| Policy DisplayName |
Policy Id |
Category |
Effect |
Roles# |
Roles |
State |
Type |
| Configure Azure Defender for App Service to be enabled |
b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d |
Security Center |
Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled |
1 |
Security Admin |
GA |
BuiltIn |
| Configure Azure Defender for Azure SQL database to be enabled |
b99b73e7-074b-4089-9395-b7236f094491 |
Security Center |
Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled |
1 |
Security Admin |
GA |
BuiltIn |
| Configure Azure Defender for open-source relational databases to be enabled |
44433aa3-7ec2-4002-93ea-65c65ff0310a |
Security Center |
Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled |
1 |
Security Admin |
GA |
BuiltIn |
| Configure Azure Defender for Resource Manager to be enabled |
b7021b2b-08fd-4dc0-9de7-3c6ece09faf9 |
Security Center |
Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled |
1 |
Security Admin |
GA |
BuiltIn |
| Configure Azure Defender for servers to be enabled |
8e86a5b6-b9bd-49d1-8e21-4bb8a0862222 |
Security Center |
Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled |
1 |
Security Admin |
GA |
BuiltIn |
| Configure Azure Defender for SQL servers on machines to be enabled |
50ea7265-7d8c-429e-9a7d-ca1f410191c3 |
Security Center |
Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled |
1 |
Security Admin |
GA |
BuiltIn |
| Configure Azure Kubernetes Service clusters to enable Defender profile |
64def556-fbad-4622-930e-72d1d5589bf5 |
Kubernetes |
Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled |
2 |
Defender Kubernetes Agent Operator, Kubernetes Agent Operator |
GA |
BuiltIn |
| Configure machines to receive a vulnerability assessment provider |
13ce0167-8ca6-4048-8e6b-f996402e3c1b |
Security Center |
Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled |
1 |
Security Admin |
GA |
BuiltIn |
| Configure Microsoft Defender CSPM plan |
72f8cee7-2937-403d-84a1-a4e3e57f3c21 |
Security Center |
Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled |
1 |
Owner |
GA |
BuiltIn |
| Configure Microsoft Defender for Azure Cosmos DB to be enabled |
82bf5b87-728b-4a74-ba4d-6123845cf542 |
Security Center |
Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled |
1 |
Security Admin |
GA |
BuiltIn |
| Configure Microsoft Defender for Containers to be enabled |
c9ddb292-b203-4738-aead-18e2716e858f |
Security Center |
Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled |
1 |
Security Admin |
GA |
BuiltIn |
| Configure Microsoft Defender for Key Vault plan |
1f725891-01c0-420a-9059-4fa46cb770b7 |
Security Center |
Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled |
1 |
Security Admin |
GA |
BuiltIn |
| Configure Microsoft Defender for Storage to be enabled |
cfdc5972-75b3-4418-8ae1-7f5c36839390 |
Security Center |
Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled |
1 |
Owner |
GA |
BuiltIn |
| Deploy Azure Policy Add-on to Azure Kubernetes Service clusters |
a8eff44f-8c92-45c3-a3fb-9880802d67a7 |
Kubernetes |
Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled |
2 |
Azure Kubernetes Service Contributor Role, Azure Kubernetes Service Policy Add-on Deployment |
GA |
BuiltIn |
| Deploy export to Log Analytics workspace for Microsoft Defender for Cloud data |
ffb6f416-7bd2-4488-8828-56585fef2be9 |
Security Center |
Fixed
deployIfNotExists |
1 |
Contributor |
GA |
BuiltIn |
| Deploy Microsoft Defender for Cloud Security Contacts |
Deploy-ASC-SecurityContacts |
Security Center |
Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled |
1 |
Security Admin |
GA |
ALZ |
| Setup subscriptions to transition to an alternative vulnerability assessment solution |
766e621d-ba95-4e43-a6f2-e945db3d7888 |
Security Center |
Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled |
1 |
Security Admin |
GA |
BuiltIn |