": "[[parameters('effect')]"
+ }
+ },
+ "groupNames": []
},
- "azureEventGridDomainsPrivateDnsZoneId": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "displayName": "azureEventGridDomainsPrivateDnsZoneId",
- "strongType": "Microsoft.Network/privateDnsZones",
- "description": "Private DNS Zone Identifier"
- }
+ {
+ "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Storage-Blob",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/75973700-529f-4de2-b794-fb9b6781b6b0",
+ "parameters": {
+ "privateDnsZoneId": {
+ "value": "[[parameters('azureStorageBlobPrivateDnsZoneId')]"
+ },
+ "effect": {
+ "value": "[[parameters('effect')]"
+ }
+ },
+ "groupNames": []
},
- "azureRedisCachePrivateDnsZoneId": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "displayName": "azureRedisCachePrivateDnsZoneId",
- "strongType": "Microsoft.Network/privateDnsZones",
- "description": "Private DNS Zone Identifier"
- }
+ {
+ "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Storage-Blob-Sec",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d847d34b-9337-4e2d-99a5-767e5ac9c582",
+ "parameters": {
+ "privateDnsZoneId": {
+ "value": "[[parameters('azureStorageBlobSecPrivateDnsZoneId')]"
+ },
+ "effect": {
+ "value": "[[parameters('effect')]"
+ }
+ },
+ "groupNames": []
},
- "azureAcrPrivateDnsZoneId": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "displayName": "azureAcrPrivateDnsZoneId",
- "strongType": "Microsoft.Network/privateDnsZones",
- "description": "Private DNS Zone Identifier"
- }
+ {
+ "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Storage-Queue",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bcff79fb-2b0d-47c9-97e5-3023479b00d1",
+ "parameters": {
+ "privateDnsZoneId": {
+ "value": "[[parameters('azureStorageQueuePrivateDnsZoneId')]"
+ },
+ "effect": {
+ "value": "[[parameters('effect')]"
+ }
+ },
+ "groupNames": []
},
- "azureEventHubNamespacePrivateDnsZoneId": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "displayName": "azureEventHubNamespacePrivateDnsZoneId",
- "strongType": "Microsoft.Network/privateDnsZones",
- "description": "Private DNS Zone Identifier"
- }
+ {
+ "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Storage-Queue-Sec",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/da9b4ae8-5ddc-48c5-b9c0-25f8abf7a3d6",
+ "parameters": {
+ "privateDnsZoneId": {
+ "value": "[[parameters('azureStorageQueueSecPrivateDnsZoneId')]"
+ },
+ "effect": {
+ "value": "[[parameters('effect')]"
+ }
+ },
+ "groupNames": []
},
- "azureMachineLearningWorkspacePrivateDnsZoneId": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "displayName": "azureMachineLearningWorkspacePrivateDnsZoneId",
- "strongType": "Microsoft.Network/privateDnsZones",
- "description": "Private DNS Zone Identifier"
- }
+ {
+ "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Storage-File",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6df98d03-368a-4438-8730-a93c4d7693d6",
+ "parameters": {
+ "privateDnsZoneId": {
+ "value": "[[parameters('azureStorageFilePrivateDnsZoneId')]"
+ },
+ "effect": {
+ "value": "[[parameters('effect')]"
+ }
+ },
+ "groupNames": []
},
- "azureServiceBusNamespacePrivateDnsZoneId": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "displayName": "azureServiceBusNamespacePrivateDnsZoneId",
- "strongType": "Microsoft.Network/privateDnsZones",
- "description": "Private DNS Zone Identifier"
- }
+ {
+ "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Storage-StaticWeb",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9adab2a5-05ba-4fbd-831a-5bf958d04218",
+ "parameters": {
+ "privateDnsZoneId": {
+ "value": "[[parameters('azureStorageStaticWebPrivateDnsZoneId')]"
+ },
+ "effect": {
+ "value": "[[parameters('effect')]"
+ }
+ },
+ "groupNames": []
},
- "azureCognitiveSearchPrivateDnsZoneId": {
- "type": "string",
- "defaultValue": "",
- "metadata": {
- "displayName": "azureCognitiveSearchPrivateDnsZoneId",
- "strongType": "Microsoft.Network/privateDnsZones",
- "description": "Private DNS Zone Identifier"
- }
+ {
+ "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Storage-StaticWeb-Sec",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d19ae5f1-b303-4b82-9ca8-7682749faf0c",
+ "parameters": {
+ "privateDnsZoneId": {
+ "value": "[[parameters('azureStorageStaticWebSecPrivateDnsZoneId')]"
+ },
+ "effect": {
+ "value": "[[parameters('effect')]"
+ }
+ },
+ "groupNames": []
},
- "effect": {
- "type": "string",
- "metadata": {
- "displayName": "Effect",
- "description": "Enable or disable the execution of the policy"
+ {
+ "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Storage-DFS",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/83c6fe0f-2316-444a-99a1-1ecd8a7872ca",
+ "parameters": {
+ "privateDnsZoneId": {
+ "value": "[[parameters('azureStorageDFSPrivateDnsZoneId')]"
+ },
+ "effect": {
+ "value": "[[parameters('effect')]"
+ }
},
- "allowedValues": [
- "DeployIfNotExists",
- "Disabled"
- ],
- "defaultValue": "DeployIfNotExists"
+ "groupNames": []
},
- "effect1": {
- "type": "string",
- "metadata": {
- "displayName": "Effect",
- "description": "Enable or disable the execution of the policy"
+ {
+ "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Storage-DFS-Sec",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/90bd4cb3-9f59-45f7-a6ca-f69db2726671",
+ "parameters": {
+ "privateDnsZoneId": {
+ "value": "[[parameters('azureStorageDFSSecPrivateDnsZoneId')]"
+ },
+ "effect": {
+ "value": "[[parameters('effect')]"
+ }
},
- "allowedValues": [
- "deployIfNotExists",
- "Disabled"
- ],
- "defaultValue": "deployIfNotExists"
- }
- },
- "policyDefinitions": [
+ "groupNames": []
+ },
{
- "policyDefinitionReferenceId": "Deploy-Private-DNS-Azure-File-Sync",
- "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Private-DNS-Azure-File-Sync",
+ "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Synapse-SQL",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9",
"parameters": {
"privateDnsZoneId": {
- "value": "[[parameters('azureFilePrivateDnsZoneId')]"
+ "value": "[[parameters('azureSynapseSQLPrivateDnsZoneId')]"
+ },
+ "targetSubResource": {
+ "value": "Sql"
},
"effect": {
"value": "[[parameters('effect')]"
@@ -236,11 +831,14 @@
"groupNames": []
},
{
- "policyDefinitionReferenceId": "Deploy-Private-DNS-Azure-Web",
- "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Private-DNS-Azure-Web",
+ "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Synapse-SQL-OnDemand",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9",
"parameters": {
"privateDnsZoneId": {
- "value": "[[parameters('azureWebPrivateDnsZoneId')]"
+ "value": "[[parameters('azureSynapseSQLODPrivateDnsZoneId')]"
+ },
+ "targetSubResource": {
+ "value": "SqlOnDemand"
},
"effect": {
"value": "[[parameters('effect')]"
@@ -249,11 +847,14 @@
"groupNames": []
},
{
- "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Batch",
- "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8",
+ "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Synapse-Dev",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1e5ed725-f16c-478b-bd4b-7bfa2f7940b9",
"parameters": {
"privateDnsZoneId": {
- "value": "[[parameters('azureBatchPrivateDnsZoneId')]"
+ "value": "[[parameters('azureSynapseDevPrivateDnsZoneId')]"
+ },
+ "targetSubResource": {
+ "value": "Dev"
},
"effect": {
"value": "[[parameters('effect')]"
@@ -262,11 +863,36 @@
"groupNames": []
},
{
- "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-App",
- "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df",
+ "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Monitor",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/437914ee-c176-4fff-8986-7e05eb971365",
+ "parameters": {
+ "privateDnsZoneId1": {
+ "value": "[[parameters('azureMonitorPrivateDnsZoneId1')]"
+ },
+ "privateDnsZoneId2": {
+ "value": "[[parameters('azureMonitorPrivateDnsZoneId2')]"
+ },
+ "privateDnsZoneId3": {
+ "value": "[[parameters('azureMonitorPrivateDnsZoneId3')]"
+ },
+ "privateDnsZoneId4": {
+ "value": "[[parameters('azureMonitorPrivateDnsZoneId4')]"
+ },
+ "privateDnsZoneId5": {
+ "value": "[[parameters('azureMonitorPrivateDnsZoneId5')]"
+ },
+ "effect": {
+ "value": "[[parameters('effect')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Batch",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4ec38ebc-381f-45ee-81a4-acbc4be878f8",
"parameters": {
"privateDnsZoneId": {
- "value": "[[parameters('azureAppPrivateDnsZoneId')]"
+ "value": "[[parameters('azureBatchPrivateDnsZoneId')]"
},
"effect": {
"value": "[[parameters('effect')]"
@@ -275,11 +901,11 @@
"groupNames": []
},
{
- "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Site-Recovery",
- "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/942bd215-1a66-44be-af65-6a1c0318dbe2",
+ "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-App",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/7a860e27-9ca2-4fc6-822d-c2d248c300df",
"parameters": {
"privateDnsZoneId": {
- "value": "[[parameters('azureAsrPrivateDnsZoneId')]"
+ "value": "[[parameters('azureAppPrivateDnsZoneId')]"
},
"effect": {
"value": "[[parameters('effect')]"
@@ -287,6 +913,7 @@
},
"groupNames": []
},
+
{
"policyDefinitionReferenceId": "DINE-Private-DNS-Azure-IoT",
"policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/aaa64d2d-2fa3-45e5-b332-0b031b9b30e8",
@@ -301,8 +928,8 @@
"groupNames": []
},
{
- "policyDefinitionReferenceId": "Deploy-Private-DNS-Azure-KeyVault",
- "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Private-DNS-Azure-KeyVault",
+ "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-KeyVault",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01d4",
"parameters": {
"privateDnsZoneId": {
"value": "[[parameters('azureKeyVaultPrivateDnsZoneId')]"
@@ -450,6 +1077,9 @@
"privateDnsZoneId": {
"value": "[[parameters('azureMachineLearningWorkspacePrivateDnsZoneId')]"
},
+ "secondPrivateDnsZoneId": {
+ "value": "[[parameters('azureMachineLearningWorkspaceSecondPrivateDnsZoneId')]"
+ },
"effect": {
"value": "[[parameters('effect')]"
}
@@ -481,6 +1111,78 @@
}
},
"groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-VirtualDesktopHostpool",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/9427df23-0f42-4e1e-bf99-a6133d841c4a",
+ "parameters": {
+ "privateDnsZoneId": {
+ "value": "[[parameters('azureVirtualDesktopHostpoolPrivateDnsZoneId')]"
+ },
+ "privateEndpointGroupId": {
+ "value": "connection"
+ },
+ "effect": {
+ "value": "[[parameters('effect')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-VirtualDesktopWorkspace",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/34804460-d88b-4922-a7ca-537165e060ed",
+ "parameters": {
+ "privateDnsZoneId": {
+ "value": "[[parameters('azureVirtualDesktopWorkspacePrivateDnsZoneId')]"
+ },
+ "privateEndpointGroupId": {
+ "value": "feed"
+ },
+ "effect": {
+ "value": "[[parameters('effect')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Storage-Table",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/028bbd88-e9b5-461f-9424-a1b63a7bee1a",
