From 7f1b8fa4188acb55e86e69ab1ccb33e5424b3eff Mon Sep 17 00:00:00 2001
From: Kinnaird McQuade <kmcquade@salesforce.com>
Date: Sat, 13 Mar 2021 06:15:13 -0500
Subject: [PATCH] Update table files

---
 docs/no-params.csv       | 647 ++++++-------------------------
 docs/no-params.md        | 801 ++++++++++-----------------------------
 docs/params-optional.csv | 227 +++--------
 docs/params-optional.md  | 299 +++++----------
 docs/params-required.csv | 227 +++--------
 docs/params-required.md  | 299 +++++----------
 6 files changed, 615 insertions(+), 1885 deletions(-)

diff --git a/docs/no-params.csv b/docs/no-params.csv
index 664c41e..70add01 100644
--- a/docs/no-params.csv
+++ b/docs/no-params.csv
@@ -1,184 +1,67 @@
-Service,Policy Definition,Azure Security Benchmark,CIS,CCMC L3,ISO 27001,NIST SP 800-53 R4,NIST SP 800-171 R2,HIPAA HITRUST 9.2,New Zealand ISM,Policy Link
+Service,Policy Definition,Azure Security Benchmark,CIS,CCMC L3,ISO 27001,NIST SP 800-53 R4,NIST SP 800-171 R2,HIPAA HITRUST 9.2,New Zealand ISM,Link
 API for FHIR,Azure API for FHIR should use a customer-managed key to encrypt data at rest,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/API%20for%20FHIR/HealthcareAPIs_EnableByok_Audit.json
 API for FHIR,CORS should not allow every domain to access your API for FHIR,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/API%20for%20FHIR/HealthcareAPIs_RestrictCORSAccess_Audit.json
 App Configuration,App Configuration should use private link,NS-3,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Configuration/PrivateLink_Audit.json
-App Service,API App should only be accessible over HTTPS,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceApiApp_AuditHTTP_Audit.json
-App Service,API App should only be accessible over HTTPS,,,,,,,,SS-8,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceApiApp_AuditHTTP_Audit.json
-App Service,API App should only be accessible over HTTPS,,,,,,,ID : 0949.09y2Organizational.5 - 09.y,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceApiApp_AuditHTTP_Audit.json
-App Service,API App should only be accessible over HTTPS,,,,,,3.13.8,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceApiApp_AuditHTTP_Audit.json
-App Service,API App should only be accessible over HTTPS,,,,,SC-8 (1),,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceApiApp_AuditHTTP_Audit.json
-App Service,API App should only be accessible over HTTPS,,,,A.10.1.1,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceApiApp_AuditHTTP_Audit.json
-App Service,API App should only be accessible over HTTPS,DP-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceApiApp_AuditHTTP_Audit.json
+App Service,API App should only be accessible over HTTPS,DP-4,,,A.10.1.1,SC-8 (1),3.13.8,0949.09y2Organizational.5 - 09.y,SS-8,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceApiApp_AuditHTTP_Audit.json
 App Service,Authentication should be enabled on your API app,,9.1,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_Authentication_ApiApp_Audit.json
 App Service,Authentication should be enabled on your Function app,,9.1,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_Authentication_functionapp_Audit.json
 App Service,Authentication should be enabled on your web app,,9.1,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_Authentication_WebApp_Audit.json
-App Service,CORS should not allow every resource to access your API App,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RestrictCORSAccess_ApiApp_Audit.json
-App Service,CORS should not allow every resource to access your API App,,,,,,,ID : 0911.09s1Organizational.2 - 09.s,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RestrictCORSAccess_ApiApp_Audit.json
-App Service,CORS should not allow every resource to access your API App,PV-2,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RestrictCORSAccess_ApiApp_Audit.json
-App Service,CORS should not allow every resource to access your Function Apps,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RestrictCORSAccess_FuntionApp_Audit.json
-App Service,CORS should not allow every resource to access your Function Apps,,,,,,,ID : 0960.09sCSPOrganizational.1 - 09.s,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RestrictCORSAccess_FuntionApp_Audit.json
-App Service,CORS should not allow every resource to access your Function Apps,PV-2,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RestrictCORSAccess_FuntionApp_Audit.json
-App Service,CORS should not allow every resource to access your Web Applications,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RestrictCORSAccess_WebApp_Audit.json
-App Service,CORS should not allow every resource to access your Web Applications,,,,,,,,SS-8,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RestrictCORSAccess_WebApp_Audit.json
-App Service,CORS should not allow every resource to access your Web Applications,,,,,,,ID : 0916.09s2Organizational.4 - 09.s,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RestrictCORSAccess_WebApp_Audit.json
-App Service,CORS should not allow every resource to access your Web Applications,,,,,,3.1.3,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RestrictCORSAccess_WebApp_Audit.json
-App Service,CORS should not allow every resource to access your Web Applications,,,,,AC-4,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RestrictCORSAccess_WebApp_Audit.json
-App Service,CORS should not allow every resource to access your Web Applications,PV-2,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RestrictCORSAccess_WebApp_Audit.json
-App Service,Diagnostic logs in App Services should be enabled,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_AuditLoggingMonitoring_Audit.json
-App Service,Diagnostic logs in App Services should be enabled,,,,,,,ID : 1209.09aa3System.2 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_AuditLoggingMonitoring_Audit.json
-App Service,Diagnostic logs in App Services should be enabled,,5.3,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_AuditLoggingMonitoring_Audit.json
-App Service,Diagnostic logs in App Services should be enabled,LT-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_AuditLoggingMonitoring_Audit.json
-App Service,Ensure API app has 'Client Certificates (Incoming client certificates)' set to 'On',,9.4,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_ClientCert.json
-App Service,Ensure API app has 'Client Certificates (Incoming client certificates)' set to 'On',PV-2,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_ClientCert.json
-App Service,Ensure WEB app has 'Client Certificates (Incoming client certificates)' set to 'On',,,,,,,ID : 0915.09s2Organizational.2 - 09.s,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_Webapp_Audit_ClientCert.json
-App Service,Ensure WEB app has 'Client Certificates (Incoming client certificates)' set to 'On',,9.4,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_Webapp_Audit_ClientCert.json
-App Service,Ensure WEB app has 'Client Certificates (Incoming client certificates)' set to 'On',PV-2,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_Webapp_Audit_ClientCert.json
-App Service,"Ensure that 'HTTP Version' is the latest, if used to run the API app",,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_HTTP_Latest.json
-App Service,"Ensure that 'HTTP Version' is the latest, if used to run the API app",,,,,,3.14.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_HTTP_Latest.json
-App Service,"Ensure that 'HTTP Version' is the latest, if used to run the API app",,9.9,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_HTTP_Latest.json
-App Service,"Ensure that 'HTTP Version' is the latest, if used to run the Function app",,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_HTTP_Latest.json
-App Service,"Ensure that 'HTTP Version' is the latest, if used to run the Function app",,,,,,3.14.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_HTTP_Latest.json
-App Service,"Ensure that 'HTTP Version' is the latest, if used to run the Function app",,9.9,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_HTTP_Latest.json
-App Service,"Ensure that 'HTTP Version' is the latest, if used to run the Web app",,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_HTTP_Latest.json
-App Service,"Ensure that 'HTTP Version' is the latest, if used to run the Web app",,,,,,3.14.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_HTTP_Latest.json
-App Service,"Ensure that 'HTTP Version' is the latest, if used to run the Web app",,9.9,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_HTTP_Latest.json
-App Service,FTPS only should be required in your API App,,9.10,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_AuditFTPS_ApiApp_Audit.json
-App Service,FTPS only should be required in your API App,DP-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_AuditFTPS_ApiApp_Audit.json
-App Service,FTPS only should be required in your Function App,,9.10,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_AuditFTPS_FunctionApp_Audit.json
-App Service,FTPS only should be required in your Function App,DP-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_AuditFTPS_FunctionApp_Audit.json
-App Service,FTPS should be required in your Web App,,9.10,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_AuditFTPS_WebApp_Audit.json
-App Service,FTPS should be required in your Web App,DP-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_AuditFTPS_WebApp_Audit.json
-App Service,Function App should only be accessible over HTTPS,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceFunctionApp_AuditHTTP_Audit.json
-App Service,Function App should only be accessible over HTTPS,,,,,,,,SS-8,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceFunctionApp_AuditHTTP_Audit.json
-App Service,Function App should only be accessible over HTTPS,,,,,,,ID : 0949.09y2Organizational.5 - 09.y,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceFunctionApp_AuditHTTP_Audit.json
-App Service,Function App should only be accessible over HTTPS,,,,,,3.13.8,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceFunctionApp_AuditHTTP_Audit.json
-App Service,Function App should only be accessible over HTTPS,,,,,SC-8 (1),,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceFunctionApp_AuditHTTP_Audit.json
-App Service,Function App should only be accessible over HTTPS,,,,A.10.1.1,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceFunctionApp_AuditHTTP_Audit.json
-App Service,Function App should only be accessible over HTTPS,DP-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceFunctionApp_AuditHTTP_Audit.json
-App Service,Function apps should have 'Client Certificates (Incoming client certificates)' enabled,,9.4,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_ClientCert.json
-App Service,Function apps should have 'Client Certificates (Incoming client certificates)' enabled,PV-2,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_ClientCert.json
-App Service,Latest TLS version should be used in your API App,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RequireLatestTls_ApiApp_Audit.json
-App Service,Latest TLS version should be used in your API App,,,,,,,,CR-6,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RequireLatestTls_ApiApp_Audit.json
-App Service,Latest TLS version should be used in your API App,,,,,,,ID : 0949.09y2Organizational.5 - 09.y,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RequireLatestTls_ApiApp_Audit.json
-App Service,Latest TLS version should be used in your API App,,,,,,3.14.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RequireLatestTls_ApiApp_Audit.json
-App Service,Latest TLS version should be used in your API App,,9.3,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RequireLatestTls_ApiApp_Audit.json
-App Service,Latest TLS version should be used in your API App,DP-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RequireLatestTls_ApiApp_Audit.json
-App Service,Latest TLS version should be used in your Function App,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RequireLatestTls_FunctionApp_Audit.json
-App Service,Latest TLS version should be used in your Function App,,,,,,,,CR-6,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RequireLatestTls_FunctionApp_Audit.json
-App Service,Latest TLS version should be used in your Function App,,,,,,,ID : 0949.09y2Organizational.5 - 09.y,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RequireLatestTls_FunctionApp_Audit.json
-App Service,Latest TLS version should be used in your Function App,,,,,,3.14.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RequireLatestTls_FunctionApp_Audit.json
-App Service,Latest TLS version should be used in your Function App,,9.3,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RequireLatestTls_FunctionApp_Audit.json
-App Service,Latest TLS version should be used in your Function App,DP-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RequireLatestTls_FunctionApp_Audit.json
-App Service,Latest TLS version should be used in your Web App,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RequireLatestTls_WebApp_Audit.json
-App Service,Latest TLS version should be used in your Web App,,,,,,,,CR-6,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RequireLatestTls_WebApp_Audit.json
-App Service,Latest TLS version should be used in your Web App,,,,,,,ID : 0949.09y2Organizational.5 - 09.y,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RequireLatestTls_WebApp_Audit.json
-App Service,Latest TLS version should be used in your Web App,,,,,,3.14.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RequireLatestTls_WebApp_Audit.json
-App Service,Latest TLS version should be used in your Web App,,9.3,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RequireLatestTls_WebApp_Audit.json
-App Service,Latest TLS version should be used in your Web App,DP-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RequireLatestTls_WebApp_Audit.json
-App Service,Managed identity should be used in your API App,,9.5,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_UseManagedIdentity_ApiApp_Audit.json
-App Service,Managed identity should be used in your API App,IM-2,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_UseManagedIdentity_ApiApp_Audit.json
-App Service,Managed identity should be used in your Function App,,9.5,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_UseManagedIdentity_FunctionApp_Audit.json
-App Service,Managed identity should be used in your Function App,IM-2,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_UseManagedIdentity_FunctionApp_Audit.json
-App Service,Managed identity should be used in your Web App,,9.5,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_UseManagedIdentity_WebApp_Audit.json
-App Service,Managed identity should be used in your Web App,IM-2,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_UseManagedIdentity_WebApp_Audit.json
-App Service,Remote debugging should be turned off for API Apps,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_DisableRemoteDebugging_ApiApp_Audit.json
-App Service,Remote debugging should be turned off for API Apps,,,,,,,,AC-7,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_DisableRemoteDebugging_ApiApp_Audit.json
-App Service,Remote debugging should be turned off for API Apps,,,,,,,ID : 0914.09s1Organizational.6 - 09.s,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_DisableRemoteDebugging_ApiApp_Audit.json
-App Service,Remote debugging should be turned off for API Apps,,,,,,3.1.12,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_DisableRemoteDebugging_ApiApp_Audit.json
-App Service,Remote debugging should be turned off for API Apps,,,,,AC-17 (1),,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_DisableRemoteDebugging_ApiApp_Audit.json
-App Service,Remote debugging should be turned off for API Apps,PV-2,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_DisableRemoteDebugging_ApiApp_Audit.json
-App Service,Remote debugging should be turned off for Function Apps,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_DisableRemoteDebugging_FunctionApp_Audit.json
-App Service,Remote debugging should be turned off for Function Apps,,,,,,,,AC-7,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_DisableRemoteDebugging_FunctionApp_Audit.json
-App Service,Remote debugging should be turned off for Function Apps,,,,,,,ID : 1325.09s1Organizational.3 - 09.s,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_DisableRemoteDebugging_FunctionApp_Audit.json
-App Service,Remote debugging should be turned off for Function Apps,,,,,,3.1.12,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_DisableRemoteDebugging_FunctionApp_Audit.json
-App Service,Remote debugging should be turned off for Function Apps,,,,,AC-17 (1),,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_DisableRemoteDebugging_FunctionApp_Audit.json
-App Service,Remote debugging should be turned off for Function Apps,PV-2,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_DisableRemoteDebugging_FunctionApp_Audit.json
-App Service,Remote debugging should be turned off for Web Applications,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_DisableRemoteDebugging_WebApp_Audit.json
-App Service,Remote debugging should be turned off for Web Applications,,,,,,,,AC-7,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_DisableRemoteDebugging_WebApp_Audit.json
-App Service,Remote debugging should be turned off for Web Applications,,,,,,,ID : 0912.09s1Organizational.4 - 09.s,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_DisableRemoteDebugging_WebApp_Audit.json
-App Service,Remote debugging should be turned off for Web Applications,,,,,,3.1.12,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_DisableRemoteDebugging_WebApp_Audit.json
-App Service,Remote debugging should be turned off for Web Applications,,,,,AC-17 (1),,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_DisableRemoteDebugging_WebApp_Audit.json
-App Service,Remote debugging should be turned off for Web Applications,PV-2,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_DisableRemoteDebugging_WebApp_Audit.json
-App Service,Web Application should only be accessible over HTTPS,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceWebapp_AuditHTTP_Audit.json
-App Service,Web Application should only be accessible over HTTPS,,,,,,,,SS-8,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceWebapp_AuditHTTP_Audit.json
-App Service,Web Application should only be accessible over HTTPS,,,,,,,ID : 0949.09y2Organizational.5 - 09.y,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceWebapp_AuditHTTP_Audit.json
-App Service,Web Application should only be accessible over HTTPS,,,,,,3.13.8,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceWebapp_AuditHTTP_Audit.json
-App Service,Web Application should only be accessible over HTTPS,,,,,SC-8 (1),,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceWebapp_AuditHTTP_Audit.json
-App Service,Web Application should only be accessible over HTTPS,,,,A.10.1.1,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceWebapp_AuditHTTP_Audit.json
-App Service,Web Application should only be accessible over HTTPS,,9.2,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceWebapp_AuditHTTP_Audit.json
-App Service,Web Application should only be accessible over HTTPS,DP-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceWebapp_AuditHTTP_Audit.json
-Automation,Automation account variables should be encrypted,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Automation/Automation_AuditUnencryptedVars_Audit.json
-Automation,Automation account variables should be encrypted,,,,A.10.1.1,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Automation/Automation_AuditUnencryptedVars_Audit.json
-Automation,Automation account variables should be encrypted,DP-5,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Automation/Automation_AuditUnencryptedVars_Audit.json
+App Service,CORS should not allow every resource to access your API App,PV-2,,,,,,0911.09s1Organizational.2 - 09.s,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RestrictCORSAccess_ApiApp_Audit.json
+App Service,CORS should not allow every resource to access your Function Apps,PV-2,,,,,,0960.09sCSPOrganizational.1 - 09.s,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RestrictCORSAccess_FuntionApp_Audit.json
+App Service,CORS should not allow every resource to access your Web Applications,PV-2,,,,AC-4,3.1.3,0916.09s2Organizational.4 - 09.s,SS-8,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RestrictCORSAccess_WebApp_Audit.json
+App Service,Diagnostic logs in App Services should be enabled,LT-4,5.3,,,,,1209.09aa3System.2 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_AuditLoggingMonitoring_Audit.json
+App Service,Ensure API app has 'Client Certificates (Incoming client certificates)' set to 'On',PV-2,9.4,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_ClientCert.json
+App Service,Ensure WEB app has 'Client Certificates (Incoming client certificates)' set to 'On',PV-2,9.4,,,,,0915.09s2Organizational.2 - 09.s,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_Webapp_Audit_ClientCert.json
+App Service,"Ensure that 'HTTP Version' is the latest, if used to run the API app",,9.9,,,,3.14.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_HTTP_Latest.json
+App Service,"Ensure that 'HTTP Version' is the latest, if used to run the Function app",,9.9,,,,3.14.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_HTTP_Latest.json
+App Service,"Ensure that 'HTTP Version' is the latest, if used to run the Web app",,9.9,,,,3.14.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_HTTP_Latest.json
+App Service,FTPS only should be required in your API App,DP-4,9.10,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_AuditFTPS_ApiApp_Audit.json
+App Service,FTPS only should be required in your Function App,DP-4,9.10,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_AuditFTPS_FunctionApp_Audit.json
+App Service,FTPS should be required in your Web App,DP-4,9.10,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_AuditFTPS_WebApp_Audit.json
+App Service,Function App should only be accessible over HTTPS,DP-4,,,A.10.1.1,SC-8 (1),3.13.8,0949.09y2Organizational.5 - 09.y,SS-8,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceFunctionApp_AuditHTTP_Audit.json
+App Service,Function apps should have 'Client Certificates (Incoming client certificates)' enabled,PV-2,9.4,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_ClientCert.json
+App Service,Latest TLS version should be used in your API App,DP-4,9.3,,,,3.14.1,0949.09y2Organizational.5 - 09.y,CR-6,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RequireLatestTls_ApiApp_Audit.json
+App Service,Latest TLS version should be used in your Function App,DP-4,9.3,,,,3.14.1,0949.09y2Organizational.5 - 09.y,CR-6,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RequireLatestTls_FunctionApp_Audit.json
+App Service,Latest TLS version should be used in your Web App,DP-4,9.3,,,,3.14.1,0949.09y2Organizational.5 - 09.y,CR-6,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RequireLatestTls_WebApp_Audit.json
+App Service,Managed identity should be used in your API App,IM-2,9.5,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_UseManagedIdentity_ApiApp_Audit.json
+App Service,Managed identity should be used in your Function App,IM-2,9.5,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_UseManagedIdentity_FunctionApp_Audit.json
+App Service,Managed identity should be used in your Web App,IM-2,9.5,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_UseManagedIdentity_WebApp_Audit.json
+App Service,Remote debugging should be turned off for API Apps,PV-2,,,,AC-17 (1),3.1.12,0914.09s1Organizational.6 - 09.s,AC-7,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_DisableRemoteDebugging_ApiApp_Audit.json
+App Service,Remote debugging should be turned off for Function Apps,PV-2,,,,AC-17 (1),3.1.12,1325.09s1Organizational.3 - 09.s,AC-7,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_DisableRemoteDebugging_FunctionApp_Audit.json
+App Service,Remote debugging should be turned off for Web Applications,PV-2,,,,AC-17 (1),3.1.12,0912.09s1Organizational.4 - 09.s,AC-7,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_DisableRemoteDebugging_WebApp_Audit.json
+App Service,Web Application should only be accessible over HTTPS,DP-4,9.2,,A.10.1.1,SC-8 (1),3.13.8,0949.09y2Organizational.5 - 09.y,SS-8,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceWebapp_AuditHTTP_Audit.json
+Automation,Automation account variables should be encrypted,DP-5,,,A.10.1.1,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Automation/Automation_AuditUnencryptedVars_Audit.json
 Azure Data Explorer,Azure Data Explorer encryption at rest should use a customer-managed key,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Azure%20Data%20Explorer/ADX_CMK.json
 Azure Data Explorer,Disk encryption should be enabled on Azure Data Explorer,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Azure%20Data%20Explorer/ADX_disk_encrypted.json
 Azure Data Explorer,Double encryption should be enabled on Azure Data Explorer,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Azure%20Data%20Explorer/ADX_doubleEncryption.json
-Backup,Azure Backup should be enabled for Virtual Machines,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Backup/VirtualMachines_EnableAzureBackup_Audit.json
-Backup,Azure Backup should be enabled for Virtual Machines,,,,,,,ID : 1699.09l1Organizational.10 - 09.l,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Backup/VirtualMachines_EnableAzureBackup_Audit.json
-Backup,Azure Backup should be enabled for Virtual Machines,BR-2,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Backup/VirtualMachines_EnableAzureBackup_Audit.json
+Backup,Azure Backup should be enabled for Virtual Machines,BR-2,,,,,,1699.09l1Organizational.10 - 09.l,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Backup/VirtualMachines_EnableAzureBackup_Audit.json
 Cache,Azure Cache for Redis should reside within a virtual network,NS-2,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cache/RedisCache_CacheInVnet_Audit.json
-Cache,Only secure connections to your Azure Cache for Redis should be enabled,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cache/RedisCache_AuditSSLPort_Audit.json
-Cache,Only secure connections to your Azure Cache for Redis should be enabled,,,,,,,,DM-6,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cache/RedisCache_AuditSSLPort_Audit.json
-Cache,Only secure connections to your Azure Cache for Redis should be enabled,,,,,,,ID : 0946.09y2Organizational.14 - 09.y,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cache/RedisCache_AuditSSLPort_Audit.json
-Cache,Only secure connections to your Azure Cache for Redis should be enabled,,,,,,3.13.8,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cache/RedisCache_AuditSSLPort_Audit.json
-Cache,Only secure connections to your Azure Cache for Redis should be enabled,,,,,SC-8 (1),,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cache/RedisCache_AuditSSLPort_Audit.json
-Cache,Only secure connections to your Azure Cache for Redis should be enabled,,,,A.13.2.1,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cache/RedisCache_AuditSSLPort_Audit.json
-Cache,Only secure connections to your Azure Cache for Redis should be enabled,DP-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cache/RedisCache_AuditSSLPort_Audit.json
-Cognitive Services,Cognitive Services accounts should enable data encryption,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cognitive%20Services/CognitiveServices_Encryption_Audit.json
+Cache,Only secure connections to your Azure Cache for Redis should be enabled,DP-4,,,A.13.2.1,SC-8 (1),3.13.8,0946.09y2Organizational.14 - 09.y,DM-6,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cache/RedisCache_AuditSSLPort_Audit.json
 Cognitive Services,Cognitive Services accounts should enable data encryption,DP-2,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cognitive%20Services/CognitiveServices_Encryption_Audit.json
-Cognitive Services,Cognitive Services accounts should enable data encryption with a customer-managed key,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cognitive%20Services/CognitiveServices_CustomerManagedKey_Audit.json
