diff --git a/docs/wiki/ALZ-Policies.md b/docs/wiki/ALZ-Policies.md index 55284c734..86c9b85e6 100644 --- a/docs/wiki/ALZ-Policies.md +++ b/docs/wiki/ALZ-Policies.md @@ -70,8 +70,9 @@ This management group is a parent to all the other management groups created wit | **Policy Type** | **Count** | | :--- | :---: | -| `Policy Definition Sets` | **13** | -| `Policy Definitions` | **3** | +| `Policy Definition Sets` | **12** | +| `Policy Definitions` | **4** | + The table below provides the specific **Custom** and **Built-in** **policy definitions** and **policy definitions sets** assigned at the **Intermediate Root Management Group**. @@ -81,8 +82,8 @@ The table below provides the specific **Custom** and **Built-in** **policy defin | **Deploy Microsoft Defender for Cloud configuration** | **Deploy Microsoft Defender for Cloud configuration** | `Policy Definition Set`, **Custom** | Configures all the MDFC settings, such as Microsoft Defender for Cloud per individual service, security contacts, and export from MDFC to Log Analytics workspace | DeployIfNotExists | | **[Preview]: Deploy Microsoft Defender for Endpoint agent** | **[Preview]: Deploy Microsoft Defender for Endpoint agent** | `Policy Definition Set`, **Built-in** | Deploy Microsoft Defender for Endpoint agent on applicable images. | DeployIfNotExists | | **Configure multiple Microsoft Defender for Endpoint integration settings with Microsoft Defender for Cloud** | **Configure multiple Microsoft Defender for Endpoint integration settings with Microsoft Defender for Cloud** | `Policy Definition Set`, **Built-in** | Configure multiple Microsoft Defender for Endpoint integration settings with Microsoft Defender for Cloud images. | DeployIfNotExists | -| **Deploy-Diag-Logs** | **Deploy Diagnostic Settings to Azure Services** | `Policy Definition Set`, **Custom** | This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. | DeployIfNotExists | -| **Enable Monitoring in Azure Security Center** | **Azure Security Benchmark** | `Policy Definition Set`, **Built-in** | The Microsoft Cloud Security Benchmark initiative represents the policies and controls implementing security recommendations defined in Microsoft Cloud Security Benchmark v1, see https://aka.ms/azsecbm. This also serves as the Azure Security Center default policy initiative. You can directly assign this initiative, or manage its policies and compliance results within Azure Security Center. | Audit, AuditIfNotExists, Disabled | +| **"Enable allLogs category group resource logging for supported resources to Log Analytics** or | **Deploy Diagnostic Settings to Azure Services** | `Policy Definition Set`, **Custom** | This policy set deploys the configurations of application Azure resources to forward diagnostic logs and metrics to an Azure Log Analytics workspace. | DeployIfNotExists | +| **Enable Monitoring in Microsoft Defender for Cloud** | **Azure Security Benchmark** | `Policy Definition Set`, **Built-in** | The Microsoft Cloud Security Benchmark initiative represents the policies and controls implementing security recommendations defined in Microsoft Cloud Security Benchmark v1, see . This also serves as the Azure Security Center default policy initiative. You can directly assign this initiative, or manage its policies and compliance results within Azure Security Center. | Audit, AuditIfNotExists, Disabled | | **Configure Azure Defender to be enabled on SQL Servers and SQL Managed Instances** | **Configure Azure Defender to be enabled on SQL Servers and SQL Managed Instances** | `Policy Definition Set`, **Built-in** | Enable Azure Defender on your SQL Servers and SQL Managed Instances to detect anomalous activities indicating unusual and potentially harmful attempts to access or exploit databases. | DeployIfNotExists | | **Configure Advanced Threat Protection to be enabled on open-source relational databases** | **Configure Advanced Threat Protection to be enabled on open-source relational databases** | `Policy Definition Set`, **Built-in** | Enable Advanced Threat Protection on your non-Basic tier open-source relational databases to detect anomalous activities indicating unusual and potentially harmful attempts to access or exploit databases. See https://aka.ms/AzDforOpenSourceDBsDocu. | DeployIfNotExists | | **Deploy Diagnostic Settings for Activity Log to Log Analytics workspace** | **Configure Azure Activity logs to stream to specified Log Analytics workspace** | `Policy Definition`, **Built-in** | Deploys the diagnostic settings for Azure Activity to stream subscriptions audit logs to a Log Analytics workspace to monitor subscription-level events | DeployIfNotExists | @@ -229,7 +230,8 @@ This is the parent management group for all the landing zone child management gr | **Policy Type** | **Count** | | :--- | :---: | | `Policy Definition Sets` | **13** | -| `Policy Definitions` | **15** | +| `Policy Definitions` | **20** | + The table below provides the specific **Custom** and **Built-in** **policy definitions** and **policy definitions sets** assigned at the **Landing Zones Management Group**.