+ "parameters":{
+ "privateDnsZoneId": {
+ "value": "[[parameters('azureStorageTablePrivateDnsZoneId')]"
+ },
+ "effect": {
+ "value": "[[parameters('effect')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Storage-Table-Secondary",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c1d634a5-f73d-4cdd-889f-2cc7006eb47f",
+ "parameters":{
+ "privateDnsZoneId": {
+ "value": "[[parameters('azureStorageTableSecondaryPrivateDnsZoneId')]"
+ },
+ "effect": {
+ "value": "[[parameters('effect')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionReferenceId": "DINE-Private-DNS-Azure-Site-Recovery-Backup",
+ "policyDefinitionId":"/providers/Microsoft.Authorization/policyDefinitions/af783da1-4ad1-42be-800d-d19c70038820",
+ "parameters":{
+ "privateDnsZone-Backup": {
+ "value": "[[parameters('azureSiteRecoveryBackupPrivateDnsZoneID')]"
+ },
+ "privateDnsZone-Blob": {
+ "value": "[[parameters('azureSiteRecoveryBlobPrivateDnsZoneID')]"
+ },
+ "privateDnsZone-Queue": {
+ "value": "[[parameters('azureSiteRecoveryQueuePrivateDnsZoneID')]"
+ },
+ "effect": {
+ "value": "[[parameters('effect')]"
+ }
+ }
}
],
"policyDefinitionGroups": null
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm.AzureChinaCloud.json
new file mode 100644
index 0000000000..33878569b9
--- /dev/null
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm.AzureChinaCloud.json
@@ -0,0 +1,44 @@
+{
+ "name": "Enforce-ALZ-Decomm-AzureChinaCloud",
+ "type": "Microsoft.Authorization/policySetDefinitions",
+ "apiVersion": "2021-06-01",
+ "scope": null,
+ "properties": {
+ "policyType": "Custom",
+ "displayName": "Enforce policies in the Decommissioned Landing Zone",
+ "description": "Enforce policies in the Decommissioned Landing Zone.",
+ "metadata": {
+ "version": "1.0.0",
+ "category": "Decommissioned",
+ "source": "https://github.com/Azure/Enterprise-Scale/",
+ "alzCloudEnvironments": [
+ "AzureChinaCloud"
+ ]
+ },
+ "parameters": {
+ "listOfResourceTypesAllowed":{
+ "type": "Array",
+ "defaultValue": [],
+ "metadata": {
+ "displayName": "Allowed resource types in the Decommissioned landing zone",
+ "description": "Allowed resource types in the Decommissioned landing zone, default is none.",
+ "strongType": "resourceTypes"
+ }
+ }
+ },
+ "policyDefinitions": [
+ {
+ "policyDefinitionReferenceId": "DecomDenyResources",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c",
+ "parameters": {
+ "listOfResourceTypesAllowed": {
+ "value": "[[parameters('listOfResourceTypesAllowed')]"
+ }
+ },
+ "groupNames": []
+ }
+ ],
+ "policyDefinitionGroups": null
+ }
+ }
+
\ No newline at end of file
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm.json
index a2eaa786d5..aca3514063 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm.json
@@ -13,7 +13,6 @@
"source": "https://github.com/Azure/Enterprise-Scale/",
"alzCloudEnvironments": [
"AzureCloud",
- "AzureChinaCloud",
"AzureUSGovernment"
]
},
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Backup.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Backup.AzureChinaCloud.json
new file mode 100644
index 0000000000..81a7305a7a
--- /dev/null
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Backup.AzureChinaCloud.json
@@ -0,0 +1,75 @@
+{
+ "name": "Enforce-Backup-AzureChinaCloud",
+ "type": "Microsoft.Authorization/policySetDefinitions",
+ "apiVersion": "2021-06-01",
+ "scope": null,
+ "properties": {
+ "policyType": "Custom",
+ "displayName": "Enforce enhanced recovery and backup policies",
+ "description": "Enforce enhanced recovery and backup policies on assigned scopes.",
+ "metadata": {
+ "version": "1.0.0",
+ "category": "Backup",
+ "source": "https://github.com/Azure/Enterprise-Scale/",
+ "alzCloudEnvironments": [
+ "AzureChinaCloud"
+ ]
+ },
+ "version": "1.0.0",
+ "parameters": {
+ "effect": {
+ "type": "String",
+ "metadata": {
+ "displayName": "Effect",
+ "description": "Enable or disable the execution of the policy."
+ },
+ "allowedValues": [
+ "Audit",
+ "Disabled"
+ ],
+ "defaultValue": "Audit"
+ },
+ "checkLockedImmutabilityOnly": {
+ "type": "Boolean",
+ "metadata": {
+ "displayName": "checkLockedImmutabilityOnly",
+ "description": "This parameter checks if Immutability is locked for Backup Vaults in scope. Selecting 'true' will mark only vaults with Immutability 'Locked' as compliant. Selecting 'false' will mark vaults that have Immutability either 'Enabled' or 'Locked' as compliant."
+ },
+ "allowedValues": [
+ true,
+ false
+ ],
+ "defaultValue": false
+ }
+ },
+ "policyDefinitions": [
+ {
+ "policyDefinitionReferenceId": "BackupBVault-Immutability",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2514263b-bc0d-4b06-ac3e-f262c0979018",
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('effect')]"
+ },
+ "checkLockedImmutabiltyOnly": {
+ "value": "[[parameters('checkLockedImmutabilityOnly')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "BackupRVault-Immutability",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d6f6f560-14b7-49a4-9fc8-d2c3a9807868",
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('effect')]"
+ },
+ "checkLockedImmutabilityOnly": {
+ "value": "[[parameters('checkLockedImmutabilityOnly')]"
+ }
+ },
+ "groupNames": []
+ }
+ ],
+ "policyDefinitionGroups": null
+ }
+}
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit_20240509.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit_20240509.AzureChinaCloud.json
new file mode 100644
index 0000000000..f4b27dca27
--- /dev/null
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit_20240509.AzureChinaCloud.json
@@ -0,0 +1,893 @@
+{
+ "name": "Enforce-EncryptTransit_20240509-AzureChinaCloud",
+ "type": "Microsoft.Authorization/policySetDefinitions",
+ "apiVersion": "2021-06-01",
+ "scope": null,
+ "properties": {
+ "policyType": "Custom",
+ "displayName": "Deny or Deploy and append TLS requirements and SSL enforcement on resources without Encryption in transit",
+ "description": "Choose either Deploy if not exist and append in combination with audit or Select Deny in the Policy effect. Deny polices shift left. Deploy if not exist and append enforce but can be changed, and because missing existence condition require then the combination of Audit. ",
+ "metadata": {
+ "version": "1.0.0",
+ "category": "Encryption",
+ "source": "https://github.com/Azure/Enterprise-Scale/",
+ "replacesPolicy": "Enforce-EncryptTransit",
+ "alzCloudEnvironments": [
+ "AzureChinaCloud"
+ ]
+ },
+ "parameters": {
+ "AppServiceHttpEffect": {
+ "type": "String",
+ "defaultValue": "Append",
+ "allowedValues": [
+ "Append",
+ "Disabled"
+ ],
+ "metadata": {
+ "displayName": "App Service. Appends the AppService sites config WebApp, APIApp, Function App with TLS version selected below",
+ "description": "Append the AppService sites object to ensure that min Tls version is set to required TLS version. Please note Append does not enforce compliance use then deny."
+ }
+ },
+ "AppServiceTlsVersionEffect": {
+ "type": "String",
+ "defaultValue": "Append",
+ "allowedValues": [
+ "Append",
+ "Disabled"
+ ],
+ "metadata": {
+ "displayName": "App Service. Appends the AppService WebApp, APIApp, Function App to enable https only",
+ "description": "App Service. Appends the AppService sites object to ensure that HTTPS only is enabled for server/service authentication and protects data in transit from network layer eavesdropping attacks. Please note Append does not enforce compliance use then deny."
+ }
+ },
+ "AppServiceminTlsVersion": {
+ "type": "String",
+ "defaultValue": "1.2",
+ "allowedValues": [
+ "1.2",
+ "1.0",
+ "1.1"
+ ],
+ "metadata": {
+ "displayName": "App Service. Select version minimum TLS Web App config",
+ "description": "App Service. Select version minimum TLS version for a Web App config to enforce"
+ }
+ },
+ "APIAppServiceHttpsEffect": {
+ "metadata": {
+ "displayName": "App Service API App. API App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.",
+ "description": "Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks."
+ },
+ "type": "String",
+ "defaultValue": "Audit",
+ "allowedValues": [
+ "Audit",
+ "Disabled",
+ "Deny"
+ ]
+ },
+ "FunctionLatestTlsEffect": {
+ "metadata": {
+ "displayName": "App Service Function App. Latest TLS version should be used in your Function App",
+ "description": "Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version."
+ },
+ "type": "String",
+ "defaultValue": "AuditIfNotExists",
+ "allowedValues": [
+ "AuditIfNotExists",
+ "Disabled"
+ ]
+ },
+ "FunctionServiceHttpsEffect": {
+ "metadata": {
+ "displayName": "App Service Function App. Function App should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.",
+ "description": "App Service Function App. Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks."
+ },
+ "type": "String",
+ "defaultValue": "Audit",
+ "allowedValues": [
+ "Audit",
+ "Disabled",
+ "Deny"
+ ]
+ },
+ "FunctionAppTlsEffect": {
+ "metadata": {
+ "displayName": "App Service Function App. Configure Function apps to use the latest TLS version.",
+ "description": "App Service Function App. Periodically, newer versions are released for TLS either due to security flaws, include additional functionality, and enhance speed. Upgrade to the latest TLS version for Function apps to take advantage of security fixes, if any, and/or new functionalities of the latest version."
+ },
+ "type": "string",
+ "defaultValue": "DeployIfNotExists",
+ "allowedValues": [
+ "DeployIfNotExists",
+ "Disabled"
+ ]
+ },
+ "LogicAppTlsEffect": {
+ "type": "string",
+ "defaultValue": "DeployIfNotExists",
+ "allowedValues": [
+ "DeployIfNotExists",
+ "Disabled"
+ ]
+ },
+ "WebAppServiceLatestTlsEffect": {
+ "metadata": {
+ "displayName": "App Service Web App. Latest TLS version should be used in your Web App",
+ "description": "Only Audit, deny not possible as it is a related resource. Upgrade to the latest TLS version."
+ },
+ "type": "String",
+ "defaultValue": "AuditIfNotExists",
+ "allowedValues": [
+ "AuditIfNotExists",
+ "Disabled"
+ ]
+ },
+ "WebAppServiceHttpsEffect": {
+ "metadata": {
+ "displayName": "App Service Web App. Web Application should only be accessible over HTTPS. Choose Deny or Audit in combination with Append policy.",
+ "description": "Choose Deny or Audit in combination with Append policy. Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks."
+ },
+ "type": "String",
+ "defaultValue": "Audit",
+ "allowedValues": [
+ "Audit",
+ "Disabled",
+ "Deny"
+ ]
+ },
+ "AKSIngressHttpsOnlyEffect": {
+ "metadata": {
+ "displayName": "AKS Service. Enforce HTTPS ingress in Kubernetes cluster",
+ "description": "This policy enforces HTTPS ingress in a Kubernetes cluster. This policy is generally available for Kubernetes Service (AKS), and preview for AKS Engine and Azure Arc enabled Kubernetes. For instructions on using this policy, visit https://aka.ms/kubepolicydoc."