 Cognitive Services,Cognitive Services accounts should enable data encryption with a customer-managed key,DP-5,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cognitive%20Services/CognitiveServices_CustomerManagedKey_Audit.json
-Cognitive Services,Cognitive Services accounts should restrict network access,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cognitive%20Services/CognitiveServices_NetworkAcls_Audit.json
 Cognitive Services,Cognitive Services accounts should restrict network access,NS-1,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cognitive%20Services/CognitiveServices_NetworkAcls_Audit.json
 Cognitive Services,Cognitive Services accounts should use customer owned storage or enable data encryption.,DP-5,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cognitive%20Services/CognitiveServices_BYOX_Audit.json
-Cognitive Services,Public network access should be disabled for Cognitive Services accounts,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cognitive%20Services/CognitiveServices_DisablePublicNetworkAccess_Audit.json
 Cognitive Services,Public network access should be disabled for Cognitive Services accounts,NS-1,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cognitive%20Services/CognitiveServices_DisablePublicNetworkAccess_Audit.json
-Compute,Audit VMs that do not use managed disks,,,,A.9.1.2,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/VMRequireManagedDisk_Audit.json
-Compute,Audit VMs that do not use managed disks,,7.1,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/VMRequireManagedDisk_Audit.json
-Compute,Audit virtual machines without disaster recovery configured,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/RecoveryServices_DisasterRecovery_Audit.json
-Compute,Audit virtual machines without disaster recovery configured,,,,,,,,ESS-3,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/RecoveryServices_DisasterRecovery_Audit.json
-Compute,Audit virtual machines without disaster recovery configured,,,,,,,ID : 1638.12b2Organizational.345 - 12.b,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/RecoveryServices_DisasterRecovery_Audit.json
-Compute,Audit virtual machines without disaster recovery configured,,,,,CP-7,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/RecoveryServices_DisasterRecovery_Audit.json
-Compute,Microsoft Antimalware for Azure should be configured to automatically update protection signatures,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/VirtualMachines_AntiMalwareAutoUpdate_AuditIfNotExists.json
-Compute,Microsoft Antimalware for Azure should be configured to automatically update protection signatures,,,,,,,ID : 0201.09j1Organizational.124 - 09.j,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/VirtualMachines_AntiMalwareAutoUpdate_AuditIfNotExists.json
-Compute,Microsoft IaaSAntimalware extension should be deployed on Windows servers,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/WindowsServers_AntiMalware_AuditIfNotExists.json
-Compute,Microsoft IaaSAntimalware extension should be deployed on Windows servers,,,,,,,,SS-2,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/WindowsServers_AntiMalware_AuditIfNotExists.json
-Compute,Microsoft IaaSAntimalware extension should be deployed on Windows servers,,,,,,3.14.2,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/WindowsServers_AntiMalware_AuditIfNotExists.json
-Compute,Unattached disks should be encrypted,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/UnattachedDisk_Encryption_Audit.json
-Compute,Unattached disks should be encrypted,,,,,,,ID : 0303.09o2Organizational.2 - 09.o,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/UnattachedDisk_Encryption_Audit.json
-Compute,Unattached disks should be encrypted,,7.3,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/UnattachedDisk_Encryption_Audit.json
-Compute,Virtual machines should be migrated to new Azure Resource Manager resources,,,,,,,ID : 0835.09n1Organizational.1 - 09.n,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/ClassicCompute_Audit.json
-Compute,Virtual machines should be migrated to new Azure Resource Manager resources,,,,A.9.1.2,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/ClassicCompute_Audit.json
-Compute,Virtual machines should be migrated to new Azure Resource Manager resources,AM-3,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/ClassicCompute_Audit.json
-Container Registry,Container registries should be encrypted with a customer-managed key,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Container%20Registry/ACR_CMKEncryptionEnabled_Audit.json
+Compute,Audit VMs that do not use managed disks,,7.1,,A.9.1.2,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/VMRequireManagedDisk_Audit.json
+Compute,Audit virtual machines without disaster recovery configured,,,,,CP-7,,1638.12b2Organizational.345 - 12.b,ESS-3,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/RecoveryServices_DisasterRecovery_Audit.json
+Compute,Microsoft Antimalware for Azure should be configured to automatically update protection signatures,,,,,,,0201.09j1Organizational.124 - 09.j,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/VirtualMachines_AntiMalwareAutoUpdate_AuditIfNotExists.json
+Compute,Microsoft IaaSAntimalware extension should be deployed on Windows servers,,,,,,3.14.2,,SS-2,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/WindowsServers_AntiMalware_AuditIfNotExists.json
+Compute,Unattached disks should be encrypted,,7.3,,,,,0303.09o2Organizational.2 - 09.o,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/UnattachedDisk_Encryption_Audit.json
+Compute,Virtual machines should be migrated to new Azure Resource Manager resources,AM-3,,,A.9.1.2,,,0835.09n1Organizational.1 - 09.n,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/ClassicCompute_Audit.json
 Container Registry,Container registries should be encrypted with a customer-managed key,DP-5,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Container%20Registry/ACR_CMKEncryptionEnabled_Audit.json
-Container Registry,Container registries should not allow unrestricted network access,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Container%20Registry/ACR_NetworkRulesExist_Audit.json
 Container Registry,Container registries should not allow unrestricted network access,NS-1,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Container%20Registry/ACR_NetworkRulesExist_Audit.json
 Container Registry,Container registries should use private link,NS-3,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Container%20Registry/ACR_PrivateEndpointEnabled_Audit.json
 Cosmos DB,Azure Cosmos DB accounts should have firewall rules,NS-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cosmos%20DB/Cosmos_NetworkRulesExist_Audit.json
 Cosmos DB,Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest,DP-5,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cosmos%20DB/Cosmos_CMK_Deny.json
-Data Lake,Require encryption on Data Lake Store accounts,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Lake/DataLakeStoreEncryption_Deny.json
-Data Lake,Require encryption on Data Lake Store accounts,,,,,,,ID : 0304.09o3Organizational.1 - 09.o,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Lake/DataLakeStoreEncryption_Deny.json
+Data Lake,Require encryption on Data Lake Store accounts,,,,,,,0304.09o3Organizational.1 - 09.o,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Lake/DataLakeStoreEncryption_Deny.json
 Event Grid,Azure Event Grid domains should use private link,NS-3,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Event%20Grid/Domains_PrivateEndpoint_Audit.json
 Event Grid,Azure Event Grid topics should use private link,NS-3,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Event%20Grid/Topics_PrivateEndpoint_Audit.json
-General,Audit usage of custom RBAC rules,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/General/Subscription_AuditCustomRBACRoles_Audit.json
-General,Audit usage of custom RBAC rules,,,,,,,ID : 1230.09c2Organizational.1 - 09.c,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/General/Subscription_AuditCustomRBACRoles_Audit.json
-General,Audit usage of custom RBAC rules,,,,,AC-2 (7),,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/General/Subscription_AuditCustomRBACRoles_Audit.json
-General,Audit usage of custom RBAC rules,,,,A.9.2.3,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/General/Subscription_AuditCustomRBACRoles_Audit.json
-General,Audit usage of custom RBAC rules,PA-7,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/General/Subscription_AuditCustomRBACRoles_Audit.json
-General,Custom subscription owner roles should not exist,,,,,,,ID : 1278.09c2Organizational.56 - 09.c,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/General/CustomSubscription_OwnerRole_Audit.json
-General,Custom subscription owner roles should not exist,,1.21,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/General/CustomSubscription_OwnerRole_Audit.json
-General,Custom subscription owner roles should not exist,PA-7,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/General/CustomSubscription_OwnerRole_Audit.json
-Key Vault,Azure Key Vault Managed HSM should have purge protection enabled,,,,,,,ID : 1635.12b1Organizational.2 - 12.b,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/ManagedHsm_Recoverable_Audit.json
-Key Vault,Key vaults should have purge protection enabled,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/KeyVault_Recoverable_Audit.json
-Key Vault,Key vaults should have purge protection enabled,,,,,,,ID : 1635.12b1Organizational.2 - 12.b,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/KeyVault_Recoverable_Audit.json
-Key Vault,Key vaults should have purge protection enabled,,8.4,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/KeyVault_Recoverable_Audit.json
-Key Vault,Key vaults should have purge protection enabled,BR-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/KeyVault_Recoverable_Audit.json
-Key Vault,Key vaults should have soft delete enabled,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/KeyVault_SoftDeleteMustBeEnabled_Audit.json
+General,Audit usage of custom RBAC rules,PA-7,,,A.9.2.3,AC-2 (7),,1230.09c2Organizational.1 - 09.c,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/General/Subscription_AuditCustomRBACRoles_Audit.json
+General,Custom subscription owner roles should not exist,PA-7,1.21,,,,,1278.09c2Organizational.56 - 09.c,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/General/CustomSubscription_OwnerRole_Audit.json
+Key Vault,Azure Key Vault Managed HSM should have purge protection enabled,,,,,,,1635.12b1Organizational.2 - 12.b,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/ManagedHsm_Recoverable_Audit.json
+Key Vault,Key vaults should have purge protection enabled,BR-4,8.4,,,,,1635.12b1Organizational.2 - 12.b,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/KeyVault_Recoverable_Audit.json
 Key Vault,Key vaults should have soft delete enabled,BR-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/KeyVault_SoftDeleteMustBeEnabled_Audit.json
-Key Vault,[Preview]: Firewall should be enabled on Key Vault,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/AzureKeyVaultFirewallEnabled_Audit.json
 Key Vault,[Preview]: Firewall should be enabled on Key Vault,NS-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/AzureKeyVaultFirewallEnabled_Audit.json
-Key Vault,[Preview]: Key Vault keys should have an expiration date,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/Keys_ExpirationSet.json
 Key Vault,[Preview]: Key Vault keys should have an expiration date,,8.1,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/Keys_ExpirationSet.json
 Key Vault,[Preview]: Key Vault secrets should have an expiration date,,8.2,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/Secrets_ExpirationSet.json
 Key Vault,[Preview]: Private endpoint should be configured for Key Vault,NS-3,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/AzureKeyVaultPrivateEndpointEnabled_Audit.json
@@ -186,413 +69,133 @@ Kubernetes,Azure Policy Add-on for Kubernetes service (AKS) should be installed
 Kubernetes,Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/AKS_CMK_Deny.json
 Machine Learning,Azure Machine Learning workspaces should be encrypted with a customer-managed key,DP-5,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Machine%20Learning/Workspace_CMKEnabled_Audit.json
 Machine Learning,Azure Machine Learning workspaces should use private link,NS-3,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Machine%20Learning/Workspace_PrivateLinkEnabled_Audit.json
-Monitoring,Activity log should be retained for at least one year,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLogRetention_365orGreater.json
 Monitoring,Activity log should be retained for at least one year,,,,,,,,AC-15,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLogRetention_365orGreater.json
-Monitoring,"Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action'",,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_CaptureAllCategories.json
-Monitoring,"Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action'",,,,,,,ID : 1219.09ab3System.10 - 09.ab,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_CaptureAllCategories.json
-Monitoring,Azure Monitor should collect activity logs from all regions,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_CaptureAllRegions.json
-Monitoring,Azure Monitor should collect activity logs from all regions,,,,,,,ID : 1214.09ab2System.3456 - 09.ab,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_CaptureAllRegions.json
-Monitoring,Azure subscriptions should have a log profile for Activity Log,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/Logprofile_activityLogs_Audit.json
+Monitoring,"Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action'",,,,,,,1219.09ab3System.10 - 09.ab,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_CaptureAllCategories.json
+Monitoring,Azure Monitor should collect activity logs from all regions,,,,,,,1214.09ab2System.3456 - 09.ab,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_CaptureAllRegions.json
 Monitoring,Azure subscriptions should have a log profile for Activity Log,,,,,,,,AC-13,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/Logprofile_activityLogs_Audit.json
 Monitoring,Storage account containing the container with activity logs must be encrypted with BYOK,,5.1.4,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_StorageAccountBYOK_Audit.json
-Monitoring,The Log Analytics agent should be installed on Virtual Machine Scale Sets,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/VMSS_LogAnalyticsAgent_AuditIfNotExists.json
-Monitoring,The Log Analytics agent should be installed on Virtual Machine Scale Sets,,,,,,,ID : 1216.09ab3System.12 - 09.ab,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/VMSS_LogAnalyticsAgent_AuditIfNotExists.json
-Monitoring,The Log Analytics agent should be installed on Virtual Machine Scale Sets,,,,,,3.3.2,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/VMSS_LogAnalyticsAgent_AuditIfNotExists.json
-Monitoring,The Log Analytics agent should be installed on virtual machines,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/VirtualMachines_LogAnalyticsAgent_AuditIfNotExists.json
-Monitoring,The Log Analytics agent should be installed on virtual machines,,,,,,,ID : 1215.09ab2System.7 - 09.ab,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/VirtualMachines_LogAnalyticsAgent_AuditIfNotExists.json
-Monitoring,The Log Analytics agent should be installed on virtual machines,,,,,,3.3.2,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/VirtualMachines_LogAnalyticsAgent_AuditIfNotExists.json
+Monitoring,The Log Analytics agent should be installed on Virtual Machine Scale Sets,,,,,,3.3.2,1216.09ab3System.12 - 09.ab,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/VMSS_LogAnalyticsAgent_AuditIfNotExists.json
+Monitoring,The Log Analytics agent should be installed on virtual machines,,,,,,3.3.2,1215.09ab2System.7 - 09.ab,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/VirtualMachines_LogAnalyticsAgent_AuditIfNotExists.json
 Monitoring,[Preview]: Log Analytics agent should be installed on your Linux Azure Arc machines,LT-5,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/Arc_Linux_LogAnalytics_Audit.json
 Monitoring,[Preview]: Log Analytics agent should be installed on your Windows Azure Arc machines,LT-5,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/Arc_Windows_LogAnalytics_Audit.json
-Monitoring,[Preview]: Network traffic data collection agent should be installed on Linux virtual machines,,,,,,,ID : 0885.09n2Organizational.3 - 09.n,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ASC_Dependency_Agent_Audit_Linux.json
-Monitoring,[Preview]: Network traffic data collection agent should be installed on Linux virtual machines,LT-3,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ASC_Dependency_Agent_Audit_Linux.json
-Monitoring,[Preview]: Network traffic data collection agent should be installed on Windows virtual machines,,,,,,,ID : 0887.09n2Organizational.5 - 09.n,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ASC_Dependency_Agent_Audit_Windows.json
-Monitoring,[Preview]: Network traffic data collection agent should be installed on Windows virtual machines,LT-3,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ASC_Dependency_Agent_Audit_Windows.json
-Network,App Service should use a virtual network service endpoint,,,,,,,ID : 0861.09m2Organizational.67 - 09.m,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/VirtualNetworkServiceEndpoint_AppService_AuditIfNotExists.json
-Network,Cosmos DB should use a virtual network service endpoint,,,,,,,ID : 0864.09m2Organizational.12 - 09.m,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/VirtualNetworkServiceEndpoint_CosmosDB_Audit.json
-Network,Event Hub should use a virtual network service endpoint,,,,,,,ID : 0863.09m2Organizational.910 - 09.m,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/VirtualNetworkServiceEndpoint_EventHub_AuditIfNotExists.json
+Monitoring,[Preview]: Network traffic data collection agent should be installed on Linux virtual machines,LT-3,,,,,,0885.09n2Organizational.3 - 09.n,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ASC_Dependency_Agent_Audit_Linux.json
+Monitoring,[Preview]: Network traffic data collection agent should be installed on Windows virtual machines,LT-3,,,,,,0887.09n2Organizational.5 - 09.n,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ASC_Dependency_Agent_Audit_Windows.json
+Network,App Service should use a virtual network service endpoint,,,,,,,0861.09m2Organizational.67 - 09.m,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/VirtualNetworkServiceEndpoint_AppService_AuditIfNotExists.json
+Network,Cosmos DB should use a virtual network service endpoint,,,,,,,0864.09m2Organizational.12 - 09.m,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/VirtualNetworkServiceEndpoint_CosmosDB_Audit.json
+Network,Event Hub should use a virtual network service endpoint,,,,,,,0863.09m2Organizational.910 - 09.m,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/VirtualNetworkServiceEndpoint_EventHub_AuditIfNotExists.json
 Network,Flow log should be configured for every network security group,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkSecurityGroup_FlowLog_Audit.json
-Network,Gateway subnets should not be configured with a network security group,,,,,,,ID : 0894.01m2Organizational.7 - 01.m,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkSecurityGroupOnGatewaySubnet_Deny.json
-Network,Key Vault should use a virtual network service endpoint,,,,,,,ID : 0865.09m2Organizational.13 - 09.m,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/VirtualNetworkServiceEndpoint_KeyVault_Audit.json
-Network,RDP access from the Internet should be blocked,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkSecurityGroup_RDPAccess_Audit.json
-Network,RDP access from the Internet should be blocked,,6.1,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkSecurityGroup_RDPAccess_Audit.json
-Network,RDP access from the Internet should be blocked,NS-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkSecurityGroup_RDPAccess_Audit.json
-Network,SQL Server should use a virtual network service endpoint,,,,,,,ID : 0862.09m2Organizational.8 - 09.m,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/VirtualNetworkServiceEndpoint_SQLServer_AuditIfNotExists.json
-Network,SSH access from the Internet should be blocked,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkSecurityGroup_SSHAccess_Audit.json
-Network,SSH access from the Internet should be blocked,,6.2,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkSecurityGroup_SSHAccess_Audit.json
-Network,SSH access from the Internet should be blocked,NS-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkSecurityGroup_SSHAccess_Audit.json
-Network,Service Bus should use a virtual network service endpoint,,,,,,,ID : 0860.09m1Organizational.9 - 09.m,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/VirtualNetworkServiceEndpoint_ServiceBus_AuditIfNotExists.json
-Network,Storage Accounts should use a virtual network service endpoint,,,,,,,ID : 0867.09m3Organizational.17 - 09.m,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/VirtualNetworkServiceEndpoint_StorageAccount_Audit.json
-Network,Web Application Firewall (WAF) should be enabled for Application Gateway,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/WAF_AppGatewayEnabled_Audit.json
-Network,Web Application Firewall (WAF) should be enabled for Application Gateway,,,,,,,,NS-7,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/WAF_AppGatewayEnabled_Audit.json
-Network,Web Application Firewall (WAF) should be enabled for Application Gateway,NS-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/WAF_AppGatewayEnabled_Audit.json
-Network,Web Application Firewall (WAF) should be enabled for Azure Front Door Service service,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/WAF_AFD_Enabled_Audit.json
-Network,Web Application Firewall (WAF) should be enabled for Azure Front Door Service service,,,,,,,,NS-7,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/WAF_AFD_Enabled_Audit.json
-Network,Web Application Firewall (WAF) should be enabled for Azure Front Door Service service,NS-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/WAF_AFD_Enabled_Audit.json
-Network,[Preview]: All Internet traffic should be routed via your deployed Azure Firewall,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/ASC_All_Internet_traffic_should_be_routed_via_Azure_Firewall.json
-Network,[Preview]: All Internet traffic should be routed via your deployed Azure Firewall,,,,,,,,NS-7,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/ASC_All_Internet_traffic_should_be_routed_via_Azure_Firewall.json
-Network,[Preview]: All Internet traffic should be routed via your deployed Azure Firewall,NS-5,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/ASC_All_Internet_traffic_should_be_routed_via_Azure_Firewall.json
-Network,[Preview]: Container Registry should use a virtual network service endpoint,,,,,,,ID : 0871.09m3Organizational.22 - 09.m,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/VirtualNetworkServiceEndpoint_ContainerRegistry_Audit.json
-SQL,Advanced data security should be enabled on SQL Managed Instance,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlManagedInstance_AdvancedDataSecurity_Audit.json
-SQL,Advanced data security should be enabled on SQL Managed Instance,,,,,,,,DM-6,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlManagedInstance_AdvancedDataSecurity_Audit.json
-SQL,Advanced data security should be enabled on SQL Managed Instance,,,,,,3.14.6,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlManagedInstance_AdvancedDataSecurity_Audit.json
-SQL,Advanced data security should be enabled on SQL Managed Instance,,,,,SI-4,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlManagedInstance_AdvancedDataSecurity_Audit.json
-SQL,Advanced data security should be enabled on SQL Managed Instance,,4.2.1,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlManagedInstance_AdvancedDataSecurity_Audit.json
-SQL,Advanced data security should be enabled on SQL Managed Instance,IR-5,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlManagedInstance_AdvancedDataSecurity_Audit.json
-SQL,Advanced data security should be enabled on your SQL servers,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServer_AdvancedDataSecurity_Audit.json
-SQL,Advanced data security should be enabled on your SQL servers,,,,,,,,DM-6,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServer_AdvancedDataSecurity_Audit.json
-SQL,Advanced data security should be enabled on your SQL servers,,,,,,3.14.6,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServer_AdvancedDataSecurity_Audit.json
-SQL,Advanced data security should be enabled on your SQL servers,,,,,SI-4,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServer_AdvancedDataSecurity_Audit.json
-SQL,Advanced data security should be enabled on your SQL servers,,4.2.1,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServer_AdvancedDataSecurity_Audit.json
-SQL,An Azure Active Directory administrator should be provisioned for SQL servers,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SQL_DB_AuditServerADAdmins_Audit.json
-SQL,An Azure Active Directory administrator should be provisioned for SQL servers,,,,,,,,DM-6,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SQL_DB_AuditServerADAdmins_Audit.json
-SQL,An Azure Active Directory administrator should be provisioned for SQL servers,,,,,AC-2 (7),,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SQL_DB_AuditServerADAdmins_Audit.json
-SQL,An Azure Active Directory administrator should be provisioned for SQL servers,,,,A.9.2.3,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SQL_DB_AuditServerADAdmins_Audit.json
-SQL,An Azure Active Directory administrator should be provisioned for SQL servers,,4.4,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SQL_DB_AuditServerADAdmins_Audit.json
-SQL,An Azure Active Directory administrator should be provisioned for SQL servers,IM-1,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SQL_DB_AuditServerADAdmins_Audit.json
+Network,Gateway subnets should not be configured with a network security group,,,,,,,0894.01m2Organizational.7 - 01.m,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkSecurityGroupOnGatewaySubnet_Deny.json
+Network,Key Vault should use a virtual network service endpoint,,,,,,,0865.09m2Organizational.13 - 09.m,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/VirtualNetworkServiceEndpoint_KeyVault_Audit.json
+Network,RDP access from the Internet should be blocked,NS-4,6.1,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkSecurityGroup_RDPAccess_Audit.json
+Network,SQL Server should use a virtual network service endpoint,,,,,,,0862.09m2Organizational.8 - 09.m,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/VirtualNetworkServiceEndpoint_SQLServer_AuditIfNotExists.json
+Network,SSH access from the Internet should be blocked,NS-4,6.2,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkSecurityGroup_SSHAccess_Audit.json
+Network,Service Bus should use a virtual network service endpoint,,,,,,,0860.09m1Organizational.9 - 09.m,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/VirtualNetworkServiceEndpoint_ServiceBus_AuditIfNotExists.json
+Network,Storage Accounts should use a virtual network service endpoint,,,,,,,0867.09m3Organizational.17 - 09.m,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/VirtualNetworkServiceEndpoint_StorageAccount_Audit.json
+Network,Web Application Firewall (WAF) should be enabled for Application Gateway,NS-4,,,,,,,NS-7,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/WAF_AppGatewayEnabled_Audit.json
+Network,Web Application Firewall (WAF) should be enabled for Azure Front Door Service service,NS-4,,,,,,,NS-7,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/WAF_AFD_Enabled_Audit.json
