Azure Policy built-in initiative definitions

This page is an index of Azure Policy built-in initiative definitions.

The name on each built-in links to the initiative definition source on the Azure Policy GitHub repo. The built-ins are grouped by the category property in metadata. To jump to a specific category, use the menu on the right side of the page. Otherwise, use Ctrl-F to use your browser's search feature.

Cosmos DB

Name Description Policies Version
Enable Azure Cosmos DB throughput policy Enable throughput control for Azure Cosmos DB resources in the specified scope (Management group, Subscription or resource group). Takes max throughput as parameter. Use this policy to help enforce throughput control via the resource provider. 2 1.0.0

Guest Configuration

Name Description Policies Version
Audit machines with insecure password security settings This initiative deploys the policy requirements and audits machines with insecure password security settings. For more information on Guest Configuration policies, please visit https://aka.ms/gcpol 9 1.0.0
Deploy prerequisites to enable Guest Configuration policies on virtual machines This initiative adds a system-assigned managed identity and deploys the platform-appropriate Guest Configuration extension to virtual machines that are eligible to be monitored by Guest Configuration policies. This is a prerequisite for all Guest Configuration policies and must be assigned to the policy assignment scope before using any Guest Configuration policy. For more information on Guest Configuration, visit https://aka.ms/gcpol. 4 1.0.0-preview
Windows machines should meet requirements for the Azure security baseline This initiative audits Windows machines with settings that do not meet the Azure security baseline. For details, please visit https://aka.ms/gcpol 29 2.0.0-preview

Kubernetes

Name Description Policies Version
Kubernetes cluster pod security baseline standards for Linux-based workloads This initiative includes the policies for the Kubernetes cluster pod security baseline standards. For instructions on using this policy, visit https://aka.ms/kubepolicydoc. 5 1.0.0-preview
Kubernetes cluster pod security restricted standards for Linux-based workloads This initiative includes the policies for the Kubernetes cluster pod security restricted standards. For instructions on using this policy, visit https://aka.ms/kubepolicydoc. 8 2.0.0-preview

Monitoring

Name Description Policies Version
Enable Azure Monitor for Virtual Machine Scale Sets Enable Azure Monitor for the Virtual Machine Scale Sets in the specified scope (Management group, Subscription or resource group). Takes Log Analytics workspace as parameter. Note: if your scale set upgradePolicy is set to Manual, you need to apply the extension to the all VMs in the set by calling upgrade on them. In CLI this would be az vmss update-instances. 6 1.0.1
Enable Azure Monitor for VMs Enable Azure Monitor for the virtual machines (VMs) in the specified scope (management group, subscription or resource group). Takes Log Analytics workspace as parameter. 10 2.0.0

Regulatory Compliance

Name Description Policies Version
Australian Government ISM PROTECTED This initiative includes audit and virtual machine extension deployment policies that address a subset of Australian Government Information Security Manual(ISM) controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/AustralianGovernmentISM-blueprint. 62 3.0.0-preview
Azure Security Benchmark This initiative includes audit and virtual machine extension deployment policies that address a subset of Azure Security Benchmark recommendations. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/azsecbm. 137 6.0.0-preview
Canada Federal PBMM This initiative includes audit and virtual machine extension deployment policies that address a subset of Canada Federal PBMM controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/canadafederalpbmm-blueprint. 60 3.0.0
CIS Microsoft Azure Foundations Benchmark 1.1.0 This initiative includes audit policies that address a subset of CIS Microsoft Azure Foundations Benchmark recommendations. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/cisazure-blueprint. 87 7.0.0
FedRAMP High This initiative includes audit and virtual machine extension deployment policies that address a subset of FedRAMP H controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/fedramph-blueprint. 72 3.0.0
FedRAMP Moderate This initiative includes audit and virtual machine extension deployment policies that address a subset of FedRAMP M controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/fedrampm-blueprint. 62 3.0.0
HITRUST/HIPAA This initiative includes audit and virtual machine extension deployment policies that address a subset of HITRUST/HIPAA controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/hipaa-blueprint. 121 4.0.0
IRS1075 September 2016 This initiative includes audit and virtual machine extension deployment policies that address a subset of IRS1075 September 2016 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/irs1075-blueprint. 62 3.0.0
ISO 27001:2013 This initiative includes audit and virtual machine extension deployment policies that address a subset of ISO 27001:2013 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/iso27001-blueprint. 53 3.0.0
Motion Picture Association of America (MPAA) This initiative includes audit and virtual machine extension deployment policies that address a subset of Motion Picture Association of America (MPAA) security and guidelines controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/mpaa-blueprint. 36 3.0.0-preview
NIST SP 800-171 R2 This initiative includes audit and virtual machine extension policies that address a subset of NIST SP 800-171 R2 requirements. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/nist800171r2-blueprint. 78 4.0.0-preview
NIST SP 800-53 R4 This initiative includes audit and virtual machine extension deployment policies that address a subset of NIST SP 800-53 R4 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/nist80053-blueprint. 790 3.0.0
PCI v3.2.1:2018 This initiative includes audit and virtual machine extension deployment policies that address a subset of PCI v3.2.1:2018 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/pciv321-init. 39 2.0.0-preview
SWIFT CSP-CSCF v2020 This initiative includes audit and virtual machine extension deployment policies that address a subset of SWIFT CSP-CSCF v2020 controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/swift-blueprint. 61 3.0.0-preview
UK OFFICIAL and UK NHS This initiative includes audit and virtual machine extension deployment policies that address a subset of UK OFFICIAL and UK NHS controls. Additional policies will be added in upcoming releases. For more information, visit https://aka.ms/ukofficial-blueprint and https://aka.ms/uknhs-blueprint. 59 4.0.0

Security Center

Name Description Policies Version
[Preview]: Enable Data Protection Suite Enable data protection for SQL servers. This initiative is assigned automatically by Azure Security Center Standard Tier. 1 1.0.0-preview
Enable Monitoring in Azure Security Center Monitor all the available security recommendations in Azure Security Center. This is the default policy for Azure Security Center. 118 13.0.1

Next steps