+ },
+ "type": "String",
+ "defaultValue": "deny",
+ "allowedValues": [
+ "audit",
+ "deny",
+ "disabled"
+ ]
+ },
+ "MySQLEnableSSLDeployEffect": {
+ "type": "String",
+ "defaultValue": "DeployIfNotExists",
+ "allowedValues": [
+ "DeployIfNotExists",
+ "Disabled"
+ ],
+ "metadata": {
+ "displayName": "MySQL database servers. Deploy if not exist set minimum TLS version Azure Database for MySQL server",
+ "description": "Deploy a specific min TLS version requirement and enforce SSL on Azure Database for MySQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server."
+ }
+ },
+ "MySQLEnableSSLEffect": {
+ "metadata": {
+ "displayName": "MySQL database servers. Enforce SSL connection should be enabled for MySQL database servers",
+ "description": "Azure Database for MySQL supports connecting your Azure Database for MySQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server."
+ },
+ "type": "String",
+ "defaultValue": "Audit",
+ "allowedValues": [
+ "Audit",
+ "Disabled",
+ "Deny"
+ ]
+ },
+ "MySQLminimalTlsVersion": {
+ "type": "String",
+ "defaultValue": "TLS1_2",
+ "allowedValues": [
+ "TLS1_2",
+ "TLS1_0",
+ "TLS1_1",
+ "TLSEnforcementDisabled"
+ ],
+ "metadata": {
+ "displayName": "MySQL database servers. Select version minimum TLS for MySQL server",
+ "description": "Select version minimum TLS version Azure Database for MySQL server to enforce"
+ }
+ },
+ "PostgreSQLEnableSSLDeployEffect": {
+ "type": "String",
+ "defaultValue": "DeployIfNotExists",
+ "allowedValues": [
+ "DeployIfNotExists",
+ "Disabled"
+ ],
+ "metadata": {
+ "displayName": "PostgreSQL database servers. Deploy if not exist set minimum TLS version Azure Database for PostgreSQL server",
+ "description": "Deploy a specific min TLS version requirement and enforce SSL on Azure Database for PostgreSQL server. Enforce the Server to client applications using minimum version of Tls to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server."
+ }
+ },
+ "PostgreSQLEnableSSLEffect": {
+ "metadata": {
+ "displayName": "PostgreSQL database servers. Enforce SSL connection should be enabled for PostgreSQL database servers",
+ "description": "Azure Database for PostgreSQL supports connecting your Azure Database for PostgreSQL server to client applications using Secure Sockets Layer (SSL). Enforcing SSL connections between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server."
+ },
+ "type": "String",
+ "defaultValue": "Audit",
+ "allowedValues": [
+ "Audit",
+ "Disabled",
+ "Deny"
+ ]
+ },
+ "PostgreSQLminimalTlsVersion": {
+ "type": "String",
+ "defaultValue": "TLS1_2",
+ "allowedValues": [
+ "TLS1_2",
+ "TLS1_0",
+ "TLS1_1",
+ "TLSEnforcementDisabled"
+ ],
+ "metadata": {
+ "displayName": "PostgreSQL database servers. Select version minimum TLS for MySQL server",
+ "description": "PostgreSQL database servers. Select version minimum TLS version Azure Database for MySQL server to enforce"
+ }
+ },
+ "RedisTLSDeployEffect": {
+ "type": "String",
+ "defaultValue": "Append",
+ "allowedValues": [
+ "Append",
+ "Disabled"
+ ],
+ "metadata": {
+ "displayName": "Azure Cache for Redis. Deploy a specific min TLS version requirement and enforce SSL Azure Cache for Redis",
+ "description": "Deploy a specific min TLS version requirement and enforce SSL on Azure Cache for Redis. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server."
+ }
+ },
+ "RedisMinTlsVersion": {
+ "type": "String",
+ "defaultValue": "1.2",
+ "allowedValues": [
+ "1.2",
+ "1.0",
+ "1.1"
+ ],
+ "metadata": {
+ "displayName": "Azure Cache for Redis.Select version minimum TLS for Azure Cache for Redis",
+ "description": "Select version minimum TLS version for a Azure Cache for Redis to enforce"
+ }
+ },
+ "RedisTLSEffect": {
+ "metadata": {
+ "displayName": "Azure Cache for Redis. Only secure connections to your Azure Cache for Redis should be enabled",
+ "description": "Azure Cache for Redis. Audit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking."
+ },
+ "type": "String",
+ "defaultValue": "Audit",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "SQLManagedInstanceTLSDeployEffect": {
+ "type": "String",
+ "defaultValue": "DeployIfNotExists",
+ "allowedValues": [
+ "DeployIfNotExists",
+ "Disabled"
+ ],
+ "metadata": {
+ "displayName": "Azure Managed Instance. Deploy a specific min TLS version requirement and enforce SSL on SQL servers",
+ "description": "Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server."
+ }
+ },
+ "SQLManagedInstanceMinTlsVersion": {
+ "type": "String",
+ "defaultValue": "1.2",
+ "allowedValues": [
+ "1.2",
+ "1.0",
+ "1.1"
+ ],
+ "metadata": {
+ "displayName": "Azure Managed Instance.Select version minimum TLS for Azure Managed Instance",
+ "description": "Select version minimum TLS version for Azure Managed Instanceto to enforce"
+ }
+ },
+ "SQLManagedInstanceTLSEffect": {
+ "metadata": {
+ "displayName": "SQL Managed Instance should have the minimal TLS version of 1.2",
+ "description": "Setting minimal TLS version to 1.2 improves security by ensuring your SQL Managed Instance can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities."
+ },
+ "type": "String",
+ "defaultValue": "Audit",
+ "allowedValues": [
+ "Audit",
+ "Disabled",
+ "Deny"
+ ]
+ },
+ "SQLServerTLSDeployEffect": {
+ "type": "String",
+ "defaultValue": "DeployIfNotExists",
+ "allowedValues": [
+ "DeployIfNotExists",
+ "Disabled"
+ ],
+ "metadata": {
+ "displayName": "Azure SQL Database. Deploy a specific min TLS version requirement and enforce SSL on SQL servers",
+ "description": "Deploy a specific min TLS version requirement and enforce SSL on SQL servers. Enables secure server to client by enforce minimal Tls Version to secure the connection between your database server and your client applications helps protect against 'man in the middle' attacks by encrypting the data stream between the server and your application. This configuration enforces that SSL is always enabled for accessing your database server."
+ }
+ },
+ "SQLServerminTlsVersion": {
+ "type": "String",
+ "defaultValue": "1.2",
+ "allowedValues": [
+ "1.2",
+ "1.0",
+ "1.1"
+ ],
+ "metadata": {
+ "displayName": "Azure SQL Database.Select version minimum TLS for Azure SQL Database",
+ "description": "Select version minimum TLS version for Azure SQL Database to enforce"
+ }
+ },
+ "SQLServerTLSEffect": {
+ "metadata": {
+ "displayName": "Azure SQL Database should have the minimal TLS version of 1.2",
+ "description": "Setting minimal TLS version to 1.2 improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities."
+ },
+ "type": "String",
+ "defaultValue": "Audit",
+ "allowedValues": [
+ "Audit",
+ "Disabled",
+ "Deny"
+ ]
+ },
+ "StorageDeployHttpsEnabledEffect": {
+ "metadata": {
+ "displayName": "Azure Storage Account. Deploy Secure transfer to storage accounts should be enabled",
+ "description": "Audit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijacking"
+ },
+ "type": "String",
+ "defaultValue": "DeployIfNotExists",
+ "allowedValues": [
+ "DeployIfNotExists",
+ "Disabled"
+ ]
+ },
+ "StorageminimumTlsVersion": {
+ "type": "String",
+ "defaultValue": "TLS1_2",
+ "allowedValues": [
+ "TLS1_2",
+ "TLS1_1",
+ "TLS1_0"
+ ],
+ "metadata": {
+ "displayName": "Storage Account select minimum TLS version",
+ "description": "Select version minimum TLS version on Azure Storage Account to enforce"
+ }
+ },
+ "logicAppHttpsEffect": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "appServiceAppsTls": {
+ "type": "string",
+ "defaultValue": "DeployIfNotExists",
+ "allowedValues": [
+ "DeployIfNotExists",
+ "Disabled"
+ ]
+ },
+ "functionAppSlotsTls": {
+ "type": "string",
+ "defaultValue": "DeployIfNotExists",
+ "allowedValues": [
+ "DeployIfNotExists",
+ "Disabled"
+ ]
+ },
+ "appServiceAppsHttps": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "appServiceTls": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "appServiceAppSlotTls": {
+ "type": "string",
+ "defaultValue": "DeployIfNotExists",
+ "allowedValues": [
+ "DeployIfNotExists",
+ "Disabled"
+ ]
+ },
+ "functionAppSlotsHttps": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "functionAppHttps": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "appServiceAppSlotsHttps": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "eventHubMinTls": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "sqlManagedTlsVersion": {
+ "type": "string",
+ "defaultValue": "Audit",
+ "allowedValues": [
+ "Audit",
+ "Disabled"
+ ]
+ },
+ "sqlDbTls": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "storageAccountsTls": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "synapseTlsVersion": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ }
+ },
+ "policyDefinitions": [
+ {
+ "policyDefinitionReferenceId": "AppServiceHttpEffect",
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-httpsonly",
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('AppServiceHttpEffect')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "AppServiceminTlsVersion",
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-AppService-latestTLS",
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('AppServiceTlsVersionEffect')]"
+ },
+ "minTlsVersion": {
+ "value": "[[parameters('AppServiceminTlsVersion')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "FunctionLatestTlsEffect",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f9d614c5-c173-4d56-95a7-b4437057d193",
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('FunctionLatestTlsEffect')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "WebAppServiceLatestTlsEffect",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b",
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('WebAppServiceLatestTlsEffect')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "APIAppServiceHttpsEffect",
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceApiApp-http",
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('APIAppServiceHttpsEffect')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "FunctionServiceHttpsEffect",
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceFunctionApp-http",
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('FunctionServiceHttpsEffect')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "WebAppServiceHttpsEffect",
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppServiceWebApp-http",
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('WebAppServiceHttpsEffect')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "AKSIngressHttpsOnlyEffect",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d",
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('AKSIngressHttpsOnlyEffect')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "MySQLEnableSSLDeployEffect",
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-MySQL-sslEnforcement",
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('MySQLEnableSSLDeployEffect')]"
+ },
+ "minimalTlsVersion": {
+ "value": "[[parameters('MySQLminimalTlsVersion')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "MySQLEnableSSLEffect",
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MySql-http",
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('MySQLEnableSSLEffect')]"
+ },
+ "minimalTlsVersion": {
+ "value": "[[parameters('MySQLminimalTlsVersion')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "PostgreSQLEnableSSLDeployEffect",
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-PostgreSQL-sslEnforcement",
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('PostgreSQLEnableSSLDeployEffect')]"
+ },
+ "minimalTlsVersion": {
+ "value": "[[parameters('PostgreSQLminimalTlsVersion')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "PostgreSQLEnableSSLEffect",
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-PostgreSql-http",
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('PostgreSQLEnableSSLEffect')]"
+ },
+ "minimalTlsVersion": {
+ "value": "[[parameters('PostgreSQLminimalTlsVersion')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "RedisTLSDeployEffect",
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-sslEnforcement",
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('RedisTLSDeployEffect')]"
+ },
+ "minimumTlsVersion": {
+ "value": "[[parameters('RedisMinTlsVersion')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "RedisdisableNonSslPort",
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Append-Redis-disableNonSslPort",
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('RedisTLSDeployEffect')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "RedisDenyhttps",
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Redis-http",
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('RedisTLSEffect')]"
+ },
+ "minimumTlsVersion": {