+Network,[Preview]: All Internet traffic should be routed via your deployed Azure Firewall,NS-5,,,,,,,NS-7,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/ASC_All_Internet_traffic_should_be_routed_via_Azure_Firewall.json
+Network,[Preview]: Container Registry should use a virtual network service endpoint,,,,,,,0871.09m3Organizational.22 - 09.m,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/VirtualNetworkServiceEndpoint_ContainerRegistry_Audit.json
+SQL,Advanced data security should be enabled on SQL Managed Instance,IR-5,4.2.1,,,SI-4,3.14.6,,DM-6,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlManagedInstance_AdvancedDataSecurity_Audit.json
+SQL,Advanced data security should be enabled on your SQL servers,,4.2.1,,,SI-4,3.14.6,,DM-6,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServer_AdvancedDataSecurity_Audit.json
+SQL,An Azure Active Directory administrator should be provisioned for SQL servers,IM-1,4.4,,A.9.2.3,AC-2 (7),,,DM-6,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SQL_DB_AuditServerADAdmins_Audit.json
 SQL,Bring your own key data protection should be enabled for MySQL servers,DP-5,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/MySQL_EnableByok_Audit.json
 SQL,Bring your own key data protection should be enabled for PostgreSQL servers,DP-5,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_EnableByok_Audit.json
 SQL,Connection throttling should be enabled for PostgreSQL database servers,,4.3.6,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_ConnectionThrottling_Enabled_Audit.json
 SQL,Disconnections should be logged for PostgreSQL database servers.,,4.3.5,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_EnableLogDisconnections_Audit.json
-SQL,Enforce SSL connection should be enabled for MySQL database servers,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/MySQL_EnableSSL_Audit.json
-SQL,Enforce SSL connection should be enabled for MySQL database servers,,,,,,,ID : 0948.09y2Organizational.3 - 09.y,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/MySQL_EnableSSL_Audit.json
-SQL,Enforce SSL connection should be enabled for MySQL database servers,,4.3.1,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/MySQL_EnableSSL_Audit.json
-SQL,Enforce SSL connection should be enabled for MySQL database servers,DP-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/MySQL_EnableSSL_Audit.json
-SQL,Enforce SSL connection should be enabled for PostgreSQL database servers,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_EnableSSL_Audit.json
-SQL,Enforce SSL connection should be enabled for PostgreSQL database servers,,,,,,,ID : 0947.09y2Organizational.2 - 09.y,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_EnableSSL_Audit.json
-SQL,Enforce SSL connection should be enabled for PostgreSQL database servers,,4.3.2,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_EnableSSL_Audit.json
-SQL,Enforce SSL connection should be enabled for PostgreSQL database servers,DP-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_EnableSSL_Audit.json
-SQL,Geo-redundant backup should be enabled for Azure Database for MariaDB,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/GeoRedundant_DBForMariaDB_Audit.json
-SQL,Geo-redundant backup should be enabled for Azure Database for MariaDB,,,,,,,ID : 1627.09l3Organizational.6 - 09.l,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/GeoRedundant_DBForMariaDB_Audit.json
-SQL,Geo-redundant backup should be enabled for Azure Database for MariaDB,BR-2,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/GeoRedundant_DBForMariaDB_Audit.json
-SQL,Geo-redundant backup should be enabled for Azure Database for MySQL,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/GeoRedundant_DBForMySQL_Audit.json
-SQL,Geo-redundant backup should be enabled for Azure Database for MySQL,,,,,,,ID : 1622.09l2Organizational.23 - 09.l,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/GeoRedundant_DBForMySQL_Audit.json
-SQL,Geo-redundant backup should be enabled for Azure Database for MySQL,BR-2,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/GeoRedundant_DBForMySQL_Audit.json
-SQL,Geo-redundant backup should be enabled for Azure Database for PostgreSQL,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/GeoRedundant_DBForPostgreSQL_Audit.json
-SQL,Geo-redundant backup should be enabled for Azure Database for PostgreSQL,,,,,,,ID : 1626.09l3Organizational.5 - 09.l,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/GeoRedundant_DBForPostgreSQL_Audit.json
-SQL,Geo-redundant backup should be enabled for Azure Database for PostgreSQL,BR-2,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/GeoRedundant_DBForPostgreSQL_Audit.json
+SQL,Enforce SSL connection should be enabled for MySQL database servers,DP-4,4.3.1,,,,,0948.09y2Organizational.3 - 09.y,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/MySQL_EnableSSL_Audit.json
+SQL,Enforce SSL connection should be enabled for PostgreSQL database servers,DP-4,4.3.2,,,,,0947.09y2Organizational.2 - 09.y,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_EnableSSL_Audit.json
+SQL,Geo-redundant backup should be enabled for Azure Database for MariaDB,BR-2,,,,,,1627.09l3Organizational.6 - 09.l,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/GeoRedundant_DBForMariaDB_Audit.json
+SQL,Geo-redundant backup should be enabled for Azure Database for MySQL,BR-2,,,,,,1622.09l2Organizational.23 - 09.l,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/GeoRedundant_DBForMySQL_Audit.json
+SQL,Geo-redundant backup should be enabled for Azure Database for PostgreSQL,BR-2,,,,,,1626.09l3Organizational.5 - 09.l,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/GeoRedundant_DBForPostgreSQL_Audit.json
 SQL,Infrastructure encryption should be enabled for Azure Database for MySQL servers,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/MySQL_InfrastructureEncryption_Audit.json
 SQL,Infrastructure encryption should be enabled for Azure Database for PostgreSQL servers,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_InfrastructureEncryption_Audit.json
 SQL,Log checkpoints should be enabled for PostgreSQL database servers,,4.3.3,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_EnableLogCheckpoint_Audit.json
 SQL,Log connections should be enabled for PostgreSQL database servers,,4.3.4,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_EnableLogConnections_Audit.json
-SQL,Long-term geo-redundant backup should be enabled for Azure SQL Databases,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/GeoRedundant_SQLDatabase_AuditIfNotExists.json
-SQL,Long-term geo-redundant backup should be enabled for Azure SQL Databases,,,,,,,ID : 1621.09l2Organizational.1 - 09.l,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/GeoRedundant_SQLDatabase_AuditIfNotExists.json
-SQL,Long-term geo-redundant backup should be enabled for Azure SQL Databases,BR-2,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/GeoRedundant_SQLDatabase_AuditIfNotExists.json
+SQL,Long-term geo-redundant backup should be enabled for Azure SQL Databases,BR-2,,,,,,1621.09l2Organizational.1 - 09.l,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/GeoRedundant_SQLDatabase_AuditIfNotExists.json
 SQL,Private endpoint connections on Azure SQL Database should be enabled,NS-3,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServer_PrivateEndpoint_Audit.json
 SQL,Private endpoint should be enabled for MariaDB servers,NS-3,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/MariaDB_EnablePrivateEndPoint_Audit.json
 SQL,Private endpoint should be enabled for MySQL servers,NS-3,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/MySQL_EnablePrivateEndPoint_Audit.json
 SQL,Private endpoint should be enabled for PostgreSQL servers,NS-3,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_EnablePrivateEndPoint_Audit.json
-SQL,Public network access on Azure SQL Database should be disabled,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServer_PublicNetworkAccess_Audit.json
 SQL,Public network access on Azure SQL Database should be disabled,NS-1,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServer_PublicNetworkAccess_Audit.json
-SQL,Public network access should be disabled for MariaDB servers,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/MariaDB_DisablePublicNetworkAccess_Audit.json
 SQL,Public network access should be disabled for MariaDB servers,NS-1,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/MariaDB_DisablePublicNetworkAccess_Audit.json
 SQL,Public network access should be disabled for MySQL flexible servers,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/MySQL_FlexibleServers_DisablePublicNetworkAccess_Audit.json
-SQL,Public network access should be disabled for MySQL servers,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/MySQL_DisablePublicNetworkAccess_Audit.json
 SQL,Public network access should be disabled for MySQL servers,NS-1,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/MySQL_DisablePublicNetworkAccess_Audit.json
 SQL,Public network access should be disabled for PostgreSQL flexible servers,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_FlexibleServers_DisablePublicNetworkAccess_Audit.json
-SQL,Public network access should be disabled for PostgreSQL servers,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_DisablePublicNetworkAccess_Audit.json
 SQL,Public network access should be disabled for PostgreSQL servers,NS-1,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_DisablePublicNetworkAccess_Audit.json
-SQL,SQL managed instances should use customer-managed keys to encrypt data at rest,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlManagedInstance_EnsureServerTDEisEncryptedWithYourOwnKey_Audit.json
-SQL,SQL managed instances should use customer-managed keys to encrypt data at rest,,,,,,,ID : 0304.09o3Organizational.1 - 09.o,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlManagedInstance_EnsureServerTDEisEncryptedWithYourOwnKey_Audit.json
-SQL,SQL managed instances should use customer-managed keys to encrypt data at rest,,4.5,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlManagedInstance_EnsureServerTDEisEncryptedWithYourOwnKey_Audit.json
-SQL,SQL managed instances should use customer-managed keys to encrypt data at rest,DP-5,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlManagedInstance_EnsureServerTDEisEncryptedWithYourOwnKey_Audit.json
+SQL,SQL managed instances should use customer-managed keys to encrypt data at rest,DP-5,4.5,,,,,0304.09o3Organizational.1 - 09.o,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlManagedInstance_EnsureServerTDEisEncryptedWithYourOwnKey_Audit.json
 SQL,SQL servers should be configured with 90 days auditing retention or higher,,4.1.3,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServerAuditingRetentionDays_Audit.json
-SQL,SQL servers should use customer-managed keys to encrypt data at rest,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServer_EnsureServerTDEisEncryptedWithYourOwnKey_Audit.json
-SQL,SQL servers should use customer-managed keys to encrypt data at rest,,,,,,,ID : 0304.09o3Organizational.1 - 09.o,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServer_EnsureServerTDEisEncryptedWithYourOwnKey_Audit.json
-SQL,SQL servers should use customer-managed keys to encrypt data at rest,,4.5,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServer_EnsureServerTDEisEncryptedWithYourOwnKey_Audit.json
-SQL,SQL servers should use customer-managed keys to encrypt data at rest,DP-5,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServer_EnsureServerTDEisEncryptedWithYourOwnKey_Audit.json
-SQL,Transparent Data Encryption on SQL databases should be enabled,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlDBEncryption_Audit.json
-SQL,Transparent Data Encryption on SQL databases should be enabled,,,,,,,,DM-6,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlDBEncryption_Audit.json
-SQL,Transparent Data Encryption on SQL databases should be enabled,,,,,,,ID : 0301.09o1Organizational.123 - 09.o,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlDBEncryption_Audit.json
-SQL,Transparent Data Encryption on SQL databases should be enabled,,,,,,3.13.16,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlDBEncryption_Audit.json
-SQL,Transparent Data Encryption on SQL databases should be enabled,,,,,SC-28 (1),,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlDBEncryption_Audit.json
-SQL,Transparent Data Encryption on SQL databases should be enabled,,,,A.10.1.1,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlDBEncryption_Audit.json
-SQL,Transparent Data Encryption on SQL databases should be enabled,,4.1.2,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlDBEncryption_Audit.json
-SQL,Transparent Data Encryption on SQL databases should be enabled,DP-5,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlDBEncryption_Audit.json
-SQL,Vulnerability Assessment settings for SQL server should contain an email address to receive scan reports,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServer_VulnerabilityAssessmentEmails_Audit.json
-SQL,Vulnerability Assessment settings for SQL server should contain an email address to receive scan reports,,,,,,,,ISM-3,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServer_VulnerabilityAssessmentEmails_Audit.json
-SQL,Vulnerability Assessment settings for SQL server should contain an email address to receive scan reports,,4.2.4,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServer_VulnerabilityAssessmentEmails_Audit.json
-SQL,Vulnerability assessment should be enabled on SQL Managed Instance,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/VulnerabilityAssessmentOnManagedInstance_Audit.json
-SQL,Vulnerability assessment should be enabled on SQL Managed Instance,,,,,,,,ISM-3,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/VulnerabilityAssessmentOnManagedInstance_Audit.json
-SQL,Vulnerability assessment should be enabled on SQL Managed Instance,,,,,,,ID : 0719.10m3Organizational.5 - 10.m,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/VulnerabilityAssessmentOnManagedInstance_Audit.json
-SQL,Vulnerability assessment should be enabled on SQL Managed Instance,,4.2.2,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/VulnerabilityAssessmentOnManagedInstance_Audit.json
-SQL,Vulnerability assessment should be enabled on SQL Managed Instance,PV-6,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/VulnerabilityAssessmentOnManagedInstance_Audit.json
-SQL,Vulnerability assessment should be enabled on your SQL servers,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/VulnerabilityAssessmentOnServer_Audit.json
-SQL,Vulnerability assessment should be enabled on your SQL servers,,,,,,,,ISM-3,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/VulnerabilityAssessmentOnServer_Audit.json
-SQL,Vulnerability assessment should be enabled on your SQL servers,,,,,,,ID : 0709.10m1Organizational.1 - 10.m,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/VulnerabilityAssessmentOnServer_Audit.json
-SQL,Vulnerability assessment should be enabled on your SQL servers,,4.2.2,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/VulnerabilityAssessmentOnServer_Audit.json
-SQL,Vulnerability assessment should be enabled on your SQL servers,PV-6,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/VulnerabilityAssessmentOnServer_Audit.json
-Security Center,A maximum of 3 owners should be designated for your subscription,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_DesignateLessThanXOwners_Audit.json
-Security Center,A maximum of 3 owners should be designated for your subscription,,,,,,,,AC-2,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_DesignateLessThanXOwners_Audit.json
-Security Center,A maximum of 3 owners should be designated for your subscription,,,,,,,ID : 11112.01q2Organizational.67 - 01.q,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_DesignateLessThanXOwners_Audit.json
-Security Center,A maximum of 3 owners should be designated for your subscription,,,,,,3.1.4,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_DesignateLessThanXOwners_Audit.json
-Security Center,A maximum of 3 owners should be designated for your subscription,,,,,AC-6 (7),,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_DesignateLessThanXOwners_Audit.json
-Security Center,A maximum of 3 owners should be designated for your subscription,,,,A.6.1.2,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_DesignateLessThanXOwners_Audit.json
-Security Center,A maximum of 3 owners should be designated for your subscription,PA-1,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_DesignateLessThanXOwners_Audit.json
-Security Center,A vulnerability assessment solution should be enabled on your virtual machines,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_ServerVulnerabilityAssessment_Audit.json
-Security Center,A vulnerability assessment solution should be enabled on your virtual machines,,,,,,,,ISM-3,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_ServerVulnerabilityAssessment_Audit.json
-Security Center,A vulnerability assessment solution should be enabled on your virtual machines,,,,,,,ID : 0711.10m2Organizational.23 - 10.m,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_ServerVulnerabilityAssessment_Audit.json
-Security Center,A vulnerability assessment solution should be enabled on your virtual machines,,,,,,3.14.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_ServerVulnerabilityAssessment_Audit.json
-Security Center,A vulnerability assessment solution should be enabled on your virtual machines,,,,,SI-2,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_ServerVulnerabilityAssessment_Audit.json
-Security Center,A vulnerability assessment solution should be enabled on your virtual machines,,,,A.12.6.1,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_ServerVulnerabilityAssessment_Audit.json
-Security Center,A vulnerability assessment solution should be enabled on your virtual machines,PV-6,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_ServerVulnerabilityAssessment_Audit.json
-Security Center,Adaptive application controls for defining safe applications should be enabled on your machines,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_AdaptiveApplicationControls_Audit.json
-Security Center,Adaptive application controls for defining safe applications should be enabled on your machines,,,,,,,,SS-4,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_AdaptiveApplicationControls_Audit.json
-Security Center,Adaptive application controls for defining safe applications should be enabled on your machines,,,,,,,ID : 0607.10h2System.23 - 10.h,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_AdaptiveApplicationControls_Audit.json
-Security Center,Adaptive application controls for defining safe applications should be enabled on your machines,,,,,,3.4.9,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_AdaptiveApplicationControls_Audit.json
-Security Center,Adaptive application controls for defining safe applications should be enabled on your machines,,,,,CM-11,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_AdaptiveApplicationControls_Audit.json
-Security Center,Adaptive application controls for defining safe applications should be enabled on your machines,,,,A.12.6.2,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_AdaptiveApplicationControls_Audit.json
-Security Center,Adaptive application controls for defining safe applications should be enabled on your machines,AM-6,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_AdaptiveApplicationControls_Audit.json
-Security Center,Adaptive network hardening recommendations should be applied on internet facing virtual machines,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_AdaptiveNetworkHardenings_Audit.json
-Security Center,Adaptive network hardening recommendations should be applied on internet facing virtual machines,,,,,,,,NS-2,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_AdaptiveNetworkHardenings_Audit.json
-Security Center,Adaptive network hardening recommendations should be applied on internet facing virtual machines,,,,,,,ID : 0859.09m1Organizational.78 - 09.m,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_AdaptiveNetworkHardenings_Audit.json
-Security Center,Adaptive network hardening recommendations should be applied on internet facing virtual machines,,,,,,3.13.5,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_AdaptiveNetworkHardenings_Audit.json
-Security Center,Adaptive network hardening recommendations should be applied on internet facing virtual machines,,,,,SC-7,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_AdaptiveNetworkHardenings_Audit.json
-Security Center,Adaptive network hardening recommendations should be applied on internet facing virtual machines,NS-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_AdaptiveNetworkHardenings_Audit.json
-Security Center,All network ports should be restricted on network security groups associated to your virtual machine,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UnprotectedEndpoints_Audit.json
-Security Center,All network ports should be restricted on network security groups associated to your virtual machine,,,,,,,ID : 0858.09m1Organizational.4 - 09.m,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UnprotectedEndpoints_Audit.json
-Security Center,All network ports should be restricted on network security groups associated to your virtual machine,,,,,,3.13.5,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UnprotectedEndpoints_Audit.json
-Security Center,All network ports should be restricted on network security groups associated to your virtual machine,,,,,SC-7,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UnprotectedEndpoints_Audit.json
-Security Center,All network ports should be restricted on network security groups associated to your virtual machine,,,,A.13.1.1,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UnprotectedEndpoints_Audit.json
+SQL,SQL servers should use customer-managed keys to encrypt data at rest,DP-5,4.5,,,,,0304.09o3Organizational.1 - 09.o,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServer_EnsureServerTDEisEncryptedWithYourOwnKey_Audit.json
+SQL,Transparent Data Encryption on SQL databases should be enabled,DP-5,4.1.2,,A.10.1.1,SC-28 (1),3.13.16,0301.09o1Organizational.123 - 09.o,DM-6,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlDBEncryption_Audit.json
+SQL,Vulnerability Assessment settings for SQL server should contain an email address to receive scan reports,,4.2.4,,,,,,ISM-3,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServer_VulnerabilityAssessmentEmails_Audit.json
+SQL,Vulnerability assessment should be enabled on SQL Managed Instance,PV-6,4.2.2,,,,,0719.10m3Organizational.5 - 10.m,ISM-3,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/VulnerabilityAssessmentOnManagedInstance_Audit.json
+SQL,Vulnerability assessment should be enabled on your SQL servers,PV-6,4.2.2,,,,,0709.10m1Organizational.1 - 10.m,ISM-3,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/VulnerabilityAssessmentOnServer_Audit.json
+Security Center,A maximum of 3 owners should be designated for your subscription,PA-1,,,A.6.1.2,AC-6 (7),3.1.4,11112.01q2Organizational.67 - 01.q,AC-2,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_DesignateLessThanXOwners_Audit.json
+Security Center,A vulnerability assessment solution should be enabled on your virtual machines,PV-6,,,A.12.6.1,SI-2,3.14.1,0711.10m2Organizational.23 - 10.m,ISM-3,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_ServerVulnerabilityAssessment_Audit.json
+Security Center,Adaptive application controls for defining safe applications should be enabled on your machines,AM-6,,,A.12.6.2,CM-11,3.4.9,0607.10h2System.23 - 10.h,SS-4,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_AdaptiveApplicationControls_Audit.json
+Security Center,Adaptive network hardening recommendations should be applied on internet facing virtual machines,NS-4,,,,SC-7,3.13.5,0859.09m1Organizational.78 - 09.m,NS-2,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_AdaptiveNetworkHardenings_Audit.json
+Security Center,All network ports should be restricted on network security groups associated to your virtual machine,,,,A.13.1.1,SC-7,3.13.5,0858.09m1Organizational.4 - 09.m,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UnprotectedEndpoints_Audit.json
 Security Center,Allowlist rules in your adaptive application control policy should be updated,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_AdaptiveApplicationControlsUpdate_Audit.json
 Security Center,Authorized IP ranges should be defined on Kubernetes Services,NS-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableIpRanges_KubernetesService_Audit.json
-Security Center,Auto provisioning of the Log Analytics agent should be enabled on your subscription,,,,,,,ID : 1220.09ab3System.56 - 09.ab,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_Automatic_provisioning_log_analytics_monitoring_agent.json
-Security Center,Auto provisioning of the Log Analytics agent should be enabled on your subscription,,2.11,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_Automatic_provisioning_log_analytics_monitoring_agent.json
-Security Center,Auto provisioning of the Log Analytics agent should be enabled on your subscription,LT-5,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_Automatic_provisioning_log_analytics_monitoring_agent.json
-Security Center,Azure DDoS Protection Standard should be enabled,,,,,,,,NS-5,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableDDoSProtection_Audit.json
-Security Center,Azure DDoS Protection Standard should be enabled,,,,,SC-5,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableDDoSProtection_Audit.json
-Security Center,Azure DDoS Protection Standard should be enabled,NS-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableDDoSProtection_Audit.json
-Security Center,Azure Defender for App Service should be enabled,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnAppServices_Audit.json
-Security Center,Azure Defender for App Service should be enabled,,2.2,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnAppServices_Audit.json
-Security Center,Azure Defender for App Service should be enabled,IR-5,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnAppServices_Audit.json
-Security Center,Azure Defender for Azure SQL Database servers should be enabled,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedDataSecurityOnSqlServers_Audit.json
-Security Center,Azure Defender for Azure SQL Database servers should be enabled,,2.3,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedDataSecurityOnSqlServers_Audit.json
-Security Center,Azure Defender for Azure SQL Database servers should be enabled,IR-5,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedDataSecurityOnSqlServers_Audit.json
-Security Center,Azure Defender for Key Vault should be enabled,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnKeyVaults_Audit.json
-Security Center,Azure Defender for Key Vault should be enabled,,2.8,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnKeyVaults_Audit.json
-Security Center,Azure Defender for Key Vault should be enabled,IR-5,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnKeyVaults_Audit.json
-Security Center,Azure Defender for Kubernetes should be enabled,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnKubernetesService_Audit.json
-Security Center,Azure Defender for Kubernetes should be enabled,,2.6,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnKubernetesService_Audit.json
-Security Center,Azure Defender for Kubernetes should be enabled,IR-5,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnKubernetesService_Audit.json
-Security Center,Azure Defender for SQL servers on machines should be enabled,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedDataSecurityOnSqlServerVirtualMachines_Audit.json
-Security Center,Azure Defender for SQL servers on machines should be enabled,,2.4,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedDataSecurityOnSqlServerVirtualMachines_Audit.json
-Security Center,Azure Defender for SQL servers on machines should be enabled,IR-5,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedDataSecurityOnSqlServerVirtualMachines_Audit.json
