Niclas
Niclas
@hendersonandrade we resolved, as mentioned in the ticket, by adding a new parameter to specify the exact Event Hub to send the logs to --> "eventHubName": "[parameters('eventHubName')]" If you do...
> Hey @vegazbabz, so we are actually saying here to make a duplicate assignment of this policy to platform MG as well? > > cc: @Springstone I am not a...
Not sure why I put the TLS there, confused with the different tickets made - apologies for that 👎 However, point still stands that if this should apply on Corp...
> This comes in the box as nothing built-in exists in the platform. As you correctly call out, not everyone will want/need CMK so we cannot make this a default...
> To clarify, CMK is not the best practice for everyone, it's a good practice. Encryption is a best practice, customers managing their own keys is an enhanced/recommended practice, if...
Another use case that I also wrote to DfS PG is to include a DenyAction policy for the malware protection capabilities, which is deployed as a Logic App or Event...
Any news / progress around this to migrate to the built-in initiatives? Thanks “Enable Azure Monitor for VMs” should be updated to point to the correct built-in policy initiative: [Enable...
Once again, I think all policies introduced in the repo should have a note somewhere in the documentation stating what use-case it is addressing. For sandbox, I think this is...
Thanks for the recommendations, those are appreciated. I am also happy hear that you will start working on elaborating further on security documentation. As per your example, Azure Policy is...
I appreciate the thorough answer, so no need to apologize. The example you provided is great. I completely forgot that you can actually block [Microsoft.Authorization/roleAssignments/roleDefinitionId](https://learn.microsoft.com/en-us/azure/templates/microsoft.authorization/roleassignments?pivots=deployment-language-arm-template). For iii. it seems like...