+ "value": "[[parameters('RedisMinTlsVersion')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "SQLManagedInstanceTLSDeployEffect",
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS",
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('SQLManagedInstanceTLSDeployEffect')]"
+ },
+ "minimalTlsVersion": {
+ "value": "[[parameters('SQLManagedInstanceMinTlsVersion')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "SQLManagedInstanceTLSEffect",
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-SqlMi-minTLS",
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('SQLManagedInstanceTLSEffect')]"
+ },
+ "minimalTlsVersion": {
+ "value": "[[parameters('SQLManagedInstanceMinTlsVersion')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "SQLServerTLSDeployEffect",
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-SQL-minTLS",
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('SQLServerTLSDeployEffect')]"
+ },
+ "minimalTlsVersion": {
+ "value": "[[parameters('SQLServerminTlsVersion')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "SQLServerTLSEffect",
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Sql-minTLS",
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('SQLServerTLSEffect')]"
+ },
+ "minimalTlsVersion": {
+ "value": "[[parameters('SQLServerminTlsVersion')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "StorageDeployHttpsEnabledEffect",
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement",
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('StorageDeployHttpsEnabledEffect')]"
+ },
+ "minimumTlsVersion": {
+ "value": "[[parameters('StorageMinimumTlsVersion')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "Dine-FunctionApp-Tls",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1f01f1c7-539c-49b5-9ef4-d4ffa37d22e0",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('FunctionAppTlsEffect')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionReferenceId": "Deploy-LogicApp-TLS",
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deploy-LogicApp-TLS",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('LogicAppTlsEffect')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-LogicApps-Without-Https",
+ "policyDefinitionReferenceId": "Deny-LogicApp-Without-Https",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('logicAppHttpsEffect')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/fa3a6357-c6d6-4120-8429-855577ec0063",
+ "policyDefinitionReferenceId": "Dine-Function-Apps-Slots-Tls",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('functionAppSlotsTls')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ae44c1d1-0df2-4ca9-98fa-a3d3ae5b409d",
+ "policyDefinitionReferenceId": "Dine-AppService-Apps-Tls",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('appServiceAppsTls')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a4af4a39-4135-47fb-b175-47fbdf85311d",
+ "policyDefinitionReferenceId": "Deny-AppService-Apps-Https",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('appServiceAppsHttps')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/d6545c6b-dd9d-4265-91e6-0b451e2f1c50",
+ "policyDefinitionReferenceId": "Deny-AppService-Tls",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('appServiceTls')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/014664e7-e348-41a3-aeb9-566e4ff6a9df",
+ "policyDefinitionReferenceId": "DINE-AppService-AppSlotTls",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('appServiceAppSlotTls')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5e5dbe3f-2702-4ffc-8b1e-0cae008a5c71",
+ "policyDefinitionReferenceId": "Deny-FuncAppSlots-Https",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('functionAppSlotsHttps')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab",
+ "policyDefinitionReferenceId": "Deny-FunctionApp-Https",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('functionAppHttps')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ae1b9a8c-dfce-4605-bd91-69213b4a26fc",
+ "policyDefinitionReferenceId": "Deny-AppService-Slots-Https",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('appServiceAppSlotsHttps')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-EH-minTLS",
+ "policyDefinitionReferenceId": "Deny-EH-minTLS",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('eventHubMinTls')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a8793640-60f7-487c-b5c3-1d37215905c4",
+ "policyDefinitionReferenceId": "Deny-Sql-Managed-Tls-Version",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('sqlManagedTlsVersion')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/32e6bbec-16b6-44c2-be37-c5b672d103cf",
+ "policyDefinitionReferenceId": "Deny-Sql-Db-Tls",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('sqlDbTls')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/fe83a0eb-a853-422d-aac2-1bffd182c5d0",
+ "policyDefinitionReferenceId": "Deny-Storage-Tls",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('storageAccountsTls')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/cb3738a6-82a2-4a18-b87b-15217b9deff4",
+ "policyDefinitionReferenceId": "Deny-Synapse-Tls-Version",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('synapseTlsVersion')]"
+ }
+ }
+ }
+ ],
+ "policyDefinitionGroups": null
+ }
+}
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit_20240509.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit_20240509.json
index 1d96c3c4ba..cc7214c6ed 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit_20240509.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit_20240509.json
@@ -14,7 +14,6 @@
"replacesPolicy": "Enforce-EncryptTransit",
"alzCloudEnvironments": [
"AzureCloud",
- "AzureChinaCloud",
"AzureUSGovernment"
]
},
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Encryption-CMK.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Encryption-CMK.AzureChinaCloud.json
index bd78dc311b..f21fb0f251 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Encryption-CMK.AzureChinaCloud.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Encryption-CMK.AzureChinaCloud.json
@@ -1,5 +1,5 @@
{
- "name": "Enforce-Encryption-CMK",
+ "name": "Enforce-Encryption-CMK-AzureChinaCloud",
"type": "Microsoft.Authorization/policySetDefinitions",
"apiVersion": "2021-06-01",
"scope": null,
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Automation.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Automation.AzureChinaCloud.json
new file mode 100644
index 0000000000..1451a1d2c5
--- /dev/null
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Automation.AzureChinaCloud.json
@@ -0,0 +1,79 @@
+{
+ "name": "Enforce-Guardrails-Automation-AzureChinaCloud",
+ "type": "Microsoft.Authorization/policySetDefinitions",
+ "apiVersion": "2021-06-01",
+ "scope": null,
+ "properties": {
+ "policyType": "Custom",
+ "displayName": "Enforce recommended guardrails for Automation Account",
+ "description": "This policy initiative is a group of policies that ensures Automation Account is compliant per regulated Landing Zones.",
+ "metadata": {
+ "version": "1.0.0",
+ "category": "Automation",
+ "source": "https://github.com/Azure/Enterprise-Scale/",
+ "alzCloudEnvironments": [
+ "AzureChinaCloud"
+ ]
+ },
+ "parameters": {
+ "aaVariablesEncryption": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Disabled",
+ "Deny"
+ ]
+ },
+ "aaManagedIdentity": {
+ "type": "string",
+ "defaultValue": "Audit",
+ "allowedValues": [
+ "Audit",
+ "Disabled"
+ ]
+ },
+ "aaModifyPublicNetworkAccess": {
+ "type": "string",
+ "defaultValue": "Modify",
+ "allowedValues": [
+ "Modify",
+ "Disabled"
+ ]
+ }
+ },
+ "policyDefinitions": [
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/dea83a72-443c-4292-83d5-54a2f98749c0",
+ "policyDefinitionReferenceId": "Deny-Aa-Managed-Identity",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('aaManagedIdentity')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735",
+ "policyDefinitionReferenceId": "Deny-Aa-Variables-Encrypt",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('aaVariablesEncryption')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/23b36a7c-9d26-4288-a8fd-c1d2fa284d8c",
+ "policyDefinitionReferenceId": "Modify-Aa-Public-Network-Access",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('aaModifyPublicNetworkAccess')]"
+ }
+ }
+ }
+ ],
+ "policyDefinitionGroups": null
+ }
+}
\ No newline at end of file
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Automation.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Automation.json
index 3bcb0f4344..2bfd86c6ad 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Automation.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Automation.json
@@ -13,7 +13,6 @@
"source": "https://github.com/Azure/Enterprise-Scale/",
"alzCloudEnvironments": [
"AzureCloud",
- "AzureChinaCloud",
"AzureUSGovernment"
]
},
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ContainerApps.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ContainerApps.AzureChinaCloud.json
new file mode 100644
index 0000000000..ee4a15624f
--- /dev/null
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ContainerApps.AzureChinaCloud.json
@@ -0,0 +1,43 @@
+{
+ "name": "Enforce-Guardrails-ContainerApps-AzureChinaCloud",
+ "type": "Microsoft.Authorization/policySetDefinitions",
+ "apiVersion": "2021-06-01",
+ "scope": null,
+ "properties": {
+ "policyType": "Custom",
+ "displayName": "Enforce recommended guardrails for Container Apps",
+ "description": "This policy initiative is a group of policies that ensures Container Apps is compliant per regulated Landing Zones.",
+ "metadata": {
+ "version": "1.0.0",
+ "category": "Container Apps",
+ "source": "https://github.com/Azure/Enterprise-Scale/",
+ "alzCloudEnvironments": [
+ "AzureChinaCloud"
+ ]
+ },
+ "parameters": {
+ "containerAppsManagedIdentity": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ }
+ },
+ "policyDefinitions": [
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b874ab2d-72dd-47f1-8cb5-4a306478a4e7",
+ "policyDefinitionReferenceId": "Deny-ContainerApps-Managed-Identity",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('containerAppsManagedIdentity')]"
+ }
+ }
+ }
+ ],
+ "policyDefinitionGroups": null
+ }
+}
\ No newline at end of file
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ContainerApps.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ContainerApps.json
index 55ab33e46a..e8b63fa8cd 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ContainerApps.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ContainerApps.json
@@ -13,7 +13,6 @@
"source": "https://github.com/Azure/Enterprise-Scale/",
"alzCloudEnvironments": [
"AzureCloud",
- "AzureChinaCloud",
"AzureUSGovernment"
]
},
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-CosmosDb.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-CosmosDb.AzureChinaCloud.json
new file mode 100644
index 0000000000..129b6a19c7
--- /dev/null
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-CosmosDb.AzureChinaCloud.json
@@ -0,0 +1,104 @@
+{
+ "name": "Enforce-Guardrails-CosmosDb-AzureChinaCloud",
+ "type": "Microsoft.Authorization/policySetDefinitions",
+ "apiVersion": "2021-06-01",
+ "scope": null,
+ "properties": {
+ "policyType": "Custom",
+ "displayName": "Enforce recommended guardrails for Cosmos DB",
+ "description": "This policy initiative is a group of policies that ensures Cosmos DB is compliant per regulated Landing Zones.",
+ "metadata": {
+ "version": "1.0.0",
+ "category": "Cosmos DB",
+ "source": "https://github.com/Azure/Enterprise-Scale/",
+ "alzCloudEnvironments": [
+ "AzureChinaCloud"
+ ]
+ },
+ "parameters": {
+ "cosmosDbLocalAuth": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "cosmosDbFwRules": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "cosmosDbModifyLocalAuth": {
+ "type": "string",
+ "defaultValue": "Modify",
+ "allowedValues": [
+ "Modify",
+ "Disabled"
+ ]
+ },
+ "cosmosDbModifyPublicAccess": {
+ "type": "string",
+ "defaultValue": "Modify",
+ "allowedValues": [
+ "Modify",
+ "Disabled"
+ ]
+ }
+ },
+ "policyDefinitions": [
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/dc2d41d1-4ab1-4666-a3e1-3d51c43e0049",
+ "policyDefinitionReferenceId": "Modify-CosmosDb-Local-Auth",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('cosmosDbModifyLocalAuth')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb",
+ "policyDefinitionReferenceId": "Deny-CosmosDb-Fw-Rules",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('cosmosDbFwRules')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5450f5bd-9c72-4390-a9c4-a7aba4edfdd2",
+ "policyDefinitionReferenceId": "Deny-CosmosDb-Local-Auth",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('cosmosDbLocalAuth')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4750c32b-89c0-46af-bfcb-2e4541a818d5",
