AzInitiativeAdvertizer

last sync: 2024-Nov-25 18:54:43 UTC

[Preview]: Motion Picture Association of America (MPAA)

Azure BuiltIn Policy Initiative (PolicySet)

Source

Azure Portal

Display name

[Preview]: Motion Picture Association of America (MPAA)

92646f03-e39d-47a9-9e24-58d60ef49af8

Version

4.4.0-preview
Details on versioning

Versioning

Versions supported for Versioning: 4
4.1.0-preview
4.2.0-preview
4.3.0-preview
4.4.0-preview
Built-in Versioning [Preview]

Category

Regulatory Compliance
Microsoft Learn

Description

This initiative includes audit and virtual machine extension deployment policies that address a subset of Motion Picture Association of America (MPAA) security and guidelines controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/mpaa-init.

Type

BuiltIn

Deprecated

False

Preview

True

Policy count

Total Policies: 33
Builtin Policies: 33
Static Policies: 0

Policy used

Policy DisplayName	Policy Id	Category	Effect	Roles#	Roles	State
A vulnerability assessment solution should be enabled on your virtual machines	501541f7-f7e7-4cd6-868c-4190fdad3ac9	Security Center	Default AuditIfNotExists Allowed AuditIfNotExists, Disabled	0		GA
Accounts with write permissions on Azure resources should be MFA enabled	931e118d-50a1-4457-a5e4-78550e086c52	Security Center	Default AuditIfNotExists Allowed AuditIfNotExists, Disabled	0		GA
Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities	3cf2ab00-13f1-4d0c-8971-2ac904541a7e	Guest Configuration	Fixed modify	1	Contributor	GA
Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity	497dff13-db2a-4c0f-8603-28fa3b331ab6	Guest Configuration	Fixed modify	1	Contributor	GA
All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace	a1817ec0-a368-432a-8057-8371e17ac6ee	Service Bus	Default Audit Allowed Audit, Deny, Disabled	0		GA
Audit Linux machines that allow remote connections from accounts without passwords	ea53dbee-c6c9-4f0e-9f9e-de0039b78023	Guest Configuration	Default AuditIfNotExists Allowed AuditIfNotExists, Disabled	0		GA
Audit Linux machines that don't have the specified applications installed	d3b823c9-e0fc-4453-9fb2-8213b7338523	Guest Configuration	Default AuditIfNotExists Allowed AuditIfNotExists, Disabled	0		GA
Audit Windows machines that contain certificates expiring within the specified number of days	1417908b-4bff-46ee-a2a6-4acc899320ab	Guest Configuration	Fixed auditIfNotExists	0		GA
Audit Windows machines that do not contain the specified certificates in Trusted Root	934345e1-4dfb-4c70-90d7-41990dc9608b	Guest Configuration	Fixed auditIfNotExists	0		GA
Audit Windows machines that do not restrict the minimum password length to specified number of characters	a2d0e922-65d0-40c4-8f87-ea6da2d307a2	Guest Configuration	Default AuditIfNotExists Allowed AuditIfNotExists, Disabled	0		GA
Configure Azure Defender to be enabled on SQL servers	36d49e87-48c4-4f2e-beed-ba4ed02b71f5	SQL	Fixed DeployIfNotExists	1	SQL Security Manager	GA
Deploy default Microsoft IaaSAntimalware extension for Windows Server	2835b622-407b-4114-9198-6f7064cbe0dc	Compute	Fixed deployIfNotExists	1	Virtual Machine Contributor	GA
Deploy Diagnostic Settings for Network Security Groups	c9c29499-c1d1-4195-99bd-2ec9e3a9dc89	Monitoring	Fixed deployIfNotExists	2	Monitoring Contributor, Storage Account Contributor	GA
Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs	331e8ea8-378a-410f-a2e5-ae22f38bb0da	Guest Configuration	Fixed deployIfNotExists	1	Contributor	GA
Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs	385f5831-96d4-41db-9a3c-cd3af78aaae6	Guest Configuration	Fixed deployIfNotExists	1	Contributor	GA
Guest accounts with owner permissions on Azure resources should be removed	339353f6-2387-4a45-abe4-7f529d121046	Security Center	Default AuditIfNotExists Allowed AuditIfNotExists, Disabled	0		GA
