Marvin Buss

We would like to move towards workflow templates to fully showcase this, but sadly, this will break all workflows as soon as users fork the repo because of this https://github.community/t/ref-head-in-reusable-workflows/203690/22...

@jtracey93 ### Azure Data Factory |Policy Name |Policy Area |Description | |---------|---------|---------| |Deny-DataFactory-ApiVersion|Resource Management|Denies old API version for data factory V1.| |Deny-DataFactory-IdentityType|Authentication|Enforces use of system assigned identity for data factory.|...

@krnese I would enforce the following on the Corp Management Group: Deny-DataFactory-PublicNetworkAccess I would like to enforce more, but this will be difficult to manage.

@jtracey93 ### Azure Stream Analytics |Policy Name |Policy Area |Description | |---------|---------|---------| |Deny-StreamAnalytics-ClusterId|Network Isolation|Enforces use of Stream Analytics cluster.| |Deny-StreamAnalytics-StreamingUnits|Budget|Enforces number of stream analytics streaming units.|

@jtracey93 ### Azure Cognitive Search |Policy Name |Policy Area |Description | |---------|---------|---------| |Deny-Search-PublicNetworkAccess|Network Isolation|Denies public network access for Cognitive Search.| |Deny-Search-Sku|Busget|Enforces Cognitive Search SKUs.|

@krnese I would enforce the following on the Corp Management Group: Deny-Search-PublicNetworkAccess

@jtracey93 ### Azure IoT Hub |Policy Name |Policy Area |Description | |---------|---------|---------| |Append-IotHub-MinimalEncryption|Encryption|Enforces minimal tls version 1.2 for iot hub.| |Deny-IotHub-Sku|Busget|Enforces iot hub SKUs.|

@krnese May require your help to work on one of the deployIfNotExists policies (Azure Defender for IoT Hub). Let me know, if you have time for that. I have written...

@krnese I would enforce the following on the Corp Management Group: Deny PublicNetworkAccess (Definition ID: /providers/Microsoft.Authorization/policyDefinitions/2d6830fb-07eb-48e7-8c4d-2a442b35f0fb)

@jtracey93 ### Azure Cosmos DB |Policy Name |Policy Area |Description | |---------|---------|---------| |Deny-Cosmos-DenyCosmosKeyBasedMetadataWriteAccess|Authentication|Deny key based metadata write access for Cosmos DB accounts.| |Deny-Cosmos-Cors|Network Isolation|Denies CORS rules for Cosmos DB accounts.|