-Security Center,Azure Defender for Storage should be enabled,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnStorageAccounts_Audit.json
-Security Center,Azure Defender for Storage should be enabled,,2.5,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnStorageAccounts_Audit.json
-Security Center,Azure Defender for Storage should be enabled,IR-5,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnStorageAccounts_Audit.json
-Security Center,Azure Defender for container registries should be enabled,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnContainerRegistry_Audit.json
-Security Center,Azure Defender for container registries should be enabled,,2.7,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnContainerRegistry_Audit.json
-Security Center,Azure Defender for container registries should be enabled,IR-5,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnContainerRegistry_Audit.json
-Security Center,Azure Defender for servers should be enabled,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnVM_Audit.json
-Security Center,Azure Defender for servers should be enabled,,2.1,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnVM_Audit.json
-Security Center,Azure Defender for servers should be enabled,ES-1,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnVM_Audit.json
-Security Center,Deprecated accounts should be removed from your subscription,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveDeprecatedAccounts_Audit.json
-Security Center,Deprecated accounts should be removed from your subscription,,,,,,,,AC-5,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveDeprecatedAccounts_Audit.json
-Security Center,Deprecated accounts should be removed from your subscription,,,,,,3.1.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveDeprecatedAccounts_Audit.json
-Security Center,Deprecated accounts should be removed from your subscription,,,,,AC-2,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveDeprecatedAccounts_Audit.json
-Security Center,Deprecated accounts should be removed from your subscription,,,,A.9.2.6,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveDeprecatedAccounts_Audit.json
-Security Center,Deprecated accounts should be removed from your subscription,PA-3,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveDeprecatedAccounts_Audit.json
-Security Center,Deprecated accounts with owner permissions should be removed from your subscription,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveDeprecatedAccountsWithOwnerPermissions_Audit.json
-Security Center,Deprecated accounts with owner permissions should be removed from your subscription,,,,,,,,AC-5,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveDeprecatedAccountsWithOwnerPermissions_Audit.json
-Security Center,Deprecated accounts with owner permissions should be removed from your subscription,,,,,,,ID : 1147.01c2System.456 - 01.c,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveDeprecatedAccountsWithOwnerPermissions_Audit.json
-Security Center,Deprecated accounts with owner permissions should be removed from your subscription,,,,,,3.1.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveDeprecatedAccountsWithOwnerPermissions_Audit.json
-Security Center,Deprecated accounts with owner permissions should be removed from your subscription,,,,,AC-2,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveDeprecatedAccountsWithOwnerPermissions_Audit.json
-Security Center,Deprecated accounts with owner permissions should be removed from your subscription,,,,A.9.2.6,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveDeprecatedAccountsWithOwnerPermissions_Audit.json
-Security Center,Deprecated accounts with owner permissions should be removed from your subscription,PA-3,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveDeprecatedAccountsWithOwnerPermissions_Audit.json
-Security Center,Disk encryption should be applied on virtual machines,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UnencryptedVMDisks_Audit.json
-Security Center,Disk encryption should be applied on virtual machines,,,,,,,,DM-6,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UnencryptedVMDisks_Audit.json
-Security Center,Disk encryption should be applied on virtual machines,,,,,,,ID : 0302.09o2Organizational.1 - 09.o,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UnencryptedVMDisks_Audit.json
-Security Center,Disk encryption should be applied on virtual machines,,,,,,3.13.16,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UnencryptedVMDisks_Audit.json
-Security Center,Disk encryption should be applied on virtual machines,,,,,SC-28 (1),,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UnencryptedVMDisks_Audit.json
-Security Center,Disk encryption should be applied on virtual machines,,,,A.10.1.1,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UnencryptedVMDisks_Audit.json
-Security Center,Disk encryption should be applied on virtual machines,,7.2,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UnencryptedVMDisks_Audit.json
-Security Center,Disk encryption should be applied on virtual machines,DP-5,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UnencryptedVMDisks_Audit.json
-Security Center,Email notification for high severity alerts should be enabled,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_Email_notification.json
-Security Center,Email notification for high severity alerts should be enabled,,2.14,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_Email_notification.json
-Security Center,Email notification for high severity alerts should be enabled,IR-2,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_Email_notification.json
-Security Center,Email notification to subscription owner for high severity alerts should be enabled,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_Email_notification_to_subscription_owner.json
-Security Center,Email notification to subscription owner for high severity alerts should be enabled,,,,,,3.14.6,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_Email_notification_to_subscription_owner.json
-Security Center,Email notification to subscription owner for high severity alerts should be enabled,IR-2,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_Email_notification_to_subscription_owner.json
-Security Center,Endpoint protection solution should be installed on virtual machine scale sets,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_VmssMissingEndpointProtection_Audit.json
-Security Center,Endpoint protection solution should be installed on virtual machine scale sets,,,,,,,,DM-4,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_VmssMissingEndpointProtection_Audit.json
-Security Center,Endpoint protection solution should be installed on virtual machine scale sets,,,,,,,ID : 0201.09j1Organizational.124 - 09.j,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_VmssMissingEndpointProtection_Audit.json
-Security Center,Endpoint protection solution should be installed on virtual machine scale sets,,,,,,3.14.2,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_VmssMissingEndpointProtection_Audit.json
-Security Center,Endpoint protection solution should be installed on virtual machine scale sets,,,,,SI-3 (1),,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_VmssMissingEndpointProtection_Audit.json
-Security Center,Endpoint protection solution should be installed on virtual machine scale sets,ES-3,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_VmssMissingEndpointProtection_Audit.json
-Security Center,External accounts with owner permissions should be removed from your subscription,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveExternalAccountsWithOwnerPermissions_Audit.json
-Security Center,External accounts with owner permissions should be removed from your subscription,,,,,,,,PRS-5,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveExternalAccountsWithOwnerPermissions_Audit.json
-Security Center,External accounts with owner permissions should be removed from your subscription,,,,,,,ID : 1146.01c2System.23 - 01.c,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveExternalAccountsWithOwnerPermissions_Audit.json
-Security Center,External accounts with owner permissions should be removed from your subscription,,,,,,3.1.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveExternalAccountsWithOwnerPermissions_Audit.json
-Security Center,External accounts with owner permissions should be removed from your subscription,,,,,AC-2,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveExternalAccountsWithOwnerPermissions_Audit.json
-Security Center,External accounts with owner permissions should be removed from your subscription,,,,A.9.2.5,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveExternalAccountsWithOwnerPermissions_Audit.json
-Security Center,External accounts with owner permissions should be removed from your subscription,,1.3,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveExternalAccountsWithOwnerPermissions_Audit.json
-Security Center,External accounts with owner permissions should be removed from your subscription,PA-3,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveExternalAccountsWithOwnerPermissions_Audit.json
-Security Center,External accounts with read permissions should be removed from your subscription,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveExternalAccountsReadPermissions_Audit.json
-Security Center,External accounts with read permissions should be removed from your subscription,,,,,,3.1.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveExternalAccountsReadPermissions_Audit.json
-Security Center,External accounts with read permissions should be removed from your subscription,,,,,AC-2,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveExternalAccountsReadPermissions_Audit.json
-Security Center,External accounts with read permissions should be removed from your subscription,,1.3,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveExternalAccountsReadPermissions_Audit.json
-Security Center,External accounts with read permissions should be removed from your subscription,PA-3,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveExternalAccountsReadPermissions_Audit.json
-Security Center,External accounts with write permissions should be removed from your subscription,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveExternalAccountsWritePermissions_Audit.json
-Security Center,External accounts with write permissions should be removed from your subscription,,,,,,,,PRS-5,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveExternalAccountsWritePermissions_Audit.json
-Security Center,External accounts with write permissions should be removed from your subscription,,,,,,3.1.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveExternalAccountsWritePermissions_Audit.json
-Security Center,External accounts with write permissions should be removed from your subscription,,,,,AC-2,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveExternalAccountsWritePermissions_Audit.json
-Security Center,External accounts with write permissions should be removed from your subscription,,,,A.9.2.5,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveExternalAccountsWritePermissions_Audit.json
-Security Center,External accounts with write permissions should be removed from your subscription,,1.3,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveExternalAccountsWritePermissions_Audit.json
-Security Center,External accounts with write permissions should be removed from your subscription,PA-3,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveExternalAccountsWritePermissions_Audit.json
+Security Center,Auto provisioning of the Log Analytics agent should be enabled on your subscription,LT-5,2.11,,,,,1220.09ab3System.56 - 09.ab,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_Automatic_provisioning_log_analytics_monitoring_agent.json
+Security Center,Azure DDoS Protection Standard should be enabled,NS-4,,,,SC-5,,,NS-5,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableDDoSProtection_Audit.json
+Security Center,Azure Defender for App Service should be enabled,IR-5,2.2,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnAppServices_Audit.json
+Security Center,Azure Defender for Azure SQL Database servers should be enabled,IR-5,2.3,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedDataSecurityOnSqlServers_Audit.json
+Security Center,Azure Defender for Key Vault should be enabled,IR-5,2.8,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnKeyVaults_Audit.json
+Security Center,Azure Defender for Kubernetes should be enabled,IR-5,2.6,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnKubernetesService_Audit.json
+Security Center,Azure Defender for SQL servers on machines should be enabled,IR-5,2.4,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedDataSecurityOnSqlServerVirtualMachines_Audit.json
+Security Center,Azure Defender for Storage should be enabled,IR-5,2.5,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnStorageAccounts_Audit.json
+Security Center,Azure Defender for container registries should be enabled,IR-5,2.7,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnContainerRegistry_Audit.json
+Security Center,Azure Defender for servers should be enabled,ES-1,2.1,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnVM_Audit.json
+Security Center,Deprecated accounts should be removed from your subscription,PA-3,,,A.9.2.6,AC-2,3.1.1,,AC-5,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveDeprecatedAccounts_Audit.json
+Security Center,Deprecated accounts with owner permissions should be removed from your subscription,PA-3,,,A.9.2.6,AC-2,3.1.1,1147.01c2System.456 - 01.c,AC-5,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveDeprecatedAccountsWithOwnerPermissions_Audit.json
+Security Center,Disk encryption should be applied on virtual machines,DP-5,7.2,,A.10.1.1,SC-28 (1),3.13.16,0302.09o2Organizational.1 - 09.o,DM-6,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UnencryptedVMDisks_Audit.json
+Security Center,Email notification for high severity alerts should be enabled,IR-2,2.14,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_Email_notification.json
+Security Center,Email notification to subscription owner for high severity alerts should be enabled,IR-2,,,,,3.14.6,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_Email_notification_to_subscription_owner.json
+Security Center,Endpoint protection solution should be installed on virtual machine scale sets,ES-3,,,,SI-3 (1),3.14.2,0201.09j1Organizational.124 - 09.j,DM-4,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_VmssMissingEndpointProtection_Audit.json
+Security Center,External accounts with owner permissions should be removed from your subscription,PA-3,1.3,,A.9.2.5,AC-2,3.1.1,1146.01c2System.23 - 01.c,PRS-5,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveExternalAccountsWithOwnerPermissions_Audit.json
+Security Center,External accounts with read permissions should be removed from your subscription,PA-3,1.3,,,AC-2,3.1.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveExternalAccountsReadPermissions_Audit.json
+Security Center,External accounts with write permissions should be removed from your subscription,PA-3,1.3,,A.9.2.5,AC-2,3.1.1,,PRS-5,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveExternalAccountsWritePermissions_Audit.json
 Security Center,Guest Configuration extension should be installed on your machines,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_GCExtOnVm.json
 Security Center,IP Forwarding on your virtual machine should be disabled,NS-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_IPForwardingOnVirtualMachines_Audit.json
-Security Center,Internet-facing virtual machines should be protected with network security groups,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_NetworkSecurityGroupsOnInternetFacingVirtualMachines_Audit.json
-Security Center,Internet-facing virtual machines should be protected with network security groups,,,,,,,,NS-2,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_NetworkSecurityGroupsOnInternetFacingVirtualMachines_Audit.json
-Security Center,Internet-facing virtual machines should be protected with network security groups,,,,,,,ID : 0814.01n1Organizational.12 - 01.n,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_NetworkSecurityGroupsOnInternetFacingVirtualMachines_Audit.json
-Security Center,Internet-facing virtual machines should be protected with network security groups,,,,,,3.13.5,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_NetworkSecurityGroupsOnInternetFacingVirtualMachines_Audit.json
-Security Center,Internet-facing virtual machines should be protected with network security groups,NS-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_NetworkSecurityGroupsOnInternetFacingVirtualMachines_Audit.json
-Security Center,Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UpgradeVersion_KubernetesService_Audit.json
-Security Center,Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version,,,,,,3.14.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UpgradeVersion_KubernetesService_Audit.json
-Security Center,Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version,PV-7,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UpgradeVersion_KubernetesService_Audit.json
+Security Center,Internet-facing virtual machines should be protected with network security groups,NS-4,,,,,3.13.5,0814.01n1Organizational.12 - 01.n,NS-2,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_NetworkSecurityGroupsOnInternetFacingVirtualMachines_Audit.json
+Security Center,Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version,PV-7,,,,,3.14.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UpgradeVersion_KubernetesService_Audit.json
 Security Center,Log Analytics agent health issues should be resolved on your machines,LT-5,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_ResolveLaHealthIssues.json
 Security Center,Log Analytics agent should be installed on your virtual machine for Azure Security Center monitoring,LT-5,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_InstallLaAgentOnVm.json
 Security Center,Log Analytics agent should be installed on your virtual machine scale sets for Azure Security Center monitoring,LT-5,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_InstallLaAgentOnVmss.json
-Security Center,MFA should be enabled accounts with write permissions on your subscription,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForWritePermissions_Audit.json
-Security Center,MFA should be enabled accounts with write permissions on your subscription,,,,,,,,AC-17,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForWritePermissions_Audit.json
-Security Center,MFA should be enabled accounts with write permissions on your subscription,,,,,,,ID : 11110.01q1Organizational.6 - 01.q,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForWritePermissions_Audit.json
-Security Center,MFA should be enabled accounts with write permissions on your subscription,,,,,,3.5.3,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForWritePermissions_Audit.json
-Security Center,MFA should be enabled accounts with write permissions on your subscription,,,,,IA-2 (1),,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForWritePermissions_Audit.json
-Security Center,MFA should be enabled accounts with write permissions on your subscription,,,,A.9.4.2,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForWritePermissions_Audit.json
-Security Center,MFA should be enabled accounts with write permissions on your subscription,,1.1,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForWritePermissions_Audit.json
-Security Center,MFA should be enabled accounts with write permissions on your subscription,IM-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForWritePermissions_Audit.json
-Security Center,MFA should be enabled on accounts with owner permissions on your subscription,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForOwnerPermissions_Audit.json
-Security Center,MFA should be enabled on accounts with owner permissions on your subscription,,,,,,,,AC-17,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForOwnerPermissions_Audit.json
-Security Center,MFA should be enabled on accounts with owner permissions on your subscription,,,,,,,ID : 11109.01q1Organizational.57 - 01.q,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForOwnerPermissions_Audit.json
-Security Center,MFA should be enabled on accounts with owner permissions on your subscription,,,,,,3.5.3,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForOwnerPermissions_Audit.json
-Security Center,MFA should be enabled on accounts with owner permissions on your subscription,,,,,IA-2 (1),,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForOwnerPermissions_Audit.json
-Security Center,MFA should be enabled on accounts with owner permissions on your subscription,,,,A.9.4.2,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForOwnerPermissions_Audit.json
-Security Center,MFA should be enabled on accounts with owner permissions on your subscription,,1.1,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForOwnerPermissions_Audit.json
-Security Center,MFA should be enabled on accounts with owner permissions on your subscription,IM-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForOwnerPermissions_Audit.json
-Security Center,MFA should be enabled on accounts with read permissions on your subscription,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForReadPermissions_Audit.json
-Security Center,MFA should be enabled on accounts with read permissions on your subscription,,,,,,,,AC-17,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForReadPermissions_Audit.json
-Security Center,MFA should be enabled on accounts with read permissions on your subscription,,,,,,,ID : 11111.01q2System.4 - 01.q,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForReadPermissions_Audit.json
-Security Center,MFA should be enabled on accounts with read permissions on your subscription,,,,,,3.5.3,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForReadPermissions_Audit.json
-Security Center,MFA should be enabled on accounts with read permissions on your subscription,,,,,IA-2 (2),,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForReadPermissions_Audit.json
-Security Center,MFA should be enabled on accounts with read permissions on your subscription,,,,A.9.4.2,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForReadPermissions_Audit.json
-Security Center,MFA should be enabled on accounts with read permissions on your subscription,,1.2,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForReadPermissions_Audit.json
-Security Center,MFA should be enabled on accounts with read permissions on your subscription,IM-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForReadPermissions_Audit.json
-Security Center,Management ports of virtual machines should be protected with just-in-time network access control,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_JITNetworkAccess_Audit.json
-Security Center,Management ports of virtual machines should be protected with just-in-time network access control,,,,,,,,AC-7,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_JITNetworkAccess_Audit.json
-Security Center,Management ports of virtual machines should be protected with just-in-time network access control,,,,,,,ID : 0858.09m1Organizational.4 - 09.m,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_JITNetworkAccess_Audit.json
-Security Center,Management ports of virtual machines should be protected with just-in-time network access control,,,,,SC-7 (4) Ownership : Microsoft,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_JITNetworkAccess_Audit.json
-Security Center,Management ports of virtual machines should be protected with just-in-time network access control,NS-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_JITNetworkAccess_Audit.json
-Security Center,Management ports should be closed on your virtual machines,,,,,,,ID : 1193.01l2Organizational.13 - 01.l,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_OpenManagementPortsOnVirtualMachines_Audit.json
-Security Center,Management ports should be closed on your virtual machines,NS-1,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_OpenManagementPortsOnVirtualMachines_Audit.json
-Security Center,Monitor missing Endpoint Protection in Azure Security Center,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_MissingEndpointProtection_Audit.json
-Security Center,Monitor missing Endpoint Protection in Azure Security Center,,,,,,,,DM-4,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_MissingEndpointProtection_Audit.json
-Security Center,Monitor missing Endpoint Protection in Azure Security Center,,,,,,,ID : 0201.09j1Organizational.124 - 09.j,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_MissingEndpointProtection_Audit.json
-Security Center,Monitor missing Endpoint Protection in Azure Security Center,,,,,,3.14.2,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_MissingEndpointProtection_Audit.json
-Security Center,Monitor missing Endpoint Protection in Azure Security Center,,,,,SI-3 (1),,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_MissingEndpointProtection_Audit.json
-Security Center,Monitor missing Endpoint Protection in Azure Security Center,,,,A.12.6.1,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_MissingEndpointProtection_Audit.json
-Security Center,Monitor missing Endpoint Protection in Azure Security Center,,7.6,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_MissingEndpointProtection_Audit.json
-Security Center,Monitor missing Endpoint Protection in Azure Security Center,ES-3,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_MissingEndpointProtection_Audit.json
+Security Center,MFA should be enabled accounts with write permissions on your subscription,IM-4,1.1,,A.9.4.2,IA-2 (1),3.5.3,11110.01q1Organizational.6 - 01.q,AC-17,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForWritePermissions_Audit.json
+Security Center,MFA should be enabled on accounts with owner permissions on your subscription,IM-4,1.1,,A.9.4.2,IA-2 (1),3.5.3,11109.01q1Organizational.57 - 01.q,AC-17,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForOwnerPermissions_Audit.json
+Security Center,MFA should be enabled on accounts with read permissions on your subscription,IM-4,1.2,,A.9.4.2,IA-2 (2),3.5.3,11111.01q2System.4 - 01.q,AC-17,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForReadPermissions_Audit.json
+Security Center,Management ports of virtual machines should be protected with just-in-time network access control,NS-4,,,,SC-7 (4) Ownership : Microsoft,,0858.09m1Organizational.4 - 09.m,AC-7,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_JITNetworkAccess_Audit.json
+Security Center,Management ports should be closed on your virtual machines,NS-1,,,,,,1193.01l2Organizational.13 - 01.l,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_OpenManagementPortsOnVirtualMachines_Audit.json
+Security Center,Monitor missing Endpoint Protection in Azure Security Center,ES-3,7.6,,A.12.6.1,SI-3 (1),3.14.2,0201.09j1Organizational.124 - 09.j,DM-4,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_MissingEndpointProtection_Audit.json
 Security Center,Non-internet-facing virtual machines should be protected with network security groups,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_NetworkSecurityGroupsOnInternalVirtualMachines_Audit.json
-Security Center,Role-Based Access Control (RBAC) should be used on Kubernetes Services,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableRBAC_KubernetesService_Audit.json
-Security Center,Role-Based Access Control (RBAC) should be used on Kubernetes Services,,,,,,,ID : 1229.09c1Organizational.1 - 09.c,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableRBAC_KubernetesService_Audit.json
-Security Center,Role-Based Access Control (RBAC) should be used on Kubernetes Services,,8.5,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableRBAC_KubernetesService_Audit.json