+ "policyDefinitionReferenceId": "Append-CosmosDb-Metadata",
+ "groupNames": [],
+ "parameters": {}
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/da69ba51-aaf1-41e5-8651-607cd0b37088",
+ "policyDefinitionReferenceId": "Modify-CosmosDb-Public-Network-Access",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('cosmosDbModifyPublicAccess')]"
+ }
+ }
+ }
+ ],
+ "policyDefinitionGroups": null
+ }
+}
\ No newline at end of file
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-CosmosDb.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-CosmosDb.json
index 78b5883aab..d51825513e 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-CosmosDb.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-CosmosDb.json
@@ -13,7 +13,6 @@
"source": "https://github.com/Azure/Enterprise-Scale/",
"alzCloudEnvironments": [
"AzureCloud",
- "AzureChinaCloud",
"AzureUSGovernment"
]
},
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault-Sup.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault-Sup.AzureChinaCloud.json
new file mode 100644
index 0000000000..2105d926eb
--- /dev/null
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault-Sup.AzureChinaCloud.json
@@ -0,0 +1,42 @@
+{
+ "name": "Enforce-Guardrails-KeyVault-Sup-AzureChinaCloud",
+ "type": "Microsoft.Authorization/policySetDefinitions",
+ "apiVersion": "2021-06-01",
+ "scope": null,
+ "properties": {
+ "policyType": "Custom",
+ "displayName": "Enforce additional recommended guardrails for Key Vault",
+ "description": "This policy initiative is a group of policies that ensures Key Vault is compliant per regulated Landing Zones.",
+ "metadata": {
+ "version": "1.0.0",
+ "category": "Key Vault",
+ "source": "https://github.com/Azure/Enterprise-Scale/",
+ "alzCloudEnvironments": [
+ "AzureChinaCloud"
+ ]
+ },
+ "parameters": {
+ "keyVaultModifyFw": {
+ "type": "string",
+ "defaultValue": "Modify",
+ "allowedValues": [
+ "Modify",
+ "Disabled"
+ ]
+ }
+ },
+ "policyDefinitions": [
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ac673a9a-f77d-4846-b2d8-a57f8e1c01dc",
+ "policyDefinitionReferenceId": "Modify-KV-Fw",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('keyVaultModifyFw')]"
+ }
+ }
+ }
+ ],
+ "policyDefinitionGroups": null
+ }
+}
\ No newline at end of file
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault-Sup.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault-Sup.json
index 3c68197a8e..67608838e1 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault-Sup.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault-Sup.json
@@ -13,7 +13,6 @@
"source": "https://github.com/Azure/Enterprise-Scale/",
"alzCloudEnvironments": [
"AzureCloud",
- "AzureChinaCloud",
"AzureUSGovernment"
]
},
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.AzureChinaCloud.json
new file mode 100644
index 0000000000..ebf8a69514
--- /dev/null
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.AzureChinaCloud.json
@@ -0,0 +1,664 @@
+{
+ "name": "Enforce-Guardrails-KeyVault-AzureChinaCloud",
+ "type": "Microsoft.Authorization/policySetDefinitions",
+ "apiVersion": "2021-06-01",
+ "scope": null,
+ "properties": {
+ "policyType": "Custom",
+ "displayName": "Enforce recommended guardrails for Azure Key Vault",
+ "description": "Enforce recommended guardrails for Azure Key Vault.",
+ "metadata": {
+ "version": "2.0.0",
+ "category": "Key Vault",
+ "source": "https://github.com/Azure/Enterprise-Scale/",
+ "alzCloudEnvironments": [
+ "AzureChinaCloud"
+ ]
+ },
+ "parameters": {
+ "effectKvSoftDelete": {
+ "type": "String",
+ "metadata": {
+ "displayName": "Effect",
+ "description": "Enable or disable the execution of the policy"
+ },
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ],
+ "defaultValue": "Deny"
+ },
+ "effectKvPurgeProtection": {
+ "type": "String",
+ "metadata": {
+ "displayName": "Effect",
+ "description": "Enable or disable the execution of the policy"
+ },
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ],
+ "defaultValue": "Deny"
+ },
+ "effectKvSecretsExpire": {
+ "type": "String",
+ "metadata": {
+ "displayName": "Effect",
+ "description": "Enable or disable the execution of the policy"
+ },
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ],
+ "defaultValue": "Audit"
+ },
+ "effectKvKeysExpire": {
+ "type": "String",
+ "metadata": {
+ "displayName": "Effect",
+ "description": "Enable or disable the execution of the policy"
+ },
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ],
+ "defaultValue": "Audit"
+ },
+ "effectKvFirewallEnabled": {
+ "type": "String",
+ "metadata": {
+ "displayName": "Effect",
+ "description": "Enable or disable the execution of the policy"
+ },
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ],
+ "defaultValue": "Audit"
+ },
+ "effectKvCertLifetime": {
+ "type": "String",
+ "metadata": {
+ "displayName": "Effect",
+ "description": "Enable or disable the execution of the policy"
+ },
+ "allowedValues": [
+ "audit",
+ "Audit",
+ "deny",
+ "Deny",
+ "disabled",
+ "Disabled"
+ ],
+ "defaultValue": "Audit"
+ },
+ "maximumCertLifePercentageLife": {
+ "type": "Integer",
+ "metadata": {
+ "displayName": "The maximum lifetime percentage",
+ "description": "Enter the percentage of lifetime of the certificate when you want to trigger the policy action. For example, to trigger a policy action at 80% of the certificate's valid life, enter '80'."
+ },
+ "defaultValue": 80
+ },
+ "minimumCertLifeDaysBeforeExpiry": {
+ "type": "Integer",
+ "metadata": {
+ "displayName": "The minimum days before expiry",
+ "description": "Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'."
+ },
+ "defaultValue": 90
+ },
+ "effectKvKeysLifetime": {
+ "type": "String",
+ "metadata": {
+ "displayName": "Effect",
+ "description": "Enable or disable the execution of the policy"
+ },
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ],
+ "defaultValue": "Audit"
+ },
+ "minimumKeysLifeDaysBeforeExpiry": {
+ "type": "Integer",
+ "metadata": {
+ "displayName": "The minimum days before expiry",
+ "description": "Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'."
+ },
+ "defaultValue": 90
+ },
+ "effectKvSecretsLifetime": {
+ "type": "String",
+ "metadata": {
+ "displayName": "Effect",
+ "description": "Enable or disable the execution of the policy"
+ },
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ],
+ "defaultValue": "Audit"
+ },
+ "minimumSecretsLifeDaysBeforeExpiry": {
+ "type": "Integer",
+ "metadata": {
+ "displayName": "The minimum days before expiry",
+ "description": "Enter the days before expiration of the certificate when you want to trigger the policy action. For example, to trigger a policy action 90 days before the certificate's expiration, enter '90'."
+ },
+ "defaultValue": 90
+ },
+ "keyVaultCheckMinimumRSACertificateSize": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "audit",
+ "Audit",
+ "deny",
+ "Deny",
+ "disabled",
+ "Disabled"
+ ]
+ },
+ "keyVaultMinimumRSACertificateSizeValue": {
+ "type": "integer",
+ "defaultValue": 2048,
+ "allowedValues": [
+ 2048,
+ 3072,
+ 4096
+ ]
+ },
+ "keyVaultCheckMinimumRSAKeySize": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "keyVaultMinimumRSAKeySizeValue": {
+ "type": "integer",
+ "defaultValue": 2048,
+ "allowedValues": [
+ 2048,
+ 3072,
+ 4096
+ ]
+ },
+ "keyVaultArmRbac": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "keyVaultCertificatesPeriod": {
+ "type": "string",
+ "defaultValue": "Disabled",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "keyVaultCertValidPeriod": {
+ "type": "integer",
+ "defaultValue": 12
+ },
+ "keysValidPeriod": {
+ "type": "string",
+ "defaultValue": "Disabled",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "keysValidityInDays": {
+ "type": "integer",
+ "defaultValue": 90
+ },
+ "secretsValidPeriod": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "secretsValidityInDays": {
+ "type": "integer",
+ "defaultValue": 90
+ },
+ "keyVaultCertKeyTypes": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "audit",
+ "Audit",
+ "deny",
+ "Deny",
+ "disabled",
+ "Disabled"
+ ]
+ },
+ "keyVaultEllipticCurve": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "audit",
+ "Audit",
+ "deny",
+ "Deny",
+ "disabled",
+ "Disabled"
+ ]
+ },
+ "keyVaultCryptographicType": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "keysActive": {
+ "type": "string",
+ "defaultValue": "Disabled",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "keysActiveInDays": {
+ "type": "integer",
+ "defaultValue": 90
+ },
+ "keysCurveNames": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "secretsActiveInDays": {
+ "type": "integer",
+ "defaultValue": 90
+ },
+ "secretsActive": {
+ "type": "string",
+ "defaultValue": "Disabled",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "keyVaultSecretContentType": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "keyVaultNonIntegratedCa": {
+ "type": "string",
+ "defaultValue": "Disabled",
+ "allowedValues": [
+ "audit",
+ "Audit",
+ "deny",
+ "Deny",
+ "disabled",
+ "Disabled"
+ ]
+ },
+ "keyVaultNonIntegratedCaValue": {
+ "type": "string",
+ "defaultValue": "",
+ "metadata": {
+ "displayName": "The common name of the certificate authority",
+ "description": "The common name (CN) of the Certificate Authority (CA) provider. For example, for an issuer CN = Contoso, OU = .., DC = .., you can specify Contoso"
+ }
+ },
+ "keyVaultIntegratedCa": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "audit",
+ "Audit",
+ "deny",
+ "Deny",
+ "disabled",
+ "Disabled"
+ ]
+ },
+ "keyVaultIntegratedCaValue": {
+ "type": "array",
+ "defaultValue": [
+ "DigiCert",
+ "GlobalSign"
+ ]
+ },
+ "keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "audit",
+ "Audit",
+ "deny",
+ "Deny",
+ "disabled",
+ "Disabled"
+ ]
+ },
+ "keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue": {
+ "type": "integer",
+ "defaultValue": 90
+ }
+ },
+ "policyDefinitions": [
+ {
+ "policyDefinitionReferenceId": "KvSoftDelete",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d",
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('effectKvSoftDelete')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "KvPurgeProtection",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0b60c0b2-2dc2-4e1c-b5c9-abbed971de53",
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('effectKvPurgeProtection')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "KvSecretsExpire",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/98728c90-32c7-4049-8429-847dc0f4fe37",
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('effectKvSecretsExpire')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "KvKeysExpire",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0",
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('effectKvKeysExpire')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "KvFirewallEnabled",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/55615ac9-af46-4a59-874e-391cc3dfb490",
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('effectKvFirewallEnabled')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "KvCertLifetime",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/12ef42cb-9903-4e39-9c26-422d29570417",
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('effectKvCertLifetime')]"
+ },
+ "maximumPercentageLife": {
+ "value": "[[parameters('maximumCertLifePercentageLife')]"
+ },
+ "minimumDaysBeforeExpiry": {
+ "value": "[[parameters('minimumCertLifeDaysBeforeExpiry')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "KvKeysLifetime",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/5ff38825-c5d8-47c5-b70e-069a21955146",
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('effectKvKeysLifetime')]"
+ },
+ "minimumDaysBeforeExpiration": {
+ "value": "[[parameters('minimumKeysLifeDaysBeforeExpiry')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionReferenceId": "KvSecretsLifetime",
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/b0eb591a-5e70-4534-a8bf-04b9c489584a",
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('effectKvSecretsLifetime')]"
+ },
+ "minimumDaysBeforeExpiration": {
+ "value": "[[parameters('minimumSecretsLifeDaysBeforeExpiry')]"
+ }
+ },
+ "groupNames": []
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/cee51871-e572-4576-855c-047c820360f0",
+ "policyDefinitionReferenceId": "Deny-KV-RSA-Keys-without-MinCertSize",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('keyVaultCheckMinimumRSACertificateSize')]"
+ },
+ "minimumRSAKeySize": {
+ "value": "[[parameters('keyVaultMinimumRSACertificateSizeValue')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/82067dbb-e53b-4e06-b631-546d197452d9",
+ "policyDefinitionReferenceId": "Deny-KV-RSA-Keys-without-MinKeySize",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('keyVaultCheckMinimumRSAKeySize')]"
