azure-policy
azure-policy copied to clipboard
Azure
Provide parameters to Audit or Disable the scan of Microsoft Defender options
Details of the scenario you tried and the problem that is occurring
Depending on the client context some Microsoft Defender features need to be disabled through the portail or as-code but we would like to stop auditing those ones via Policy to have a relevant KPI.
It could be disabled for POC subscription or because the client is not ready to subscribe to one Defender feature.
Verbose logs showing the problem
The "Microsoft Cloud Secruity Benchmark" KPI need then to be in ad equation with the client choice.
Suggested solution to the issue
Add parameters on the policy set "Microsoft Cloud Secruity Benchmark" like the following ones:
"assignment": {
"name": "Deploy-ASC-Monitoring",
"displayName": "Microsoft Cloud Security Benchmark",
"description": "Microsoft Cloud Security Benchmark policy initiative"
},
"definitionEntry": {
"policySetId": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8",
"displayName": "Microsoft Cloud Security Benchmark"
},
"parameters": {
"enableDefenderForApis": "Disabled",
"defenderForStorageShouldBeEnabledMonitoring": "Disabled",
"virtualMachinesAdvancedThreatProtectionMonitoringEffect": "Disabled",
"keyVaultsAdvancedDataSecurityMonitoringEffect": "Disabled",
"AzureDefenderForOpenSourceRelationalDatabasesShouldBeEnabledMonitoringEffect": "Disabled",
"MicrosoftDefenderCSPMShouldBeEnabledMonitoringEffect": "Disabled",
"appServicesAdvancedThreatProtectionMonitoringEffect": "Disabled",
"containersAdvancedThreatProtectionMonitoringEffect": "Disabled",
"AzureDefenderForResourceManagerShouldBeEnabledMonitoringEffect": "Disabled",
"sqlServersAdvancedDataSecurityMonitoringEffect": "Disabled",
"sqlServersVirtualMachinesAdvancedDataSecurityMonitoringEffect": "Disabled",
"storageAccountsAdvancedDataSecurityMonitoringEffect": "Disabled"
},