-Security Center,Role-Based Access Control (RBAC) should be used on Kubernetes Services,PA-7,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableRBAC_KubernetesService_Audit.json
+Security Center,Role-Based Access Control (RBAC) should be used on Kubernetes Services,PA-7,8.5,,,,,1229.09c1Organizational.1 - 09.c,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableRBAC_KubernetesService_Audit.json
 Security Center,Security Center standard pricing tier should be selected,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_Standard_pricing_tier.json
 Security Center,Service principals should be used to protect your subscriptions instead of management certificates,IM-2,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UseServicePrincipalToProtectSubscriptions.json
-Security Center,Subnets should be associated with a Network Security Group,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_NetworkSecurityGroupsOnSubnets_Audit.json
-Security Center,Subnets should be associated with a Network Security Group,,,,,,,ID : 0814.01n1Organizational.12 - 01.n,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_NetworkSecurityGroupsOnSubnets_Audit.json
-Security Center,Subnets should be associated with a Network Security Group,NS-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_NetworkSecurityGroupsOnSubnets_Audit.json
-Security Center,Subscriptions should have a contact email address for security issues,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_Security_contact_email.json
-Security Center,Subscriptions should have a contact email address for security issues,,,,,,3.14.6,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_Security_contact_email.json
-Security Center,Subscriptions should have a contact email address for security issues,,2.13,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_Security_contact_email.json
-Security Center,Subscriptions should have a contact email address for security issues,IR-2,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_Security_contact_email.json
-Security Center,System updates on virtual machine scale sets should be installed,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_VmssMissingSystemUpdates_Audit.json
-Security Center,System updates on virtual machine scale sets should be installed,,,,,,,,PRS-5,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_VmssMissingSystemUpdates_Audit.json
-Security Center,System updates on virtual machine scale sets should be installed,,,,,,,ID : 1202.09aa1System.1 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_VmssMissingSystemUpdates_Audit.json
-Security Center,System updates on virtual machine scale sets should be installed,,,,,,3.14.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_VmssMissingSystemUpdates_Audit.json
-Security Center,System updates on virtual machine scale sets should be installed,,,,,SI-2,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_VmssMissingSystemUpdates_Audit.json
-Security Center,System updates on virtual machine scale sets should be installed,PV-7,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_VmssMissingSystemUpdates_Audit.json
-Security Center,System updates should be installed on your machines,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_MissingSystemUpdates_Audit.json
-Security Center,System updates should be installed on your machines,,,,,,,,PRS-5,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_MissingSystemUpdates_Audit.json
-Security Center,System updates should be installed on your machines,,,,,,,ID : 0201.09j1Organizational.124 - 09.j,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_MissingSystemUpdates_Audit.json
-Security Center,System updates should be installed on your machines,,,,,,3.14.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_MissingSystemUpdates_Audit.json
-Security Center,System updates should be installed on your machines,,,,,SI-2,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_MissingSystemUpdates_Audit.json
-Security Center,System updates should be installed on your machines,,,,A.12.6.1,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_MissingSystemUpdates_Audit.json
-Security Center,System updates should be installed on your machines,,7.5,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_MissingSystemUpdates_Audit.json
-Security Center,System updates should be installed on your machines,PV-7,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_MissingSystemUpdates_Audit.json
-Security Center,There should be more than one owner assigned to your subscription,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_DesignateMoreThanOneOwner_Audit.json
-Security Center,There should be more than one owner assigned to your subscription,,,,,,,,AC-2,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_DesignateMoreThanOneOwner_Audit.json
-Security Center,There should be more than one owner assigned to your subscription,,,,,,,ID : 11208.01q1Organizational.8 - 01.q,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_DesignateMoreThanOneOwner_Audit.json
-Security Center,There should be more than one owner assigned to your subscription,,,,,,3.1.4,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_DesignateMoreThanOneOwner_Audit.json
-Security Center,There should be more than one owner assigned to your subscription,,,,,AC-6 (7),,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_DesignateMoreThanOneOwner_Audit.json
-Security Center,There should be more than one owner assigned to your subscription,,,,A.6.1.2,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_DesignateMoreThanOneOwner_Audit.json
-Security Center,There should be more than one owner assigned to your subscription,PA-1,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_DesignateMoreThanOneOwner_Audit.json
+Security Center,Subnets should be associated with a Network Security Group,NS-4,,,,,,0814.01n1Organizational.12 - 01.n,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_NetworkSecurityGroupsOnSubnets_Audit.json
+Security Center,Subscriptions should have a contact email address for security issues,IR-2,2.13,,,,3.14.6,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_Security_contact_email.json
+Security Center,System updates on virtual machine scale sets should be installed,PV-7,,,,SI-2,3.14.1,1202.09aa1System.1 - 09.aa,PRS-5,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_VmssMissingSystemUpdates_Audit.json
+Security Center,System updates should be installed on your machines,PV-7,7.5,,A.12.6.1,SI-2,3.14.1,0201.09j1Organizational.124 - 09.j,PRS-5,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_MissingSystemUpdates_Audit.json
+Security Center,There should be more than one owner assigned to your subscription,PA-1,,,A.6.1.2,AC-6 (7),3.1.4,11208.01q1Organizational.8 - 01.q,AC-2,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_DesignateMoreThanOneOwner_Audit.json
 Security Center,Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_GCExtOnVmWithNoSAMI.json
-Security Center,Vulnerabilities in Azure Container Registry images should be remediated,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_ContainerRegistryVulnerabilityAssessment_Audit.json
 Security Center,Vulnerabilities in Azure Container Registry images should be remediated,PV-6,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_ContainerRegistryVulnerabilityAssessment_Audit.json
-Security Center,Vulnerabilities in container security configurations should be remediated,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_ContainerBenchmark_Audit.json
-Security Center,Vulnerabilities in container security configurations should be remediated,,,,,,,,ISM-3,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_ContainerBenchmark_Audit.json
-Security Center,Vulnerabilities in container security configurations should be remediated,,,,,,,ID : 0715.10m2Organizational.8 - 10.m,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_ContainerBenchmark_Audit.json
-Security Center,Vulnerabilities in container security configurations should be remediated,,,,,,3.11.2,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_ContainerBenchmark_Audit.json
-Security Center,Vulnerabilities in container security configurations should be remediated,PV-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_ContainerBenchmark_Audit.json
-Security Center,Vulnerabilities in security configuration on your machines should be remediated,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_OSVulnerabilities_Audit.json
-Security Center,Vulnerabilities in security configuration on your machines should be remediated,,,,,,,,ISM-3,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_OSVulnerabilities_Audit.json
-Security Center,Vulnerabilities in security configuration on your machines should be remediated,,,,,,,ID : 0718.10m3Organizational.34 - 10.m,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_OSVulnerabilities_Audit.json
-Security Center,Vulnerabilities in security configuration on your machines should be remediated,,,,,,3.14.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_OSVulnerabilities_Audit.json
-Security Center,Vulnerabilities in security configuration on your machines should be remediated,,,,,SI-2,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_OSVulnerabilities_Audit.json
-Security Center,Vulnerabilities in security configuration on your machines should be remediated,,,,A.12.6.1,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_OSVulnerabilities_Audit.json
-Security Center,Vulnerabilities in security configuration on your machines should be remediated,PV-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_OSVulnerabilities_Audit.json
-Security Center,Vulnerabilities in security configuration on your virtual machine scale sets should be remediated,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_VmssOSVulnerabilities_Audit.json
-Security Center,Vulnerabilities in security configuration on your virtual machine scale sets should be remediated,,,,,,,,ISM-3,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_VmssOSVulnerabilities_Audit.json
-Security Center,Vulnerabilities in security configuration on your virtual machine scale sets should be remediated,,,,,,,ID : 0717.10m3Organizational.2 - 10.m,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_VmssOSVulnerabilities_Audit.json
-Security Center,Vulnerabilities in security configuration on your virtual machine scale sets should be remediated,,,,,,3.14.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_VmssOSVulnerabilities_Audit.json
-Security Center,Vulnerabilities in security configuration on your virtual machine scale sets should be remediated,,,,,SI-2,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_VmssOSVulnerabilities_Audit.json
-Security Center,Vulnerabilities in security configuration on your virtual machine scale sets should be remediated,PV-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_VmssOSVulnerabilities_Audit.json
-Security Center,Vulnerabilities on your SQL databases should be remediated,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_SQLDbVulnerabilities_Audit.json
-Security Center,Vulnerabilities on your SQL databases should be remediated,,,,,,,,ISM-3,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_SQLDbVulnerabilities_Audit.json
-Security Center,Vulnerabilities on your SQL databases should be remediated,,,,,,,ID : 0716.10m3Organizational.1 - 10.m,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_SQLDbVulnerabilities_Audit.json
-Security Center,Vulnerabilities on your SQL databases should be remediated,,,,,,3.14.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_SQLDbVulnerabilities_Audit.json
-Security Center,Vulnerabilities on your SQL databases should be remediated,,,,,SI-2,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_SQLDbVulnerabilities_Audit.json
-Security Center,Vulnerabilities on your SQL databases should be remediated,,,,A.12.6.1,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_SQLDbVulnerabilities_Audit.json
-Security Center,Vulnerabilities on your SQL databases should be remediated,PV-6,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_SQLDbVulnerabilities_Audit.json
+Security Center,Vulnerabilities in container security configurations should be remediated,PV-4,,,,,3.11.2,0715.10m2Organizational.8 - 10.m,ISM-3,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_ContainerBenchmark_Audit.json
+Security Center,Vulnerabilities in security configuration on your machines should be remediated,PV-4,,,A.12.6.1,SI-2,3.14.1,0718.10m3Organizational.34 - 10.m,ISM-3,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_OSVulnerabilities_Audit.json
+Security Center,Vulnerabilities in security configuration on your virtual machine scale sets should be remediated,PV-4,,,,SI-2,3.14.1,0717.10m3Organizational.2 - 10.m,ISM-3,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_VmssOSVulnerabilities_Audit.json
+Security Center,Vulnerabilities on your SQL databases should be remediated,PV-6,,,A.12.6.1,SI-2,3.14.1,0716.10m3Organizational.1 - 10.m,ISM-3,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_SQLDbVulnerabilities_Audit.json
 Security Center,[Preview]: Sensitive data in your SQL databases should be classified,DP-1,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_SQLDbDataClassification_Audit.json
-Service Fabric,Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Service%20Fabric/ServiceFabric_AuditClusterProtectionLevel_Audit.json
-Service Fabric,Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign,,,,A.10.1.1,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Service%20Fabric/ServiceFabric_AuditClusterProtectionLevel_Audit.json
-Service Fabric,Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign,DP-5,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Service%20Fabric/ServiceFabric_AuditClusterProtectionLevel_Audit.json
-Service Fabric,Service Fabric clusters should only use Azure Active Directory for client authentication,,,,,,,,AC-2,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Service%20Fabric/ServiceFabric_AuditADAuth_Audit.json
-Service Fabric,Service Fabric clusters should only use Azure Active Directory for client authentication,,,,,AC-2 (7),,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Service%20Fabric/ServiceFabric_AuditADAuth_Audit.json
-Service Fabric,Service Fabric clusters should only use Azure Active Directory for client authentication,,,,A.9.2.3,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Service%20Fabric/ServiceFabric_AuditADAuth_Audit.json
-Service Fabric,Service Fabric clusters should only use Azure Active Directory for client authentication,IM-1,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Service%20Fabric/ServiceFabric_AuditADAuth_Audit.json
+Service Fabric,Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign,DP-5,,,A.10.1.1,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Service%20Fabric/ServiceFabric_AuditClusterProtectionLevel_Audit.json
+Service Fabric,Service Fabric clusters should only use Azure Active Directory for client authentication,IM-1,,,A.9.2.3,AC-2 (7),,,AC-2,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Service%20Fabric/ServiceFabric_AuditADAuth_Audit.json
 SignalR,Azure SignalR Service should use private link,NS-3,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SignalR/SignalR_PrivateEndpointEnabled_Audit.json
-Storage,Secure transfer to storage accounts should be enabled,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Storage_AuditForHTTPSEnabled_Audit.json
-Storage,Secure transfer to storage accounts should be enabled,,,,,,,,DM-6,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Storage_AuditForHTTPSEnabled_Audit.json
-Storage,Secure transfer to storage accounts should be enabled,,,,,,,ID : 0943.09y1Organizational.1 - 09.y,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Storage_AuditForHTTPSEnabled_Audit.json
-Storage,Secure transfer to storage accounts should be enabled,,,,,,3.13.8,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Storage_AuditForHTTPSEnabled_Audit.json
-Storage,Secure transfer to storage accounts should be enabled,,,,,SC-8 (1),,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Storage_AuditForHTTPSEnabled_Audit.json
-Storage,Secure transfer to storage accounts should be enabled,,,,A.13.2.1,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Storage_AuditForHTTPSEnabled_Audit.json
-Storage,Secure transfer to storage accounts should be enabled,,3.1,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Storage_AuditForHTTPSEnabled_Audit.json
-Storage,Secure transfer to storage accounts should be enabled,DP-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Storage_AuditForHTTPSEnabled_Audit.json
+Storage,Secure transfer to storage accounts should be enabled,DP-4,3.1,,A.13.2.1,SC-8 (1),3.13.8,0943.09y1Organizational.1 - 09.y,DM-6,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Storage_AuditForHTTPSEnabled_Audit.json
 Storage,Storage account should use a private link connection,NS-3,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/StorageAccountPrivateEndpointEnabled_Audit.json
-Storage,Storage accounts should allow access from trusted Microsoft services,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/StorageAccess_TrustedMicrosoftServices_Audit.json
 Storage,Storage accounts should allow access from trusted Microsoft services,,3.7,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/StorageAccess_TrustedMicrosoftServices_Audit.json
-Storage,Storage accounts should be migrated to new Azure Resource Manager resources,,,,A.9.1.2,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Classic_AuditForClassicStorages_Audit.json
-Storage,Storage accounts should be migrated to new Azure Resource Manager resources,AM-3,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Classic_AuditForClassicStorages_Audit.json
+Storage,Storage accounts should be migrated to new Azure Resource Manager resources,AM-3,,,A.9.1.2,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Classic_AuditForClassicStorages_Audit.json
 Storage,Storage accounts should have infrastructure encryption,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/StorageAccountInfrastructureEncryptionEnabled_Audit.json
-Storage,Storage accounts should restrict network access,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Storage_NetworkAcls_Audit.json
-Storage,Storage accounts should restrict network access,,,,,,,,NS-2,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Storage_NetworkAcls_Audit.json
-Storage,Storage accounts should restrict network access,,,,,,,ID : 0866.09m3Organizational.1516 - 09.m,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Storage_NetworkAcls_Audit.json
-Storage,Storage accounts should restrict network access,,,,,,3.13.5,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Storage_NetworkAcls_Audit.json
-Storage,Storage accounts should restrict network access,,,,,SC-7,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Storage_NetworkAcls_Audit.json
-Storage,Storage accounts should restrict network access,,,,A.13.1.1,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Storage_NetworkAcls_Audit.json
-Storage,Storage accounts should restrict network access,,3.6,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Storage_NetworkAcls_Audit.json
-Storage,Storage accounts should restrict network access,NS-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Storage_NetworkAcls_Audit.json
-Storage,Storage accounts should restrict network access using virtual network rules,,3.6,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/StorageAccountOnlyVnetRulesEnabled_Audit.json
-Storage,Storage accounts should restrict network access using virtual network rules,NS-1,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/StorageAccountOnlyVnetRulesEnabled_Audit.json
-Storage,Storage accounts should use customer-managed key for encryption,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/StorageAccountCustomerManagedKeyEnabled_Audit.json
-Storage,Storage accounts should use customer-managed key for encryption,,3.9,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/StorageAccountCustomerManagedKeyEnabled_Audit.json
-Storage,Storage accounts should use customer-managed key for encryption,DP-5,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/StorageAccountCustomerManagedKeyEnabled_Audit.json
-Storage,[Preview]: Storage account public access should be disallowed,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/ASC_Storage_DisallowPublicBlobAccess_Audit.json
-Storage,[Preview]: Storage account public access should be disallowed,,,,,,,,NS-2,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/ASC_Storage_DisallowPublicBlobAccess_Audit.json
-Storage,[Preview]: Storage account public access should be disallowed,,5.1.3,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/ASC_Storage_DisallowPublicBlobAccess_Audit.json
-Storage,[Preview]: Storage account public access should be disallowed,DP-2,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/ASC_Storage_DisallowPublicBlobAccess_Audit.json
+Storage,Storage accounts should restrict network access,NS-4,3.6,,A.13.1.1,SC-7,3.13.5,0866.09m3Organizational.1516 - 09.m,NS-2,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Storage_NetworkAcls_Audit.json
+Storage,Storage accounts should restrict network access using virtual network rules,NS-1,3.6,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/StorageAccountOnlyVnetRulesEnabled_Audit.json
+Storage,Storage accounts should use customer-managed key for encryption,DP-5,3.9,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/StorageAccountCustomerManagedKeyEnabled_Audit.json
+Storage,[Preview]: Storage account public access should be disallowed,DP-2,5.1.3,,,,,,NS-2,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/ASC_Storage_DisallowPublicBlobAccess_Audit.json
 Stream Analytics,Azure Stream Analytics jobs should use customer-managed keys to encrypt data,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Stream%20Analytics/StreamAnalytics_CMK_Audit.json
 Synapse,Azure Synapse workspaces should use customer-managed keys to encrypt data at rest,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Synapse/SynapseWorkspaceCMK_Audit.json
 VM Image Builder,VM Image Builder templates should use private link,NS-3,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/VM%20Image%20Builder/PrivateLinkEnabled_Audit.json
diff --git a/docs/no-params.md b/docs/no-params.md
index ca54817..dd44df6 100644
--- a/docs/no-params.md
+++ b/docs/no-params.md
@@ -1,599 +1,202 @@
-| Service             | Policy Definition                                                                                                                                                                                                                                                | Azure Security Benchmark   | CIS   | CCMC L3   | ISO 27001   | NIST SP 800-53 R4              | NIST SP 800-171 R2   | HIPAA HITRUST 9.2                        | New Zealand ISM   |
-|---------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------|-------|-----------|-------------|--------------------------------|----------------------|------------------------------------------|-------------------|
-| API for FHIR        | [Azure API for FHIR should use a customer-managed key to encrypt data at rest](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/API%20for%20FHIR/HealthcareAPIs_EnableByok_Audit.json)                                      |                            |       |           |             |                                |                      |                                          |                   |
-| API for FHIR        | [CORS should not allow every domain to access your API for FHIR](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/API%20for%20FHIR/HealthcareAPIs_RestrictCORSAccess_Audit.json)                                            |                            |       |           |             |                                |                      |                                          |                   |
-| App Configuration   | [App Configuration should use private link](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Configuration/PrivateLink_Audit.json)                                                                                    | NS-3                       |       |           |             |                                |                      |                                          |                   |
-| App Service         | [API App should only be accessible over HTTPS](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceApiApp_AuditHTTP_Audit.json)                                                                        |                            |       |           |             |                                |                      |                                          |                   |
-| App Service         | [API App should only be accessible over HTTPS](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceApiApp_AuditHTTP_Audit.json)                                                                        |                            |       |           |             |                                |                      |                                          | SS-8              |
-| App Service         | [API App should only be accessible over HTTPS](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceApiApp_AuditHTTP_Audit.json)                                                                        |                            |       |           |             |                                |                      | ID : 0949.09y2Organizational.5 - 09.y    |                   |
-| App Service         | [API App should only be accessible over HTTPS](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceApiApp_AuditHTTP_Audit.json)                                                                        |                            |       |           |             |                                | 3.13.8               |                                          |                   |
-| App Service         | [API App should only be accessible over HTTPS](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceApiApp_AuditHTTP_Audit.json)                                                                        |                            |       |           |             | SC-8 (1)                       |                      |                                          |                   |
-| App Service         | [API App should only be accessible over HTTPS](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceApiApp_AuditHTTP_Audit.json)                                                                        |                            |       |           | A.10.1.1    |                                |                      |                                          |                   |
-| App Service         | [API App should only be accessible over HTTPS](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceApiApp_AuditHTTP_Audit.json)                                                                        | DP-4                       |       |           |             |                                |                      |                                          |                   |
-| App Service         | [Authentication should be enabled on your API app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_Authentication_ApiApp_Audit.json)                                                              |                            | 9.1   |           |             |                                |                      |                                          |                   |
-| App Service         | [Authentication should be enabled on your Function app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_Authentication_functionapp_Audit.json)                                                    |                            | 9.1   |           |             |                                |                      |                                          |                   |
