Merge pull request #5 from ZekeStarr/main

madiepev · web-flow · commit 1b69419ea504 · 2023-03-03T11:31:01.000+01:00
Azure Policies
diff --git a/Policies/DP-100 Base + LP11.json b/Policies/DP-100 Base + LP11.json
@@ -0,0 +1,52 @@
+{
+    "if": {
+        "not": {
+            "anyOf": [                           
+                {
+                    "field": "type",
+                    "contains": "Microsoft.Storage/storageAccounts"
+                },
+                {
+                    "field": "type",
+                    "contains": "Microsoft.insights/"
+                },
+                {
+                    "field": "type",
+                    "contains": "Microsoft.ContainerInstance/containerGroups"
+                },
+                {
+                    "field": "type",
+                    "contains": "Microsoft.ContainerRegistry/registries"
+                },
+                {
+                    "field": "type",
+                    "contains": "Microsoft.KeyVault/vaults"
+                },
+                {
+                    "field": "type",
+                    "contains": "Microsoft.AlertsManagement/smartDetectorAlertRules"
+                },
+                {
+                    "field": "type",
+                    "contains": "Microsoft.OperationalInsights/workspaces"
+                },
+                {
+                    "field":"type",
+                    "equals":"Microsoft.MachineLearningServices/workspaces"
+                },
+                {
+                    "field":"type",
+                    "contains":"Microsoft.MachineLearningServices/workspaces/onlineEndpoints"
+                },
+                {
+                    "field":"type",
+                    "contains":"Microsoft.MachineLearningServices/workspaces/batchEndpoints"
+                }
+            ]
+            
+        }
+    },
+    "then": {
+        "effect": "Deny"
+    }
+}
diff --git a/Policies/DP-100 Base.json b/Policies/DP-100 Base.json
@@ -0,0 +1,44 @@
+{
+    "if": {
+        "not": {
+            "anyOf": [                           
+                {
+                    "field": "type",
+                    "contains": "Microsoft.Storage/storageAccounts"
+                },
+                {
+                    "field": "type",
+                    "contains": "Microsoft.insights/"
+                },
+                {
+                    "field": "type",
+                    "contains": "Microsoft.ContainerInstance/containerGroups"
+                },
+                {
+                    "field": "type",
+                    "contains": "Microsoft.ContainerRegistry/registries"
+                },
+                {
+                    "field": "type",
+                    "contains": "Microsoft.KeyVault/vaults"
+                },
+                {
+                    "field": "type",
+                    "contains": "Microsoft.AlertsManagement/smartDetectorAlertRules"
+                },
+                {
+                    "field": "type",
+                    "contains": "Microsoft.OperationalInsights/workspaces"
+                },
+                {
+                    "field":"type",
+                    "equals":"Microsoft.MachineLearningServices/workspaces"
+                }
+            ]
+            
+        }
+    },
+    "then": {
+        "effect": "Deny"
+    }
+}
diff --git a/Policies/Required Resource Providers.md b/Policies/Required Resource Providers.md
@@ -0,0 +1,15 @@
+## Required Resource Providers
+
+Microsoft.Insights
+
+Microsoft.ContainerInstance
+
+Microsoft.ContainerRegistry
+
+Microsoft.KeyVault
+
+Microsoft.AlertsManagement
+
+Microsoft.OperationalInsights
+
+Microsoft.MachineLearningServices
