Missing assignment for the Deny-Subnet-Without-Penp policy

[MikaelJcSoderberg]

This policy is missing in the "default" list of policies: Deny-Subnet-Without-Penp

Without this setting being right, private endpoints in a subnet isn't filtered by the Network Security Group

When I talk about sources, I'm using these to discover new policies and also to see witch ones are changed/removed and to what scope to assign them

https://github.com/Azure/Enterprise-Scale/wiki/ALZ-Policies https://github.com/Azure/Enterprise-Scale/blob/main/docs/wiki/media/ALZ%20Policy%20Assignments%20v2.xlsx

I'm also using this from ALZ-Bicep https://github.com/Azure/ALZ-Bicep/blob/main/infra-as-code/bicep/modules/policy/assignments/alzDefaults/alzDefaultPolicyAssignments.bicep

Witch one is right?

1. I'm using the wrong sources for what policies should be include in a Enterprise-scale implementation?
2. A Network Security Group in a Corp Landing zone don't need to filter traffic to Private Endpoints, and that is the reason the policy isn’t included?
3. It was missed and should be added to the default list of policies. I don't know if the correct scope would be Corp or landingzones.

I think it's number three and that is the reason for posting this issue.