+ },
+ "minimumRSAKeySize": {
+ "value": "[[parameters('keyVaultMinimumRSAKeySizeValue')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5",
+ "policyDefinitionReferenceId": "Deny-KV-without-ArmRbac",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('keyVaultArmRbac')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0a075868-4c26-42ef-914c-5bc007359560",
+ "policyDefinitionReferenceId": "Deny-KV-Cert-Period",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('keyVaultCertificatesPeriod')]"
+ },
+ "maximumValidityInMonths": {
+ "value": "[[parameters('keyVaultCertValidPeriod')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/49a22571-d204-4c91-a7b6-09b1a586fbc9",
+ "policyDefinitionReferenceId": "Deny-KV-Keys-Expire",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('keysValidPeriod')]"
+ },
+ "maximumValidityInDays": {
+ "value": "[[parameters('keysValidityInDays')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/342e8053-e12e-4c44-be01-c3c2f318400f",
+ "policyDefinitionReferenceId": "Deny-KV-Secrets-ValidityDays",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('secretsValidPeriod')]"
+ },
+ "maximumValidityInDays": {
+ "value": "[[parameters('secretsValidityInDays')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/1151cede-290b-4ba0-8b38-0ad145ac888f",
+ "policyDefinitionReferenceId": "Deny-KV-Key-Types",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('keyVaultCertKeyTypes')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bd78111f-4953-4367-9fd5-7e08808b54bf",
+ "policyDefinitionReferenceId": "Deny-KV-Elliptic-Curve",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('keyVaultEllipticCurve')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/75c4f823-d65c-4f29-a733-01d0077fdbcb",
+ "policyDefinitionReferenceId": "Deny-KV-Cryptographic-Type",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('keyVaultCryptographicType')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/c26e4b24-cf98-4c67-b48b-5a25c4c69eb9",
+ "policyDefinitionReferenceId": "Deny-KV-Key-Active",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('keysActive')]"
+ },
+ "maximumValidityInDays": {
+ "value": "[[parameters('keysActiveInDays')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/ff25f3c8-b739-4538-9d07-3d6d25cfb255",
+ "policyDefinitionReferenceId": "Deny-KV-Curve-Names",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('keysCurveNames')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/e8d99835-8a06-45ae-a8e0-87a91941ccfe",
+ "policyDefinitionReferenceId": "Deny-KV-Secret-ActiveDays",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('secretsActive')]"
+ },
+ "maximumValidityInDays": {
+ "value": "[[parameters('secretsActiveInDays')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/75262d3e-ba4a-4f43-85f8-9f72c090e5e3",
+ "policyDefinitionReferenceId": "Deny-Kv-Secret-Content-Type",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('keyVaultSecretContentType')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a22f4a40-01d3-4c7d-8071-da157eeff341",
+ "policyDefinitionReferenceId": "Deny-Kv-Non-Integrated-Ca",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('keyVaultNonIntegratedCa')]"
+ },
+ "caCommonName": {
+ "value": "[[parameters('keyVaultNonIntegratedCaValue')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8e826246-c976-48f6-b03e-619bb92b3d82",
+ "policyDefinitionReferenceId": "Deny-Kv-Integrated-Ca",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('keyVaultIntegratedCa')]"
+ },
+ "allowedCAs": {
+ "value": "[[parameters('keyVaultIntegratedCaValue')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/f772fb64-8e40-40ad-87bc-7706e1949427",
+ "policyDefinitionReferenceId": "Deny-Kv-Cert-Expiration-Within-Specific-Number-Days",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDays')]"
+ },
+ "daysToExpire": {
+ "value": "[[parameters('keyVaultCertificateNotExpireWithinSpecifiedNumberOfDaysValue')]"
+ }
+ }
+ }
+ ],
+ "policyDefinitionGroups": null
+ }
+}
\ No newline at end of file
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.json
index 04f79c6d6c..66e7d0a24a 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.json
@@ -13,7 +13,6 @@
"source": "https://github.com/Azure/Enterprise-Scale/",
"alzCloudEnvironments": [
"AzureCloud",
- "AzureChinaCloud",
"AzureUSGovernment"
]
},
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-MySQL.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-MySQL.AzureChinaCloud.json
new file mode 100644
index 0000000000..31b0554dad
--- /dev/null
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-MySQL.AzureChinaCloud.json
@@ -0,0 +1,42 @@
+{
+ "name": "Enforce-Guardrails-MySQL-AzureChinaCloud",
+ "type": "Microsoft.Authorization/policySetDefinitions",
+ "apiVersion": "2021-06-01",
+ "scope": null,
+ "properties": {
+ "policyType": "Custom",
+ "displayName": "Enforce recommended guardrails for MySQL",
+ "description": "This policy initiative is a group of policies that ensures MySQL is compliant per regulated Landing Zones.",
+ "metadata": {
+ "version": "1.0.0",
+ "category": "MySQL",
+ "source": "https://github.com/Azure/Enterprise-Scale/",
+ "alzCloudEnvironments": [
+ "AzureChinaCloud"
+ ]
+ },
+ "parameters": {
+ "mySqlAdvThreatProtection": {
+ "type": "string",
+ "defaultValue": "DeployIfNotExists",
+ "allowedValues": [
+ "DeployIfNotExists",
+ "Disabled"
+ ]
+ }
+ },
+ "policyDefinitions": [
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/80ed5239-4122-41ed-b54a-6f1fa7552816",
+ "policyDefinitionReferenceId": "Dine-MySql-Adv-Threat-Protection",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('mySqlAdvThreatProtection')]"
+ }
+ }
+ }
+ ],
+ "policyDefinitionGroups": null
+ }
+}
\ No newline at end of file
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-MySQL.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-MySQL.json
index ce2b30161f..ef5db71614 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-MySQL.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-MySQL.json
@@ -13,7 +13,6 @@
"source": "https://github.com/Azure/Enterprise-Scale/",
"alzCloudEnvironments": [
"AzureCloud",
- "AzureChinaCloud",
"AzureUSGovernment"
]
},
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.AzureChinaCloud.json
new file mode 100644
index 0000000000..6d2d86d4ca
--- /dev/null
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.AzureChinaCloud.json
@@ -0,0 +1,364 @@
+{
+ "name": "Enforce-Guardrails-Network-AzureChinaCloud",
+ "type": "Microsoft.Authorization/policySetDefinitions",
+ "apiVersion": "2021-06-01",
+ "scope": null,
+ "properties": {
+ "policyType": "Custom",
+ "displayName": "Enforce recommended guardrails for Network and Networking services",
+ "description": "This policy initiative is a group of policies that ensures Network and Networking services are compliant per regulated Landing Zones.",
+ "metadata": {
+ "version": "1.0.0",
+ "category": "Network",
+ "source": "https://github.com/Azure/Enterprise-Scale/",
+ "alzCloudEnvironments": [
+ "AzureChinaCloud"
+ ]
+ },
+ "parameters": {
+ "subnetUdr": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "subnetNsg": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "subnetServiceEndpoint": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "appGwWaf": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "vnetModifyDdos": {
+ "type": "string",
+ "defaultValue": "Modify"
+ },
+ "ddosPlanResourceId": {
+ "type": "string",
+ "defaultValue": ""
+ },
+ "wafModeAppGw": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "wafModeAppGwRequirement": {
+ "type": "string",
+ "defaultValue": "Prevention"
+ },
+ "denyMgmtFromInternet": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "denyMgmtFromInternetPorts": {
+ "type": "Array",
+ "metadata": {
+ "displayName": "Ports",
+ "description": "Ports to be blocked"
+ },
+ "defaultValue": [
+ "22",
+ "3389"
+ ]
+ },
+ "vpnAzureAD": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "appGwTlsVersion": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "modifyUdr": {
+ "type": "string",
+ "defaultValue": "Disabled"
+ },
+ "modifyUdrNextHopIpAddress": {
+ "type": "string",
+ "defaultValue": ""
+ },
+ "modifyUdrNextHopType": {
+ "type": "string",
+ "defaultValue": "None"
+ },
+ "modifyUdrAddressPrefix": {
+ "type": "string",
+ "defaultValue": "0.0.0.0/0"
+ },
+ "modifyNsg": {
+ "type": "string",
+ "defaultValue": "Disabled",
+ "allowedValues": [
+ "Modify",
+ "Disabled"
+ ]
+ },
+ "modifyNsgRuleName": {
+ "type": "string",
+ "defaultValue": "DenyAnyInternetOutbound"
+ },
+ "modifyNsgRulePriority": {
+ "type": "integer",
+ "defaultValue": 1000
+ },
+ "modifyNsgRuleDirection": {
+ "type": "string",
+ "defaultValue": "Outbound"
+ },
+ "modifyNsgRuleAccess": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "modifyNsgRuleProtocol": {
+ "type": "string",
+ "defaultValue": "*"
+ },
+ "modifyNsgRuleSourceAddressPrefix": {
+ "type": "string",
+ "defaultValue": "*"
+ },
+ "modifyNsgRuleSourcePortRange": {
+ "type": "string",
+ "defaultValue": "*"
+ },
+ "modifyNsgRuleDestinationAddressPrefix": {
+ "type": "string",
+ "defaultValue": "Internet"
+ },
+ "modifyNsgRuleDestinationPortRange": {
+ "type": "string",
+ "defaultValue": "*"
+ },
+ "modifyNsgRuleDescription": {
+ "type": "string",
+ "defaultValue": "Deny any outbound traffic to the Internet"
+ }
+ },
+ "policyDefinitions": [
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/35f9c03a-cc27-418e-9c0c-539ff999d010",
+ "policyDefinitionReferenceId": "Deny-Nsg-GW-subnet",
+ "groupNames": [],
+ "parameters": {}
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/21a6bc25-125e-4d13-b82d-2e19b7208ab7",
+ "policyDefinitionReferenceId": "Deny-VPN-AzureAD",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('vpnAzureAD')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/12430be1-6cc8-4527-a9a8-e3d38f250096",
+ "policyDefinitionReferenceId": "Deny-Waf-AppGw-mode",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('wafModeAppGw')]"
+ },
+ "modeRequirement": {
+ "value": "[[parameters('wafModeAppGwRequirement')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d",
+ "policyDefinitionReferenceId": "Modify-vNet-DDoS",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('vnetModifyDdos')]"
+ },
+ "ddosPlan": {
+ "value": "[[parameters('ddosPlanResourceId')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/88c0b9da-ce96-4b03-9635-f29a937e2900",
+ "policyDefinitionReferenceId": "Deny-Ip-Forwarding",
+ "groupNames": [],
+ "parameters": {}
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/83a86a26-fd1f-447c-b59d-e51f44264114",
+ "policyDefinitionReferenceId": "Deny-vNic-Pip",
+ "groupNames": [],
+ "parameters": {}
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/564feb30-bf6a-4854-b4bb-0d2d2d1e6c66",
+ "policyDefinitionReferenceId": "Deny-AppGw-Without-Waf",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('appGwWaf')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Udr",
+ "policyDefinitionReferenceId": "Deny-Subnet-Without-Udr",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('subnetUdr')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Subnet-Without-Nsg",
+ "policyDefinitionReferenceId": "Deny-Subnet-Without-NSG",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('subnetNsg')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Service-Endpoints",
+ "policyDefinitionReferenceId": "Deny-Subnet-with-Service-Endpoints",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('subnetServiceEndpoint')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-MgmtPorts-From-Internet",
+ "policyDefinitionReferenceId": "Deny-Mgmt-From-Internet",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('denyMgmtFromInternet')]"
+ },
+ "ports": {
+ "value": "[[parameters('denyMgmtFromInternetPorts')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-AppGw-Without-Tls",
+ "policyDefinitionReferenceId": "Deny-AppGw-Without-Tls",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('appGwTlsVersion')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-UDR",
+ "policyDefinitionReferenceId": "Modify-Udr",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('modifyUdr')]"
+ },
+ "nextHopIpAddress": {
+ "value": "[[parameters('modifyUdrNextHopIpAddress')]"
+ },
+ "nextHopType": {
+ "value": "[[parameters('modifyUdrNextHopType')]"
+ },
+ "addressPrefix": {
+ "value": "[[parameters('modifyUdrAddressPrefix')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Modify-NSG",
+ "policyDefinitionReferenceId": "Modify-Nsg",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('modifyNsg')]"
+ },
+ "nsgRuleName": {
+ "value": "[[parameters('modifyNsgRuleName')]"
+ },
+ "nsgRulePriority": {
