added some policies to deny public endpoints on PaaS

[jwueste]

Added Builtin policies to policy set "Deny-PublicPaaSEndpoints". This policies deny public endpoints on these services:

• Cognitive Services
• Key Vault managed HSM
• Event Grid Topics
• Azure SQL Databases
• Data Factories
• SignalR Services
• IoT-Hubs
• Synapse Workspaces
• App Configurations
• Machine Learning Workspaces
• Redis Caches
• Container Registries
• Key Vaults
• Cosmos DBs
• Media Services
• Automation Accounts
• Web PubSub Services
• IoT-Hub DPSs
• Cognitive Search Services
• Event Grid Domains

As part of this Pull Request I have

• [x ] Checked for duplicate Pull Requests

• [x ] Ensured my code/branch is up-to-date with the latest changes in the main branch

• [ x] Performed testing and provided evidence.

• [ ] Updated relevant and associated documentation.

• [ ] Updated the "What's New?" wiki page (located in the Enterprise-Scale repo in the directory: /docs/wiki/whats-new.md)

[krowlandson]

Hi @jwueste

Thank you for raising this PR. Unfortunately we source all policies from the upstream Azure/Enterprise-scale repository so we will be unable to accept this PR here.

Are you able to open an issue in the upstream repository citing the reasons for this update and raise the relevant changes there if you're comfortable doing so in the ARM implementation?

I will then refresh our policies once upstream is updated.

In the meantime, are you aware that you can use your custom lib folder to create a duplicate of this Policy with your customisations? As long as the `name' field matches, your custom version will automatically override the module version.

Thank you

[paulgrimley]

Hi @jwueste thanks for the contribution, we have a backlog item to review all the Policies we currently assign by default and will include this PR for review (no dates confirmed)

[matt-FFFFFF]

closing as being managed upstream