-| App Service         | [Authentication should be enabled on your web app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_Authentication_WebApp_Audit.json)                                                              |                            | 9.1   |           |             |                                |                      |                                          |                   |
-| App Service         | [CORS should not allow every resource to access your API App](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RestrictCORSAccess_ApiApp_Audit.json)                                               |                            |       |           |             |                                |                      |                                          |                   |
-| App Service         | [CORS should not allow every resource to access your API App](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RestrictCORSAccess_ApiApp_Audit.json)                                               |                            |       |           |             |                                |                      | ID : 0911.09s1Organizational.2 - 09.s    |                   |
-| App Service         | [CORS should not allow every resource to access your API App](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RestrictCORSAccess_ApiApp_Audit.json)                                               | PV-2                       |       |           |             |                                |                      |                                          |                   |
-| App Service         | [CORS should not allow every resource to access your Function Apps](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RestrictCORSAccess_FuntionApp_Audit.json)                                     |                            |       |           |             |                                |                      |                                          |                   |
-| App Service         | [CORS should not allow every resource to access your Function Apps](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RestrictCORSAccess_FuntionApp_Audit.json)                                     |                            |       |           |             |                                |                      | ID : 0960.09sCSPOrganizational.1 - 09.s  |                   |
-| App Service         | [CORS should not allow every resource to access your Function Apps](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RestrictCORSAccess_FuntionApp_Audit.json)                                     | PV-2                       |       |           |             |                                |                      |                                          |                   |
-| App Service         | [CORS should not allow every resource to access your Web Applications](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RestrictCORSAccess_WebApp_Audit.json)                                      |                            |       |           |             |                                |                      |                                          |                   |
-| App Service         | [CORS should not allow every resource to access your Web Applications](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RestrictCORSAccess_WebApp_Audit.json)                                      |                            |       |           |             |                                |                      |                                          | SS-8              |
-| App Service         | [CORS should not allow every resource to access your Web Applications](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RestrictCORSAccess_WebApp_Audit.json)                                      |                            |       |           |             |                                |                      | ID : 0916.09s2Organizational.4 - 09.s    |                   |
-| App Service         | [CORS should not allow every resource to access your Web Applications](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RestrictCORSAccess_WebApp_Audit.json)                                      |                            |       |           |             |                                | 3.1.3                |                                          |                   |
-| App Service         | [CORS should not allow every resource to access your Web Applications](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RestrictCORSAccess_WebApp_Audit.json)                                      |                            |       |           |             | AC-4                           |                      |                                          |                   |
-| App Service         | [CORS should not allow every resource to access your Web Applications](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RestrictCORSAccess_WebApp_Audit.json)                                      | PV-2                       |       |           |             |                                |                      |                                          |                   |
-| App Service         | [Diagnostic logs in App Services should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_AuditLoggingMonitoring_Audit.json)                                                            |                            |       |           |             |                                |                      |                                          |                   |
-| App Service         | [Diagnostic logs in App Services should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_AuditLoggingMonitoring_Audit.json)                                                            |                            |       |           |             |                                |                      | ID : 1209.09aa3System.2 - 09.aa          |                   |
-| App Service         | [Diagnostic logs in App Services should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_AuditLoggingMonitoring_Audit.json)                                                            |                            | 5.3   |           |             |                                |                      |                                          |                   |
-| App Service         | [Diagnostic logs in App Services should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_AuditLoggingMonitoring_Audit.json)                                                            | LT-4                       |       |           |             |                                |                      |                                          |                   |
-| App Service         | [Ensure API app has 'Client Certificates (Incoming client certificates)' set to 'On'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_ClientCert.json)                               |                            | 9.4   |           |             |                                |                      |                                          |                   |
-| App Service         | [Ensure API app has 'Client Certificates (Incoming client certificates)' set to 'On'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_ClientCert.json)                               | PV-2                       |       |           |             |                                |                      |                                          |                   |
-| App Service         | [Ensure WEB app has 'Client Certificates (Incoming client certificates)' set to 'On'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_Webapp_Audit_ClientCert.json)                               |                            |       |           |             |                                |                      | ID : 0915.09s2Organizational.2 - 09.s    |                   |
-| App Service         | [Ensure WEB app has 'Client Certificates (Incoming client certificates)' set to 'On'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_Webapp_Audit_ClientCert.json)                               |                            | 9.4   |           |             |                                |                      |                                          |                   |
-| App Service         | [Ensure WEB app has 'Client Certificates (Incoming client certificates)' set to 'On'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_Webapp_Audit_ClientCert.json)                               | PV-2                       |       |           |             |                                |                      |                                          |                   |
-| App Service         | [Ensure that 'HTTP Version' is the latest, if used to run the API app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_HTTP_Latest.json)                                             |                            |       |           |             |                                |                      |                                          |                   |
-| App Service         | [Ensure that 'HTTP Version' is the latest, if used to run the API app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_HTTP_Latest.json)                                             |                            |       |           |             |                                | 3.14.1               |                                          |                   |
-| App Service         | [Ensure that 'HTTP Version' is the latest, if used to run the API app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_HTTP_Latest.json)                                             |                            | 9.9   |           |             |                                |                      |                                          |                   |
-| App Service         | [Ensure that 'HTTP Version' is the latest, if used to run the Function app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_HTTP_Latest.json)                                   |                            |       |           |             |                                |                      |                                          |                   |
-| App Service         | [Ensure that 'HTTP Version' is the latest, if used to run the Function app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_HTTP_Latest.json)                                   |                            |       |           |             |                                | 3.14.1               |                                          |                   |
-| App Service         | [Ensure that 'HTTP Version' is the latest, if used to run the Function app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_HTTP_Latest.json)                                   |                            | 9.9   |           |             |                                |                      |                                          |                   |
-| App Service         | [Ensure that 'HTTP Version' is the latest, if used to run the Web app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_HTTP_Latest.json)                                             |                            |       |           |             |                                |                      |                                          |                   |
-| App Service         | [Ensure that 'HTTP Version' is the latest, if used to run the Web app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_HTTP_Latest.json)                                             |                            |       |           |             |                                | 3.14.1               |                                          |                   |
-| App Service         | [Ensure that 'HTTP Version' is the latest, if used to run the Web app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_HTTP_Latest.json)                                             |                            | 9.9   |           |             |                                |                      |                                          |                   |
-| App Service         | [FTPS only should be required in your API App](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_AuditFTPS_ApiApp_Audit.json)                                                                       |                            | 9.10  |           |             |                                |                      |                                          |                   |
-| App Service         | [FTPS only should be required in your API App](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_AuditFTPS_ApiApp_Audit.json)                                                                       | DP-4                       |       |           |             |                                |                      |                                          |                   |
-| App Service         | [FTPS only should be required in your Function App](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_AuditFTPS_FunctionApp_Audit.json)                                                             |                            | 9.10  |           |             |                                |                      |                                          |                   |
-| App Service         | [FTPS only should be required in your Function App](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_AuditFTPS_FunctionApp_Audit.json)                                                             | DP-4                       |       |           |             |                                |                      |                                          |                   |
-| App Service         | [FTPS should be required in your Web App](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_AuditFTPS_WebApp_Audit.json)                                                                            |                            | 9.10  |           |             |                                |                      |                                          |                   |
-| App Service         | [FTPS should be required in your Web App](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_AuditFTPS_WebApp_Audit.json)                                                                            | DP-4                       |       |           |             |                                |                      |                                          |                   |
-| App Service         | [Function App should only be accessible over HTTPS](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceFunctionApp_AuditHTTP_Audit.json)                                                              |                            |       |           |             |                                |                      |                                          |                   |
-| App Service         | [Function App should only be accessible over HTTPS](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceFunctionApp_AuditHTTP_Audit.json)                                                              |                            |       |           |             |                                |                      |                                          | SS-8              |
-| App Service         | [Function App should only be accessible over HTTPS](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceFunctionApp_AuditHTTP_Audit.json)                                                              |                            |       |           |             |                                |                      | ID : 0949.09y2Organizational.5 - 09.y    |                   |
-| App Service         | [Function App should only be accessible over HTTPS](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceFunctionApp_AuditHTTP_Audit.json)                                                              |                            |       |           |             |                                | 3.13.8               |                                          |                   |
-| App Service         | [Function App should only be accessible over HTTPS](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceFunctionApp_AuditHTTP_Audit.json)                                                              |                            |       |           |             | SC-8 (1)                       |                      |                                          |                   |
-| App Service         | [Function App should only be accessible over HTTPS](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceFunctionApp_AuditHTTP_Audit.json)                                                              |                            |       |           | A.10.1.1    |                                |                      |                                          |                   |
-| App Service         | [Function App should only be accessible over HTTPS](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceFunctionApp_AuditHTTP_Audit.json)                                                              | DP-4                       |       |           |             |                                |                      |                                          |                   |
-| App Service         | [Function apps should have 'Client Certificates (Incoming client certificates)' enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_ClientCert.json)                       |                            | 9.4   |           |             |                                |                      |                                          |                   |
-| App Service         | [Function apps should have 'Client Certificates (Incoming client certificates)' enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_ClientCert.json)                       | PV-2                       |       |           |             |                                |                      |                                          |                   |
-| App Service         | [Latest TLS version should be used in your API App](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RequireLatestTls_ApiApp_Audit.json)                                                           |                            |       |           |             |                                |                      |                                          |                   |
-| App Service         | [Latest TLS version should be used in your API App](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RequireLatestTls_ApiApp_Audit.json)                                                           |                            |       |           |             |                                |                      |                                          | CR-6              |
-| App Service         | [Latest TLS version should be used in your API App](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RequireLatestTls_ApiApp_Audit.json)                                                           |                            |       |           |             |                                |                      | ID : 0949.09y2Organizational.5 - 09.y    |                   |
-| App Service         | [Latest TLS version should be used in your API App](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RequireLatestTls_ApiApp_Audit.json)                                                           |                            |       |           |             |                                | 3.14.1               |                                          |                   |
-| App Service         | [Latest TLS version should be used in your API App](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RequireLatestTls_ApiApp_Audit.json)                                                           |                            | 9.3   |           |             |                                |                      |                                          |                   |
-| App Service         | [Latest TLS version should be used in your API App](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RequireLatestTls_ApiApp_Audit.json)                                                           | DP-4                       |       |           |             |                                |                      |                                          |                   |
-| App Service         | [Latest TLS version should be used in your Function App](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RequireLatestTls_FunctionApp_Audit.json)                                                 |                            |       |           |             |                                |                      |                                          |                   |
-| App Service         | [Latest TLS version should be used in your Function App](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RequireLatestTls_FunctionApp_Audit.json)                                                 |                            |       |           |             |                                |                      |                                          | CR-6              |
-| App Service         | [Latest TLS version should be used in your Function App](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RequireLatestTls_FunctionApp_Audit.json)                                                 |                            |       |           |             |                                |                      | ID : 0949.09y2Organizational.5 - 09.y    |                   |
-| App Service         | [Latest TLS version should be used in your Function App](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RequireLatestTls_FunctionApp_Audit.json)                                                 |                            |       |           |             |                                | 3.14.1               |                                          |                   |
-| App Service         | [Latest TLS version should be used in your Function App](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RequireLatestTls_FunctionApp_Audit.json)                                                 |                            | 9.3   |           |             |                                |                      |                                          |                   |
-| App Service         | [Latest TLS version should be used in your Function App](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RequireLatestTls_FunctionApp_Audit.json)                                                 | DP-4                       |       |           |             |                                |                      |                                          |                   |
-| App Service         | [Latest TLS version should be used in your Web App](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RequireLatestTls_WebApp_Audit.json)                                                           |                            |       |           |             |                                |                      |                                          |                   |
-| App Service         | [Latest TLS version should be used in your Web App](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RequireLatestTls_WebApp_Audit.json)                                                           |                            |       |           |             |                                |                      |                                          | CR-6              |
-| App Service         | [Latest TLS version should be used in your Web App](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RequireLatestTls_WebApp_Audit.json)                                                           |                            |       |           |             |                                |                      | ID : 0949.09y2Organizational.5 - 09.y    |                   |
-| App Service         | [Latest TLS version should be used in your Web App](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RequireLatestTls_WebApp_Audit.json)                                                           |                            |       |           |             |                                | 3.14.1               |                                          |                   |
-| App Service         | [Latest TLS version should be used in your Web App](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RequireLatestTls_WebApp_Audit.json)                                                           |                            | 9.3   |           |             |                                |                      |                                          |                   |
-| App Service         | [Latest TLS version should be used in your Web App](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RequireLatestTls_WebApp_Audit.json)                                                           | DP-4                       |       |           |             |                                |                      |                                          |                   |
-| App Service         | [Managed identity should be used in your API App](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_UseManagedIdentity_ApiApp_Audit.json)                                                           |                            | 9.5   |           |             |                                |                      |                                          |                   |
-| App Service         | [Managed identity should be used in your API App](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_UseManagedIdentity_ApiApp_Audit.json)                                                           | IM-2                       |       |           |             |                                |                      |                                          |                   |
-| App Service         | [Managed identity should be used in your Function App](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_UseManagedIdentity_FunctionApp_Audit.json)                                                 |                            | 9.5   |           |             |                                |                      |                                          |                   |
-| App Service         | [Managed identity should be used in your Function App](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_UseManagedIdentity_FunctionApp_Audit.json)                                                 | IM-2                       |       |           |             |                                |                      |                                          |                   |
-| App Service         | [Managed identity should be used in your Web App](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_UseManagedIdentity_WebApp_Audit.json)                                                           |                            | 9.5   |           |             |                                |                      |                                          |                   |
-| App Service         | [Managed identity should be used in your Web App](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_UseManagedIdentity_WebApp_Audit.json)                                                           | IM-2                       |       |           |             |                                |                      |                                          |                   |