+ "value": "[[parameters('modifyNsgRulePriority')]"
+ },
+ "nsgRuleDirection": {
+ "value": "[[parameters('modifyNsgRuleDirection')]"
+ },
+ "nsgRuleAccess": {
+ "value": "[[parameters('modifyNsgRuleAccess')]"
+ },
+ "nsgRuleProtocol": {
+ "value": "[[parameters('modifyNsgRuleProtocol')]"
+ },
+ "nsgRuleSourceAddressPrefix": {
+ "value": "[[parameters('modifyNsgRuleSourceAddressPrefix')]"
+ },
+ "nsgRuleSourcePortRange": {
+ "value": "[[parameters('modifyNsgRuleSourcePortRange')]"
+ },
+ "nsgRuleDestinationAddressPrefix": {
+ "value": "[[parameters('modifyNsgRuleDestinationAddressPrefix')]"
+ },
+ "nsgRuleDestinationPortRange": {
+ "value": "[[parameters('modifyNsgRuleDestinationPortRange')]"
+ },
+ "nsgRuleDescription": {
+ "value": "[[parameters('modifyNsgRuleDescription')]"
+ }
+ }
+ }
+ ],
+ "policyDefinitionGroups": null
+ }
+}
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.json
index bec7c6d07e..861bcd1f4f 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.json
@@ -13,7 +13,6 @@
"source": "https://github.com/Azure/Enterprise-Scale/",
"alzCloudEnvironments": [
"AzureCloud",
- "AzureChinaCloud",
"AzureUSGovernment"
]
},
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Storage.AzureChinaCloud.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Storage.AzureChinaCloud.json
new file mode 100644
index 0000000000..7248cb847e
--- /dev/null
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Storage.AzureChinaCloud.json
@@ -0,0 +1,443 @@
+{
+ "name": "Enforce-Guardrails-Storage-AzureChinaCloud",
+ "type": "Microsoft.Authorization/policySetDefinitions",
+ "apiVersion": "2021-06-01",
+ "scope": null,
+ "properties": {
+ "policyType": "Custom",
+ "displayName": "Enforce recommended guardrails for Storage Account",
+ "description": "This policy initiative is a group of policies that ensures Storage is compliant per regulated Landing Zones.",
+ "metadata": {
+ "version": "1.0.0",
+ "category": "Storage",
+ "source": "https://github.com/Azure/Enterprise-Scale/",
+ "alzCloudEnvironments": [
+ "AzureChinaCloud"
+ ]
+ },
+ "parameters": {
+ "storageKeysExpiration": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "storageAccountNetworkRules": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "storageAccountRestrictNetworkRules": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "storageClassicToArm": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "storageAccountsInfraEncryption": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "storageAccountSharedKey": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "storageAccountsCrossTenant": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "storageAccountsDoubleEncryption": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "storageAccountsCopyScope": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "storageAccountsAllowedCopyScope": {
+ "type": "string",
+ "defaultValue": "AAD"
+ },
+ "storageServicesEncryption": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "storageLocalUser": {
+ "type": "string",
+ "defaultValue": "Disabled",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "storageSftp": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "storageNetworkAclsBypass": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "storageAllowedNetworkAclsBypass": {
+ "type": "array",
+ "defaultValue": [
+ "None"
+ ]
+ },
+ "storageResourceAccessRulesTenantId": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "storageResourceAccessRulesResourceId": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "storageNetworkAclsVirtualNetworkRules": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "storageContainerDeleteRetentionPolicy": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "storageMinContainerDeleteRetentionInDays": {
+ "type": "Integer",
+ "defaultValue": 7
+ },
+ "storageCorsRules": {
+ "type": "string",
+ "defaultValue": "Deny",
+ "allowedValues": [
+ "Audit",
+ "Deny",
+ "Disabled"
+ ]
+ },
+ "modifyStorageFileSyncPublicEndpoint": {
+ "type": "string",
+ "defaultValue": "Modify",
+ "allowedValues": [
+ "Modify",
+ "Disabled"
+ ]
+ },
+ "modifyStorageAccountPublicEndpoint": {
+ "type": "string",
+ "defaultValue": "Modify",
+ "allowedValues": [
+ "Modify",
+ "Disabled"
+ ]
+ },
+ "storageAccountsModifyDisablePublicNetworkAccess": {
+ "type": "string",
+ "defaultValue": "Modify",
+ "allowedValues": [
+ "Modify",
+ "Disabled"
+ ]
+ }
+ },
+ "policyDefinitions": [
+ {
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CopyScope",
+ "policyDefinitionReferenceId": "Deny-Storage-CopyScope",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('storageAccountsCopyScope')]"
+ },
+ "allowedCopyScope": {
+ "value": "[[parameters('storageAccountsAllowedCopyScope')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ServicesEncryption",
+ "policyDefinitionReferenceId": "Deny-Storage-ServicesEncryption",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('storageServicesEncryption')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-LocalUser",
+ "policyDefinitionReferenceId": "Deny-Storage-LocalUser",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('storageLocalUser')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-SFTP",
+ "policyDefinitionReferenceId": "Deny-Storage-SFTP",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('storageSftp')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsBypass",
+ "policyDefinitionReferenceId": "Deny-Storage-NetworkAclsBypass",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('storageNetworkAclsBypass')]"
+ },
+ "allowedBypassOptions": {
+ "value": "[[parameters('storageAllowedNetworkAclsBypass')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesTenantId",
+ "policyDefinitionReferenceId": "Deny-Storage-ResourceAccessRulesTenantId",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('storageResourceAccessRulesTenantId')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ResourceAccessRulesResourceId",
+ "policyDefinitionReferenceId": "Deny-Storage-ResourceAccessRulesResourceId",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('storageResourceAccessRulesResourceId')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-NetworkAclsVirtualNetworkRules",
+ "policyDefinitionReferenceId": "Deny-Storage-NetworkAclsVirtualNetworkRules",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('storageNetworkAclsVirtualNetworkRules')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-ContainerDeleteRetentionPolicy",
+ "policyDefinitionReferenceId": "Deny-Storage-ContainerDeleteRetentionPolicy",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('storageContainerDeleteRetentionPolicy')]"
+ },
+ "minContainerDeleteRetentionInDays": {
+ "value": "[[parameters('storageMinContainerDeleteRetentionInDays')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Management/managementGroups/contoso/providers/Microsoft.Authorization/policyDefinitions/Deny-Storage-CorsRules",
+ "policyDefinitionReferenceId": "Deny-Storage-CorsRules",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('storageCorsRules')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/bfecdea6-31c4-4045-ad42-71b9dc87247d",
+ "policyDefinitionReferenceId": "Deny-Storage-Account-Encryption",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('storageAccountsDoubleEncryption')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/92a89a79-6c52-4a7e-a03f-61306fc49312",
+ "policyDefinitionReferenceId": "Deny-Storage-Cross-Tenant",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('storageAccountsCrossTenant')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54",
+ "policyDefinitionReferenceId": "Deny-Storage-Shared-Key",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('storageAccountSharedKey')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/4733ea7b-a883-42fe-8cac-97454c2a9e4a",
+ "policyDefinitionReferenceId": "Deny-Storage-Infra-Encryption",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('storageAccountsInfraEncryption')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/37e0d2fe-28a5-43d6-a273-67d37d1f5606",
+ "policyDefinitionReferenceId": "Deny-Storage-Classic",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('storageClassicToArm')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/34c877ad-507e-4c82-993e-3452a6e0ad3c",
+ "policyDefinitionReferenceId": "Deny-Storage-Restrict-NetworkRules",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('storageAccountRestrictNetworkRules')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/2a1a9cdf-e04d-429a-8416-3bfb72a1b26f",
+ "policyDefinitionReferenceId": "Deny-Storage-NetworkRules",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('storageAccountNetworkRules')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/044985bb-afe1-42cd-8a36-9d5d42424537",
+ "policyDefinitionReferenceId": "Deny-Storage-Account-Keys-Expire",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('storageKeysExpiration')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/0e07b2e9-6cd9-4c40-9ccb-52817b95133b",
+ "policyDefinitionReferenceId": "Modify-Storage-FileSync-PublicEndpoint",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('modifyStorageFileSyncPublicEndpoint')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/13502221-8df0-4414-9937-de9c5c4e396b",
+ "policyDefinitionReferenceId": "Modify-Blob-Storage-Account-PublicEndpoint",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('modifyStorageAccountPublicEndpoint')]"
+ }
+ }
+ },
+ {
+ "policyDefinitionId": "/providers/Microsoft.Authorization/policyDefinitions/a06d0189-92e8-4dba-b0c4-08d7669fce7d",
+ "policyDefinitionReferenceId": "Modify-Storage-Account-PublicEndpoint",
+ "groupNames": [],
+ "parameters": {
+ "effect": {
+ "value": "[[parameters('storageAccountsModifyDisablePublicNetworkAccess')]"
+ }
+ }
+ }
+ ],
+ "policyDefinitionGroups": null
+ }
+}
diff --git a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Storage.json b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Storage.json
index c5abdeee28..340f120813 100644
--- a/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Storage.json
+++ b/src/resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Storage.json
@@ -13,7 +13,6 @@
"source": "https://github.com/Azure/Enterprise-Scale/",
"alzCloudEnvironments": [
"AzureCloud",
- "AzureChinaCloud",
"AzureUSGovernment"
]
},
diff --git a/src/templates/initiatives.bicep b/src/templates/initiatives.bicep
index a1a7e7c233..6f42a55801 100644
--- a/src/templates/initiatives.bicep
+++ b/src/templates/initiatives.bicep
@@ -17,7 +17,7 @@ var cloudEnv = environment().name
// Default deployment locations used in templates
var defaultDeploymentLocationByCloudType = {
AzureCloud: 'northeurope'
- AzureChinaCloud: 'chinaeast2'
+ AzureChinaCloud: 'chinanorth3' //change to chinanorth3 as it's the most frequent scenario
AzureUSGovernment: 'usgovvirginia'
}
@@ -37,40 +37,30 @@ var loadPolicySetDefinitions = {
loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Audit-TrustedLaunch.json')
loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-Sql-Security.json')
loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-Sql-Security_20240529.json')
- loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit.json')
- loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit_20240509.json')
- loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm.json')
loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Sandbox.json')
loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/DenyAction-DeleteProtection.json')
loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-AUM-CheckUpdates.json')
- loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.json')
loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-APIM.json') // FSI specific initiative
loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-AppServices.json') // FSI specific initiative
- loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Automation.json') // FSI specific initiative
loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-CognitiveServices.json') // FSI specific initiative
loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Compute.json') // FSI specific initiative
- loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ContainerApps.json') // FSI specific initiative
loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ContainerInstance.json') // FSI specific initiative
loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ContainerRegistry.json') // FSI specific initiative
- loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-CosmosDb.json') // FSI specific initiative
loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-DataExplorer.json') // FSI specific initiative
loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-DataFactory.json') // FSI specific initiative
loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-EventGrid.json') // FSI specific initiative
loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-EventHub.json') // FSI specific initiative
- loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault-Sup.json') // FSI specific initiative
loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Kubernetes.json') // FSI specific initiative
loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-MachineLearning.json') // FSI specific initiative
- loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-MySQL.json') // FSI specific initiative
- loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.json') // FSI specific initiative
loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-OpenAI.json') // FSI specific initiative
loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-PostgreSQL.json') // FSI specific initiative
loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ServiceBus.json') // FSI specific initiative
loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-SQL.json') // FSI specific initiative
- loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Storage.json') // FSI specific initiative
loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Synapse.json') // FSI specific initiative
loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-VirtualDesktop.json') // FSI specific initiative
]
AzureCloud: [
+ loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm.json') // Not working in AzureChinaCloud, needs validating in AzureUSGovernment
loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deny-PublicPaaSEndpoints.json') // See AzureChinaCloud and AzureUSGovernment comments below for reasoning
loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-Diagnostics-LogAnalytics.json') // See AzureChinaCloud and AzureUSGovernment comments below for reasoning
loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config.json') // See AzureChinaCloud and AzureUSGovernment comments below for reasoning
@@ -80,13 +70,34 @@ var loadPolicySetDefinitions = {
loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-ACSB.json') // Unable to validate if Guest Configuration is working in other clouds
loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-DefenderSQL-AMA.json')
loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Backup.json') // Unable to validate if all Azure Site Recovery features are working in other clouds
+ loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Storage.json') // FSI specific initiative. Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+ loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault-Sup.json') // FSI specific initiative. Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+ loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit.json') // Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+ loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit_20240509.json') // Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+ loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ContainerApps.json') // FSI specific initiative. Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+ loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.json') // Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+ loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Automation.json') // FSI specific initiative. Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+ loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-MySQL.json') // FSI specific initiative. Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+ loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.json') // FSI specific initiative. Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+ loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-CosmosDb.json') // FSI specific initiative. Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+
]
AzureChinaCloud: [
- loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deny-PublicPaaSEndpoints.AzureChinaCloud.json') // Due to missing built-in Policy Definitions ()
- loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-Diagnostics-LogAnalytics.AzureChinaCloud.json') // Due to missing "Deploy-Diagnostics-AVDScalingPlans" custom Policy Definition
+ loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deny-PublicPaaSEndpoints.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (5e8168db-69e3-4beb-9822-57cb59202a9d, 955a914f-bf86-4f0e-acd5-e0766b0efcb6, etc)
+ loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-Diagnostics-LogAnalytics.AzureChinaCloud.json') //Due to missing "Deploy-Diagnostics-AVDScalingPlans" custom Policy Definition
loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (44433aa3-7ec2-4002-93ea-65c65ff0310a, 50ea7265-7d8c-429e-9a7d-ca1f410191c3, b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d, 74c30959-af11-47b3-9ed2-a26e03f427a3, 1f725891-01c0-420a-9059-4fa46cb770b7, 2370a3c1-4a25-4283-a91a-c9c1a145fb2f, b7021b2b-08fd-4dc0-9de7-3c6ece09faf9, b99b73e7-074b-4089-9395-b7236f094491)
- loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones.AzureChinaCloud.json') // Due to missing built-in Policy Definitions ()
loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Encryption-CMK.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (051cba44-2429-45b9-9649-46cec11c7119), and replacement custom Policy Definitions ("Deploy-MySQLCMKEffect", "Deploy-PostgreSQLCMKEffect")
+ loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (0b026355-49cb-467b-8ac4-f777874e175a)
+ loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Storage.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (361c2074-3595-4e5d-8cab-4f21dffc835c)
+ loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit_20240509.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (0e80e269-43a4-4ae9-b5bc-178126b8a5cb)
+ //loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ContainerApps.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (8b346db6-85af-419b-8557-92cee2c0f9bb, b874ab2d-72dd-47f1-8cb5-4a306478a4e7)
+ loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Backup.AzureChinaCloud.json') // Unable to validate if all Azure Site Recovery features are working in other clouds
+ loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (86810a98-8e91-4a44-8386-ec66d0de5d57)
+ loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Automation.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (6d02d2f7-e38b-4bdc-96f3-adc0a8726abc)
+ loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-MySQL.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (3a58212a-c829-4f13-9872-6371df2fd0b4)
+ loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (055aa869-bc98-4af8-bafc-23f1ab6ffe2c)
+ loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-CosmosDb.AzureChinaCloud.json') // Due to missing built-in Policy Definitions (b5f04e03-92a3-4b09-9410-2cc5e5047656)
+ loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-ALZ-Decomm.AzureChinaCloud.json') // Due to missing service DevTestLab which will be used by policy "Deploy-Vm-autoShutdown"
]
AzureUSGovernment: [
loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deny-PublicPaaSEndpoints.AzureUSGovernment.json') // Due to missing built-in Policy Definitions (5e1de0e3-42cb-4ebc-a86d-61d0c619ca48, c9299215-ae47-4f50-9c54-8a392f68a052)
@@ -94,6 +105,16 @@ var loadPolicySetDefinitions = {
loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-MDFC-Config.AzureUSGovernment.json') // Due to missing built-in Policy Definitions (44433aa3-7ec2-4002-93ea-65c65ff0310a, 50ea7265-7d8c-429e-9a7d-ca1f410191c3, b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d, 1f725891-01c0-420a-9059-4fa46cb770b7)
loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Deploy-Private-DNS-Zones.AzureUSGovernment.json') // Due to missing built-in Policy Definitions (0b026355-49cb-467b-8ac4-f777874e175a)
loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Encryption-CMK.AzureUSGovernment.json') // Due to missing built-in Policy Definitions (83cef61d-dbd1-4b20-a4fc-5fbc7da10833, 18adea5e-f416-4d0f-8aa8-d24321e3e274, 051cba44-2429-45b9-9649-46cec11c7119)
+ loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Storage.json') // FSI specific initiative. Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+ loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault-Sup.json') // FSI specific initiative. Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+ loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit.json') // Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+ loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-EncryptTransit_20240509.json') // Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+ loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-ContainerApps.json') // FSI specific initiative. Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+ loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-KeyVault.json') // Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+ loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Automation.json') // FSI specific initiative. Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+ loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-MySQL.json') // FSI specific initiative. Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+ loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-Network.json') // FSI specific initiative. Not working in AzureChinaCloud, needs validating in AzureUSGovernment
+ loadTextContent('../resources/Microsoft.Authorization/policySetDefinitions/Enforce-Guardrails-CosmosDb.json') // FSI specific initiative. Not working in AzureChinaCloud, needs validating in AzureUSGovernment
]
}
diff --git a/src/templates/policies.bicep b/src/templates/policies.bicep
index 0ec8d09707..aae5465cf3 100644
--- a/src/templates/policies.bicep
+++ b/src/templates/policies.bicep
@@ -146,7 +146,6 @@ var loadPolicyDefinitions = {
loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deploy-SqlMi-minTLS.json')
loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deploy-Storage-sslEnforcement.json')
loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deploy-VNET-HubSpoke.json') // Only difference is hard-coded template deployment location (handled by this template)
- loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown.json')
loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deploy-Windows-DomainJoin.json')
loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-VWanS2SVPNGW.json')
loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Audit-PrivateLinkDnsZones.json')
@@ -201,6 +200,7 @@ var loadPolicyDefinitions = {
loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deny-MachineLearning-PublicNetworkAccess.json') // Needs validating in AzureChinaCloud and AzureUSGovernment
loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deploy-Budget.json') // Needs validating in AzureChinaCloud (already used in AzureUSGovernment)
loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deploy-Diagnostics-AVDScalingPlans.json') // No obvious reason for exclusion from AzureChinaCloud and AzureUSGovernment, impacts "Deploy-Diagnostics-LogAnalytics" Policy Set Definition
+ loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deploy-Vm-autoShutdown.json') // Not working in AzureChinaCloud since servie DevTestLab doesn't exist in Mooncake, needs validating in AzureUSGovernment
]
AzureChinaCloud: [
loadTextContent('../resources/Microsoft.Authorization/policyDefinitions/Deny-AFSPaasPublicIP.AzureChinaCloud.json') // Used by "Deny-PublicPaaSEndpoints" Policy Set Definition to replace missing built-in Policy Definition in AzureChinaCloud
diff --git a/src/templates/roles.bicep b/src/templates/roles.bicep
index 43949f4699..a49f2d717e 100644
--- a/src/templates/roles.bicep
+++ b/src/templates/roles.bicep
@@ -7,11 +7,12 @@ var cloudEnv = environment().name
var loadRoleDefinitions = {
All: [
loadJsonContent('../resources/Microsoft.Authorization/roleDefinitions/Application-Owners.json')
- loadJsonContent('../resources/Microsoft.Authorization/roleDefinitions/Network-Management.json')
- loadJsonContent('../resources/Microsoft.Authorization/roleDefinitions/Security-Operations.json')
loadJsonContent('../resources/Microsoft.Authorization/roleDefinitions/Subscription-Owner.json')
]
- AzureCloud: []
+ AzureCloud: [
+ loadJsonContent('../resources/Microsoft.Authorization/roleDefinitions/Security-Operations.json') // Not working in AzureChinaCloud, needs validating on AzureUSGovernment
+ loadJsonContent('../resources/Microsoft.Authorization/roleDefinitions/Network-Management.json') // Not working in AzureChinaCloud, needs validating on AzureUSGovernment
+ ]
AzureChinaCloud: []
AzureUSGovernment: []
}