IP Forwarding on your virtual machine should be disabled	bd352bd5-2853-4985-bf0d-73806b4a5744	Security Center	Default AuditIfNotExists Allowed AuditIfNotExists, Disabled	0		GA
Metric alert rules should be configured on Batch accounts	26ee67a2-f81a-4ba8-b9ce-8550bd5ee1a7	Batch	Default AuditIfNotExists Allowed AuditIfNotExists, Disabled	0		GA
Network interfaces should disable IP forwarding	88c0b9da-ce96-4b03-9635-f29a937e2900	Network	Fixed deny	0		GA
Resource logs in Logic Apps should be enabled	34f95f76-5386-4de7-b824-0d8478470c9d	Logic Apps	Default AuditIfNotExists Allowed AuditIfNotExists, Disabled	0		GA
Resource logs in Search services should be enabled	b4330a05-a843-4bc8-bf9a-cacce50c67f4	Search	Default AuditIfNotExists Allowed AuditIfNotExists, Disabled	0		GA
Role-Based Access Control (RBAC) should be used on Kubernetes Services	ac4a19c2-fa67-49b4-8ae5-0b2e78c49457	Security Center	Default Audit Allowed Audit, Disabled	0		GA
SQL databases should have vulnerability findings resolved	feedbf84-6b99-488c-acc2-71c829aa5ffc	Security Center	Default AuditIfNotExists Allowed AuditIfNotExists, Disabled	0		GA
SQL servers with auditing to storage account destination should be configured with 90 days retention or higher	89099bee-89e0-4b26-a5f4-165451757743	SQL	Default AuditIfNotExists Allowed AuditIfNotExists, Disabled	0		GA
Storage accounts should restrict network access	34c877ad-507e-4c82-993e-3452a6e0ad3c	Storage	Default Audit Allowed Audit, Deny, Disabled	0		GA
Transparent Data Encryption on SQL databases should be enabled	17k78e20-9358-41c9-923c-fb736d382a12	SQL	Default AuditIfNotExists Allowed AuditIfNotExists, Disabled	0		GA
Windows machines should meet requirements for 'Security Options - Accounts'	ee984370-154a-4ee8-9726-19d900e56fc0	Guest Configuration	Default AuditIfNotExists Allowed AuditIfNotExists, Disabled	0		GA
Windows machines should meet requirements for 'Security Options - Microsoft Network Client'	d6c69680-54f0-4349-af10-94dd05f4225e	Guest Configuration	Default AuditIfNotExists Allowed AuditIfNotExists, Disabled	0		GA
Windows machines should meet requirements for 'Security Options - Network Access'	3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd	Guest Configuration	Default AuditIfNotExists Allowed AuditIfNotExists, Disabled	0		GA
Windows machines should meet requirements for 'Security Options - Recovery console'	f71be03e-e25b-4d0f-b8bc-9b3e309b66c0	Guest Configuration	Default AuditIfNotExists Allowed AuditIfNotExists, Disabled	0		GA
Windows machines should meet requirements for 'Security Options - System settings'	12017595-5a75-4bb1-9d97-4c2c939ea3c3	Guest Configuration	Default AuditIfNotExists Allowed AuditIfNotExists, Disabled	0		GA
Windows machines should meet requirements for 'User Rights Assignment'	e068b215-0026-4354-b347-8fb2766f73a2	Guest Configuration	Default AuditIfNotExists Allowed AuditIfNotExists, Disabled	0		GA
Windows machines should meet requirements for 'Windows Firewall Properties'	35d9882c-993d-44e6-87d2-db66ce21b636	Guest Configuration	Default AuditIfNotExists Allowed AuditIfNotExists, Disabled	0		GA

Roles used

Total Roles usage: 8
Total Roles unique usage: 5

Role	Role Id	Policies count	Policies
Monitoring Contributor	749f88d5-cbae-40b8-bcfc-e573ddc772fa	1	Deploy Diagnostic Settings for Network Security Groups
Virtual Machine Contributor	9980e02c-c2be-4d73-94e8-173b1dc7cf3c	1	Deploy default Microsoft IaaSAntimalware extension for Windows Server
SQL Security Manager	056cd41c-7e88-42e1-933e-88ba6a50c9c3	1	Configure Azure Defender to be enabled on SQL servers
Storage Account Contributor	17d1049b-9a84-46fb-8f53-869881c3d3ab	1	Deploy Diagnostic Settings for Network Security Groups
Contributor	b24988ac-6180-42a0-ab88-20f7382dd24c	4	Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities, Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity, Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs, Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs

History

Date/Time (UTC ymd) (i)	Changes
2024-10-15 17:53:51	Version change: '4.3.0-preview' to '4.4.0-preview' remove Policy [Deprecated]: System updates should be installed on your machines (86b3d65f-7626-441e-b690-81a8b71cff60)
2024-09-05 17:48:45	Version change: '4.2.0-preview' to '4.3.0-preview' remove Policy [Deprecated]: Vulnerabilities in security configuration on your virtual machine scale sets should be remediated (3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4)
2024-06-06 18:16:34	Version change: '4.1.0-preview' to '4.2.0-preview' remove Policy [Deprecated]: Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources (0961003e-5a0a-4549-abde-af6a37f2724d)
2023-05-04 17:45:12	add Policy Guest accounts with owner permissions on Azure resources should be removed (339353f6-2387-4a45-abe4-7f529d121046) add Policy Accounts with write permissions on Azure resources should be MFA enabled (931e118d-50a1-4457-a5e4-78550e086c52) Version change: '4.0.3-preview' to '4.1.0-preview' remove Policy [Deprecated]: External accounts with owner permissions should be removed from your subscription (f8456c1c-aa66-4dfb-861a-25d127b775c9) remove Policy [Deprecated]: MFA should be enabled for accounts with write permissions on your subscription (9297c21d-2ed6-4474-b48f-163f75654ce3)
2022-04-07 17:18:35	Version change: '4.0.2-preview' to '4.0.3-preview'
2022-04-01 20:29:13	Description change: 'This initiative includes audit and virtual machine extension deployment policies that address a subset of Motion Picture Association of America (MPAA) security and guidelines controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/mpaa-blueprint.' to 'This initiative includes audit and virtual machine extension deployment policies that address a subset of Motion Picture Association of America (MPAA) security and guidelines controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/mpaa-init.'
2021-01-22 09:14:56	add Policy A vulnerability assessment solution should be enabled on your virtual machines (501541f7-f7e7-4cd6-868c-4190fdad3ac9) remove Policy [Deprecated]: Vulnerabilities should be remediated by a Vulnerability Assessment solution (760a85ff-6162-42b3-8d70-698e268f648c)
2020-09-09 11:24:08	add Policy Audit Windows machines that do not contain the specified certificates in Trusted Root (934345e1-4dfb-4c70-90d7-41990dc9608b) add Policy Audit Windows machines that do not restrict the minimum password length to specified number of characters (a2d0e922-65d0-40c4-8f87-ea6da2d307a2) add Policy Audit Linux machines that don't have the specified applications installed (d3b823c9-e0fc-4453-9fb2-8213b7338523) add Policy Audit Linux machines that allow remote connections from accounts without passwords (ea53dbee-c6c9-4f0e-9f9e-de0039b78023) add Policy Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs (331e8ea8-378a-410f-a2e5-ae22f38bb0da) add Policy Audit Windows machines that contain certificates expiring within the specified number of days (1417908b-4bff-46ee-a2a6-4acc899320ab) remove Policy [Deprecated]: Show audit results from Windows VMs that contain certificates expiring within the specified number of days (9328f27e-611e-44a7-a244-39109d7d35ab) remove Policy [Deprecated]: Deploy prerequisites to audit Linux VMs that do not have the specified applications installed (4d1c04de-2172-403f-901b-90608c35c721) remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs that do not contain the specified certificates in Trusted Root (106ccbe4-a791-4f33-a44a-06796944b8d5) remove Policy [Deprecated]: Show audit results from Windows VMs that do not contain the specified certificates in Trusted Root (f3b9ad83-000d-4dc1-bff0-6d54533dd03f) remove Policy [Deprecated]: Show audit results from Linux VMs that do not have the specified applications installed (fee5cb2b-9d9b-410e-afe3-2902d90d0004) remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs that contain certificates expiring within the specified number of days (c5fbc59e-fb6f-494f-81e2-d99a671bdaa8) remove Policy [Deprecated]: Show audit results from Windows VMs that do not restrict the minimum password length to 14 characters (5aebc8d1-020d-4037-89a0-02043a7524ec) remove Policy [Deprecated]: Deploy prerequisites to audit Linux VMs that allow remote connections from accounts without passwords (ec49586f-4939-402d-a29e-6ff502b20592) remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs that do not restrict the minimum password length to 14 characters (23020aa6-1135-4be2-bae2-149982b06eca) remove Policy [Deprecated]: Show audit results from Linux VMs that allow remote connections from accounts without passwords (2d67222d-05fd-4526-a171-2ee132ad9e83)