-| App Service         | [Remote debugging should be turned off for API Apps](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_DisableRemoteDebugging_ApiApp_Audit.json)                                                    |                            |       |           |             |                                |                      |                                          |                   |
-| App Service         | [Remote debugging should be turned off for API Apps](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_DisableRemoteDebugging_ApiApp_Audit.json)                                                    |                            |       |           |             |                                |                      |                                          | AC-7              |
-| App Service         | [Remote debugging should be turned off for API Apps](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_DisableRemoteDebugging_ApiApp_Audit.json)                                                    |                            |       |           |             |                                |                      | ID : 0914.09s1Organizational.6 - 09.s    |                   |
-| App Service         | [Remote debugging should be turned off for API Apps](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_DisableRemoteDebugging_ApiApp_Audit.json)                                                    |                            |       |           |             |                                | 3.1.12               |                                          |                   |
-| App Service         | [Remote debugging should be turned off for API Apps](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_DisableRemoteDebugging_ApiApp_Audit.json)                                                    |                            |       |           |             | AC-17 (1)                      |                      |                                          |                   |
-| App Service         | [Remote debugging should be turned off for API Apps](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_DisableRemoteDebugging_ApiApp_Audit.json)                                                    | PV-2                       |       |           |             |                                |                      |                                          |                   |
-| App Service         | [Remote debugging should be turned off for Function Apps](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_DisableRemoteDebugging_FunctionApp_Audit.json)                                          |                            |       |           |             |                                |                      |                                          |                   |
-| App Service         | [Remote debugging should be turned off for Function Apps](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_DisableRemoteDebugging_FunctionApp_Audit.json)                                          |                            |       |           |             |                                |                      |                                          | AC-7              |
-| App Service         | [Remote debugging should be turned off for Function Apps](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_DisableRemoteDebugging_FunctionApp_Audit.json)                                          |                            |       |           |             |                                |                      | ID : 1325.09s1Organizational.3 - 09.s    |                   |
-| App Service         | [Remote debugging should be turned off for Function Apps](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_DisableRemoteDebugging_FunctionApp_Audit.json)                                          |                            |       |           |             |                                | 3.1.12               |                                          |                   |
-| App Service         | [Remote debugging should be turned off for Function Apps](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_DisableRemoteDebugging_FunctionApp_Audit.json)                                          |                            |       |           |             | AC-17 (1)                      |                      |                                          |                   |
-| App Service         | [Remote debugging should be turned off for Function Apps](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_DisableRemoteDebugging_FunctionApp_Audit.json)                                          | PV-2                       |       |           |             |                                |                      |                                          |                   |
-| App Service         | [Remote debugging should be turned off for Web Applications](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_DisableRemoteDebugging_WebApp_Audit.json)                                            |                            |       |           |             |                                |                      |                                          |                   |
-| App Service         | [Remote debugging should be turned off for Web Applications](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_DisableRemoteDebugging_WebApp_Audit.json)                                            |                            |       |           |             |                                |                      |                                          | AC-7              |
-| App Service         | [Remote debugging should be turned off for Web Applications](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_DisableRemoteDebugging_WebApp_Audit.json)                                            |                            |       |           |             |                                |                      | ID : 0912.09s1Organizational.4 - 09.s    |                   |
-| App Service         | [Remote debugging should be turned off for Web Applications](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_DisableRemoteDebugging_WebApp_Audit.json)                                            |                            |       |           |             |                                | 3.1.12               |                                          |                   |
-| App Service         | [Remote debugging should be turned off for Web Applications](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_DisableRemoteDebugging_WebApp_Audit.json)                                            |                            |       |           |             | AC-17 (1)                      |                      |                                          |                   |
-| App Service         | [Remote debugging should be turned off for Web Applications](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_DisableRemoteDebugging_WebApp_Audit.json)                                            | PV-2                       |       |           |             |                                |                      |                                          |                   |
-| App Service         | [Web Application should only be accessible over HTTPS](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceWebapp_AuditHTTP_Audit.json)                                                                |                            |       |           |             |                                |                      |                                          |                   |
-| App Service         | [Web Application should only be accessible over HTTPS](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceWebapp_AuditHTTP_Audit.json)                                                                |                            |       |           |             |                                |                      |                                          | SS-8              |
-| App Service         | [Web Application should only be accessible over HTTPS](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceWebapp_AuditHTTP_Audit.json)                                                                |                            |       |           |             |                                |                      | ID : 0949.09y2Organizational.5 - 09.y    |                   |
-| App Service         | [Web Application should only be accessible over HTTPS](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceWebapp_AuditHTTP_Audit.json)                                                                |                            |       |           |             |                                | 3.13.8               |                                          |                   |
-| App Service         | [Web Application should only be accessible over HTTPS](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceWebapp_AuditHTTP_Audit.json)                                                                |                            |       |           |             | SC-8 (1)                       |                      |                                          |                   |
-| App Service         | [Web Application should only be accessible over HTTPS](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceWebapp_AuditHTTP_Audit.json)                                                                |                            |       |           | A.10.1.1    |                                |                      |                                          |                   |
-| App Service         | [Web Application should only be accessible over HTTPS](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceWebapp_AuditHTTP_Audit.json)                                                                |                            | 9.2   |           |             |                                |                      |                                          |                   |
-| App Service         | [Web Application should only be accessible over HTTPS](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceWebapp_AuditHTTP_Audit.json)                                                                | DP-4                       |       |           |             |                                |                      |                                          |                   |
-| Automation          | [Automation account variables should be encrypted](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Automation/Automation_AuditUnencryptedVars_Audit.json)                                                                  |                            |       |           |             |                                |                      |                                          |                   |
-| Automation          | [Automation account variables should be encrypted](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Automation/Automation_AuditUnencryptedVars_Audit.json)                                                                  |                            |       |           | A.10.1.1    |                                |                      |                                          |                   |
-| Automation          | [Automation account variables should be encrypted](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Automation/Automation_AuditUnencryptedVars_Audit.json)                                                                  | DP-5                       |       |           |             |                                |                      |                                          |                   |
-| Azure Data Explorer | [Azure Data Explorer encryption at rest should use a customer-managed key](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Azure%20Data%20Explorer/ADX_CMK.json)                                                           |                            |       |           |             |                                |                      |                                          |                   |
-| Azure Data Explorer | [Disk encryption should be enabled on Azure Data Explorer](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Azure%20Data%20Explorer/ADX_disk_encrypted.json)                                                                |                            |       |           |             |                                |                      |                                          |                   |
-| Azure Data Explorer | [Double encryption should be enabled on Azure Data Explorer](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Azure%20Data%20Explorer/ADX_doubleEncryption.json)                                                            |                            |       |           |             |                                |                      |                                          |                   |
-| Backup              | [Azure Backup should be enabled for Virtual Machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Backup/VirtualMachines_EnableAzureBackup_Audit.json)                                                                 |                            |       |           |             |                                |                      |                                          |                   |
-| Backup              | [Azure Backup should be enabled for Virtual Machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Backup/VirtualMachines_EnableAzureBackup_Audit.json)                                                                 |                            |       |           |             |                                |                      | ID : 1699.09l1Organizational.10 - 09.l   |                   |
-| Backup              | [Azure Backup should be enabled for Virtual Machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Backup/VirtualMachines_EnableAzureBackup_Audit.json)                                                                 | BR-2                       |       |           |             |                                |                      |                                          |                   |
-| Cache               | [Azure Cache for Redis should reside within a virtual network](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cache/RedisCache_CacheInVnet_Audit.json)                                                                    | NS-2                       |       |           |             |                                |                      |                                          |                   |
-| Cache               | [Only secure connections to your Azure Cache for Redis should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cache/RedisCache_AuditSSLPort_Audit.json)                                                        |                            |       |           |             |                                |                      |                                          |                   |
-| Cache               | [Only secure connections to your Azure Cache for Redis should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cache/RedisCache_AuditSSLPort_Audit.json)                                                        |                            |       |           |             |                                |                      |                                          | DM-6              |
-| Cache               | [Only secure connections to your Azure Cache for Redis should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cache/RedisCache_AuditSSLPort_Audit.json)                                                        |                            |       |           |             |                                |                      | ID : 0946.09y2Organizational.14 - 09.y   |                   |
-| Cache               | [Only secure connections to your Azure Cache for Redis should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cache/RedisCache_AuditSSLPort_Audit.json)                                                        |                            |       |           |             |                                | 3.13.8               |                                          |                   |
-| Cache               | [Only secure connections to your Azure Cache for Redis should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cache/RedisCache_AuditSSLPort_Audit.json)                                                        |                            |       |           |             | SC-8 (1)                       |                      |                                          |                   |
-| Cache               | [Only secure connections to your Azure Cache for Redis should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cache/RedisCache_AuditSSLPort_Audit.json)                                                        |                            |       |           | A.13.2.1    |                                |                      |                                          |                   |
-| Cache               | [Only secure connections to your Azure Cache for Redis should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cache/RedisCache_AuditSSLPort_Audit.json)                                                        | DP-4                       |       |           |             |                                |                      |                                          |                   |
-| Cognitive Services  | [Cognitive Services accounts should enable data encryption with a customer-managed key](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cognitive%20Services/CognitiveServices_CustomerManagedKey_Audit.json)              |                            |       |           |             |                                |                      |                                          |                   |
-| Cognitive Services  | [Cognitive Services accounts should enable data encryption with a customer-managed key](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cognitive%20Services/CognitiveServices_CustomerManagedKey_Audit.json)              | DP-5                       |       |           |             |                                |                      |                                          |                   |
-| Cognitive Services  | [Cognitive Services accounts should enable data encryption](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cognitive%20Services/CognitiveServices_Encryption_Audit.json)                                                  |                            |       |           |             |                                |                      |                                          |                   |
-| Cognitive Services  | [Cognitive Services accounts should enable data encryption](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cognitive%20Services/CognitiveServices_Encryption_Audit.json)                                                  | DP-2                       |       |           |             |                                |                      |                                          |                   |
-| Cognitive Services  | [Cognitive Services accounts should restrict network access](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cognitive%20Services/CognitiveServices_NetworkAcls_Audit.json)                                                |                            |       |           |             |                                |                      |                                          |                   |
-| Cognitive Services  | [Cognitive Services accounts should restrict network access](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cognitive%20Services/CognitiveServices_NetworkAcls_Audit.json)                                                | NS-1                       |       |           |             |                                |                      |                                          |                   |
-| Cognitive Services  | [Cognitive Services accounts should use customer owned storage or enable data encryption.](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cognitive%20Services/CognitiveServices_BYOX_Audit.json)                         | DP-5                       |       |           |             |                                |                      |                                          |                   |
-| Cognitive Services  | [Public network access should be disabled for Cognitive Services accounts](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cognitive%20Services/CognitiveServices_DisablePublicNetworkAccess_Audit.json)                   |                            |       |           |             |                                |                      |                                          |                   |
-| Cognitive Services  | [Public network access should be disabled for Cognitive Services accounts](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cognitive%20Services/CognitiveServices_DisablePublicNetworkAccess_Audit.json)                   | NS-1                       |       |           |             |                                |                      |                                          |                   |
-| Compute             | [Audit VMs that do not use managed disks](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/VMRequireManagedDisk_Audit.json)                                                                                         |                            |       |           | A.9.1.2     |                                |                      |                                          |                   |
-| Compute             | [Audit VMs that do not use managed disks](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/VMRequireManagedDisk_Audit.json)                                                                                         |                            | 7.1   |           |             |                                |                      |                                          |                   |
-| Compute             | [Audit virtual machines without disaster recovery configured](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/RecoveryServices_DisasterRecovery_Audit.json)                                                        |                            |       |           |             |                                |                      |                                          |                   |
-| Compute             | [Audit virtual machines without disaster recovery configured](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/RecoveryServices_DisasterRecovery_Audit.json)                                                        |                            |       |           |             |                                |                      |                                          | ESS-3             |
-| Compute             | [Audit virtual machines without disaster recovery configured](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/RecoveryServices_DisasterRecovery_Audit.json)                                                        |                            |       |           |             |                                |                      | ID : 1638.12b2Organizational.345 - 12.b  |                   |
-| Compute             | [Audit virtual machines without disaster recovery configured](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/RecoveryServices_DisasterRecovery_Audit.json)                                                        |                            |       |           |             | CP-7                           |                      |                                          |                   |
-| Compute             | [Microsoft Antimalware for Azure should be configured to automatically update protection signatures](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/VirtualMachines_AntiMalwareAutoUpdate_AuditIfNotExists.json)  |                            |       |           |             |                                |                      |                                          |                   |
-| Compute             | [Microsoft Antimalware for Azure should be configured to automatically update protection signatures](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/VirtualMachines_AntiMalwareAutoUpdate_AuditIfNotExists.json)  |                            |       |           |             |                                |                      | ID : 0201.09j1Organizational.124 - 09.j  |                   |
-| Compute             | [Microsoft IaaSAntimalware extension should be deployed on Windows servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/WindowsServers_AntiMalware_AuditIfNotExists.json)                                      |                            |       |           |             |                                |                      |                                          |                   |
-| Compute             | [Microsoft IaaSAntimalware extension should be deployed on Windows servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/WindowsServers_AntiMalware_AuditIfNotExists.json)                                      |                            |       |           |             |                                |                      |                                          | SS-2              |
-| Compute             | [Microsoft IaaSAntimalware extension should be deployed on Windows servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/WindowsServers_AntiMalware_AuditIfNotExists.json)                                      |                            |       |           |             |                                | 3.14.2               |                                          |                   |
-| Compute             | [Unattached disks should be encrypted](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/UnattachedDisk_Encryption_Audit.json)                                                                                       |                            |       |           |             |                                |                      |                                          |                   |
-| Compute             | [Unattached disks should be encrypted](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/UnattachedDisk_Encryption_Audit.json)                                                                                       |                            |       |           |             |                                |                      | ID : 0303.09o2Organizational.2 - 09.o    |                   |
-| Compute             | [Unattached disks should be encrypted](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/UnattachedDisk_Encryption_Audit.json)                                                                                       |                            | 7.3   |           |             |                                |                      |                                          |                   |
-| Compute             | [Virtual machines should be migrated to new Azure Resource Manager resources](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/ClassicCompute_Audit.json)                                                           |                            |       |           |             |                                |                      | ID : 0835.09n1Organizational.1 - 09.n    |                   |
-| Compute             | [Virtual machines should be migrated to new Azure Resource Manager resources](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/ClassicCompute_Audit.json)                                                           |                            |       |           | A.9.1.2     |                                |                      |                                          |                   |