2020-08-21 13:50:30	add Policy Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity (497dff13-db2a-4c0f-8603-28fa3b331ab6) add Policy Windows machines should meet requirements for 'Security Options - Recovery console' (f71be03e-e25b-4d0f-b8bc-9b3e309b66c0) add Policy Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs (385f5831-96d4-41db-9a3c-cd3af78aaae6) add Policy Windows machines should meet requirements for 'Windows Firewall Properties' (35d9882c-993d-44e6-87d2-db66ce21b636) add Policy Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities (3cf2ab00-13f1-4d0c-8971-2ac904541a7e) add Policy Windows machines should meet requirements for 'Security Options - Microsoft Network Client' (d6c69680-54f0-4349-af10-94dd05f4225e) add Policy Windows machines should meet requirements for 'Security Options - Accounts' (ee984370-154a-4ee8-9726-19d900e56fc0) add Policy Windows machines should meet requirements for 'Security Options - System settings' (12017595-5a75-4bb1-9d97-4c2c939ea3c3) add Policy Windows machines should meet requirements for 'User Rights Assignment' (e068b215-0026-4354-b347-8fb2766f73a2) add Policy Windows machines should meet requirements for 'Security Options - Network Access' (3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd) remove Policy [Deprecated]: Show audit results from Windows VMs configurations in 'Security Options - Network Access' (30040dab-4e75-4456-8273-14b8f75d91d9) remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - System settings' (437a1f8f-8552-47a8-8b12-a2fee3269dd5) remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Microsoft Network Client' (bbcdd8fa-b600-4ee3-85b8-d184e3339652) remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'User Rights Assignment' (815dcc9f-6662-43f2-9a03-1b83e9876f24) remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Accounts' (e5b81f87-9185-4224-bf00-9f505e9f89f3) remove Policy [Deprecated]: Show audit results from Windows VMs configurations in 'Windows Firewall Properties' (8bbd627e-4d25-4906-9a6e-3789780af3ec) remove Policy [Deprecated]: Show audit results from Windows VMs configurations in 'Security Options - Microsoft Network Client' (fcbc55c9-f25a-4e55-a6cb-33acb3be778b) remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Recovery console' (ddc0a4d5-5e08-43d5-9fd9-b586d8d7116b) remove Policy [Deprecated]: Show audit results from Windows VMs configurations in 'Security Options - Recovery console' (ba12366f-f9a6-42b8-9d98-157d0b1a837b) remove Policy [Deprecated]: Show audit results from Windows VMs configurations in 'Security Options - System settings' (8a39d1f1-5513-4628-b261-f469a5a3341b) remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Windows Firewall Properties' (909c958d-1b99-4c74-b88f-46a5c5bc34f9) remove Policy [Deprecated]: Deploy prerequisites to audit Windows VMs configurations in 'Security Options - Network Access' (f56a3ab2-89d1-44de-ac0d-2ada5962e22a) remove Policy [Deprecated]: Show audit results from Windows VMs configurations in 'Security Options - Accounts' (b872a447-cc6f-43b9-bccf-45703cd81607) remove Policy [Deprecated]: Show audit results from Windows VMs configurations in 'User Rights Assignment' (c961dac9-5916-42e8-8fb1-703148323994)
2020-07-01 14:50:07	remove Policy [Deprecated]: Advanced Threat Protection types should be set to 'All' in SQL Managed Instance advanced data security settings (bda18df3-5e41-4709-add9-2554ce68c966)
2020-06-16 14:55:25	Description change: 'This initiative includes policies that address a subset of Motion Picture Association of America (MPAA) security and guidelines controls. Additional policies will be added in upcoming releases. For more information, please visit https://aka.ms/mpaa-blueprint' to 'This initiative includes audit and virtual machine extension deployment policies that address a subset of Motion Picture Association of America (MPAA) security and guidelines controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/mpaa-blueprint.' Name change: '[Preview]: Audit Motion Picture Association of America (MPAA) controls and deploy specific VM Extensions to support audit requirements' to '[Preview]: Motion Picture Association of America (MPAA)'
2020-01-09 16:38:57	add Initiative 92646f03-e39d-47a9-9e24-58d60ef49af8

JSON compare

compare mode: version left: version right:

JSON

api-version=2021-06-01
EPAC