-| Compute             | [Virtual machines should be migrated to new Azure Resource Manager resources](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/ClassicCompute_Audit.json)                                                           | AM-3                       |       |           |             |                                |                      |                                          |                   |
-| Container Registry  | [Container registries should be encrypted with a customer-managed key](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Container%20Registry/ACR_CMKEncryptionEnabled_Audit.json)                                           |                            |       |           |             |                                |                      |                                          |                   |
-| Container Registry  | [Container registries should be encrypted with a customer-managed key](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Container%20Registry/ACR_CMKEncryptionEnabled_Audit.json)                                           | DP-5                       |       |           |             |                                |                      |                                          |                   |
-| Container Registry  | [Container registries should not allow unrestricted network access](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Container%20Registry/ACR_NetworkRulesExist_Audit.json)                                                 |                            |       |           |             |                                |                      |                                          |                   |
-| Container Registry  | [Container registries should not allow unrestricted network access](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Container%20Registry/ACR_NetworkRulesExist_Audit.json)                                                 | NS-1                       |       |           |             |                                |                      |                                          |                   |
-| Container Registry  | [Container registries should use private link](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Container%20Registry/ACR_PrivateEndpointEnabled_Audit.json)                                                                 | NS-3                       |       |           |             |                                |                      |                                          |                   |
-| Cosmos DB           | [Azure Cosmos DB accounts should have firewall rules](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cosmos%20DB/Cosmos_NetworkRulesExist_Audit.json)                                                                     | NS-4                       |       |           |             |                                |                      |                                          |                   |
-| Cosmos DB           | [Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cosmos%20DB/Cosmos_CMK_Deny.json)                                                      | DP-5                       |       |           |             |                                |                      |                                          |                   |
-| Data Lake           | [Require encryption on Data Lake Store accounts](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Lake/DataLakeStoreEncryption_Deny.json)                                                                            |                            |       |           |             |                                |                      |                                          |                   |
-| Data Lake           | [Require encryption on Data Lake Store accounts](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Lake/DataLakeStoreEncryption_Deny.json)                                                                            |                            |       |           |             |                                |                      | ID : 0304.09o3Organizational.1 - 09.o    |                   |
-| Event Grid          | [Azure Event Grid domains should use private link](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Event%20Grid/Domains_PrivateEndpoint_Audit.json)                                                                        | NS-3                       |       |           |             |                                |                      |                                          |                   |
-| Event Grid          | [Azure Event Grid topics should use private link](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Event%20Grid/Topics_PrivateEndpoint_Audit.json)                                                                          | NS-3                       |       |           |             |                                |                      |                                          |                   |
-| General             | [Audit usage of custom RBAC rules](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/General/Subscription_AuditCustomRBACRoles_Audit.json)                                                                                   |                            |       |           |             |                                |                      |                                          |                   |
-| General             | [Audit usage of custom RBAC rules](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/General/Subscription_AuditCustomRBACRoles_Audit.json)                                                                                   |                            |       |           |             |                                |                      | ID : 1230.09c2Organizational.1 - 09.c    |                   |
-| General             | [Audit usage of custom RBAC rules](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/General/Subscription_AuditCustomRBACRoles_Audit.json)                                                                                   |                            |       |           |             | AC-2 (7)                       |                      |                                          |                   |
-| General             | [Audit usage of custom RBAC rules](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/General/Subscription_AuditCustomRBACRoles_Audit.json)                                                                                   |                            |       |           | A.9.2.3     |                                |                      |                                          |                   |
-| General             | [Audit usage of custom RBAC rules](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/General/Subscription_AuditCustomRBACRoles_Audit.json)                                                                                   | PA-7                       |       |           |             |                                |                      |                                          |                   |
-| General             | [Custom subscription owner roles should not exist](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/General/CustomSubscription_OwnerRole_Audit.json)                                                                        |                            |       |           |             |                                |                      | ID : 1278.09c2Organizational.56 - 09.c   |                   |
-| General             | [Custom subscription owner roles should not exist](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/General/CustomSubscription_OwnerRole_Audit.json)                                                                        |                            | 1.21  |           |             |                                |                      |                                          |                   |
-| General             | [Custom subscription owner roles should not exist](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/General/CustomSubscription_OwnerRole_Audit.json)                                                                        | PA-7                       |       |           |             |                                |                      |                                          |                   |
-| Key Vault           | [Azure Key Vault Managed HSM should have purge protection enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/ManagedHsm_Recoverable_Audit.json)                                                          |                            |       |           |             |                                |                      | ID : 1635.12b1Organizational.2 - 12.b    |                   |
-| Key Vault           | [Key vaults should have purge protection enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/KeyVault_Recoverable_Audit.json)                                                                             |                            |       |           |             |                                |                      |                                          |                   |
-| Key Vault           | [Key vaults should have purge protection enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/KeyVault_Recoverable_Audit.json)                                                                             |                            |       |           |             |                                |                      | ID : 1635.12b1Organizational.2 - 12.b    |                   |
-| Key Vault           | [Key vaults should have purge protection enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/KeyVault_Recoverable_Audit.json)                                                                             |                            | 8.4   |           |             |                                |                      |                                          |                   |
-| Key Vault           | [Key vaults should have purge protection enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/KeyVault_Recoverable_Audit.json)                                                                             | BR-4                       |       |           |             |                                |                      |                                          |                   |
-| Key Vault           | [Key vaults should have soft delete enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/KeyVault_SoftDeleteMustBeEnabled_Audit.json)                                                                      |                            |       |           |             |                                |                      |                                          |                   |
-| Key Vault           | [Key vaults should have soft delete enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/KeyVault_SoftDeleteMustBeEnabled_Audit.json)                                                                      | BR-4                       |       |           |             |                                |                      |                                          |                   |
-| Key Vault           | [[Preview]: Firewall should be enabled on Key Vault](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/AzureKeyVaultFirewallEnabled_Audit.json)                                                                  |                            |       |           |             |                                |                      |                                          |                   |
-| Key Vault           | [[Preview]: Firewall should be enabled on Key Vault](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/AzureKeyVaultFirewallEnabled_Audit.json)                                                                  | NS-4                       |       |           |             |                                |                      |                                          |                   |
-| Key Vault           | [[Preview]: Key Vault keys should have an expiration date](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/Keys_ExpirationSet.json)                                                                            |                            |       |           |             |                                |                      |                                          |                   |
-| Key Vault           | [[Preview]: Key Vault keys should have an expiration date](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/Keys_ExpirationSet.json)                                                                            |                            | 8.1   |           |             |                                |                      |                                          |                   |
-| Key Vault           | [[Preview]: Key Vault secrets should have an expiration date](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/Secrets_ExpirationSet.json)                                                                      |                            | 8.2   |           |             |                                |                      |                                          |                   |
-| Key Vault           | [[Preview]: Private endpoint should be configured for Key Vault](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/AzureKeyVaultPrivateEndpointEnabled_Audit.json)                                               | NS-3                       |       |           |             |                                |                      |                                          |                   |
-| Kubernetes          | [Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/AKS_AzurePolicyAddOn_Audit.json)                            | PV-2                       |       |           |             |                                |                      |                                          |                   |
-| Kubernetes          | [Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/AKS_CMK_Deny.json)                    |                            |       |           |             |                                |                      |                                          |                   |
-| Machine Learning    | [Azure Machine Learning workspaces should be encrypted with a customer-managed key](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Machine%20Learning/Workspace_CMKEnabled_Audit.json)                                    | DP-5                       |       |           |             |                                |                      |                                          |                   |
-| Machine Learning    | [Azure Machine Learning workspaces should use private link](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Machine%20Learning/Workspace_PrivateLinkEnabled_Audit.json)                                                    | NS-3                       |       |           |             |                                |                      |                                          |                   |
-| Monitoring          | [Activity log should be retained for at least one year](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLogRetention_365orGreater.json)                                                                 |                            |       |           |             |                                |                      |                                          |                   |
-| Monitoring          | [Activity log should be retained for at least one year](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLogRetention_365orGreater.json)                                                                 |                            |       |           |             |                                |                      |                                          | AC-15             |
-| Monitoring          | [Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_CaptureAllCategories.json)                           |                            |       |           |             |                                |                      |                                          |                   |
-| Monitoring          | [Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_CaptureAllCategories.json)                           |                            |       |           |             |                                |                      | ID : 1219.09ab3System.10 - 09.ab         |                   |
-| Monitoring          | [Azure Monitor should collect activity logs from all regions](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_CaptureAllRegions.json)                                                               |                            |       |           |             |                                |                      |                                          |                   |
-| Monitoring          | [Azure Monitor should collect activity logs from all regions](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_CaptureAllRegions.json)                                                               |                            |       |           |             |                                |                      | ID : 1214.09ab2System.3456 - 09.ab       |                   |
-| Monitoring          | [Azure subscriptions should have a log profile for Activity Log](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/Logprofile_activityLogs_Audit.json)                                                            |                            |       |           |             |                                |                      |                                          |                   |
-| Monitoring          | [Azure subscriptions should have a log profile for Activity Log](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/Logprofile_activityLogs_Audit.json)                                                            |                            |       |           |             |                                |                      |                                          | AC-13             |
-| Monitoring          | [Storage account containing the container with activity logs must be encrypted with BYOK](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_StorageAccountBYOK_Audit.json)                            |                            | 5.1.4 |           |             |                                |                      |                                          |                   |
-| Monitoring          | [The Log Analytics agent should be installed on Virtual Machine Scale Sets](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/VMSS_LogAnalyticsAgent_AuditIfNotExists.json)                                       |                            |       |           |             |                                |                      |                                          |                   |
-| Monitoring          | [The Log Analytics agent should be installed on Virtual Machine Scale Sets](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/VMSS_LogAnalyticsAgent_AuditIfNotExists.json)                                       |                            |       |           |             |                                |                      | ID : 1216.09ab3System.12 - 09.ab         |                   |
-| Monitoring          | [The Log Analytics agent should be installed on Virtual Machine Scale Sets](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/VMSS_LogAnalyticsAgent_AuditIfNotExists.json)                                       |                            |       |           |             |                                | 3.3.2                |                                          |                   |
-| Monitoring          | [The Log Analytics agent should be installed on virtual machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/VirtualMachines_LogAnalyticsAgent_AuditIfNotExists.json)                                      |                            |       |           |             |                                |                      |                                          |                   |
-| Monitoring          | [The Log Analytics agent should be installed on virtual machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/VirtualMachines_LogAnalyticsAgent_AuditIfNotExists.json)                                      |                            |       |           |             |                                |                      | ID : 1215.09ab2System.7 - 09.ab          |                   |
-| Monitoring          | [The Log Analytics agent should be installed on virtual machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/VirtualMachines_LogAnalyticsAgent_AuditIfNotExists.json)                                      |                            |       |           |             |                                | 3.3.2                |                                          |                   |
-| Monitoring          | [[Preview]: Log Analytics agent should be installed on your Linux Azure Arc machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/Arc_Linux_LogAnalytics_Audit.json)                                        | LT-5                       |       |           |             |                                |                      |                                          |                   |
-| Monitoring          | [[Preview]: Log Analytics agent should be installed on your Windows Azure Arc machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/Arc_Windows_LogAnalytics_Audit.json)                                    | LT-5                       |       |           |             |                                |                      |                                          |                   |
-| Monitoring          | [[Preview]: Network traffic data collection agent should be installed on Linux virtual machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ASC_Dependency_Agent_Audit_Linux.json)                         |                            |       |           |             |                                |                      | ID : 0885.09n2Organizational.3 - 09.n    |                   |
-| Monitoring          | [[Preview]: Network traffic data collection agent should be installed on Linux virtual machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ASC_Dependency_Agent_Audit_Linux.json)                         | LT-3                       |       |           |             |                                |                      |                                          |                   |
-| Monitoring          | [[Preview]: Network traffic data collection agent should be installed on Windows virtual machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ASC_Dependency_Agent_Audit_Windows.json)                     |                            |       |           |             |                                |                      | ID : 0887.09n2Organizational.5 - 09.n    |                   |
-| Monitoring          | [[Preview]: Network traffic data collection agent should be installed on Windows virtual machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ASC_Dependency_Agent_Audit_Windows.json)                     | LT-3                       |       |           |             |                                |                      |                                          |                   |
-| Network             | [App Service should use a virtual network service endpoint](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/VirtualNetworkServiceEndpoint_AppService_AuditIfNotExists.json)                                        |                            |       |           |             |                                |                      | ID : 0861.09m2Organizational.67 - 09.m   |                   |
-| Network             | [Cosmos DB should use a virtual network service endpoint](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/VirtualNetworkServiceEndpoint_CosmosDB_Audit.json)                                                       |                            |       |           |             |                                |                      | ID : 0864.09m2Organizational.12 - 09.m   |                   |
-| Network             | [Event Hub should use a virtual network service endpoint](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/VirtualNetworkServiceEndpoint_EventHub_AuditIfNotExists.json)                                            |                            |       |           |             |                                |                      | ID : 0863.09m2Organizational.910 - 09.m  |                   |
-| Network             | [Flow log should be configured for every network security group](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkSecurityGroup_FlowLog_Audit.json)                                                          |                            |       |           |             |                                |                      |                                          |                   |
-| Network             | [Gateway subnets should not be configured with a network security group](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkSecurityGroupOnGatewaySubnet_Deny.json)                                            |                            |       |           |             |                                |                      | ID : 0894.01m2Organizational.7 - 01.m    |                   |
-| Network             | [Key Vault should use a virtual network service endpoint](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/VirtualNetworkServiceEndpoint_KeyVault_Audit.json)                                                       |                            |       |           |             |                                |                      | ID : 0865.09m2Organizational.13 - 09.m   |                   |
-| Network             | [RDP access from the Internet should be blocked](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkSecurityGroup_RDPAccess_Audit.json)                                                                        |                            |       |           |             |                                |                      |                                          |                   |
-| Network             | [RDP access from the Internet should be blocked](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkSecurityGroup_RDPAccess_Audit.json)                                                                        |                            | 6.1   |           |             |                                |                      |                                          |                   |
-| Network             | [RDP access from the Internet should be blocked](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkSecurityGroup_RDPAccess_Audit.json)                                                                        | NS-4                       |       |           |             |                                |                      |                                          |                   |
-| Network             | [SQL Server should use a virtual network service endpoint](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/VirtualNetworkServiceEndpoint_SQLServer_AuditIfNotExists.json)                                          |                            |       |           |             |                                |                      | ID : 0862.09m2Organizational.8 - 09.m    |                   |
-| Network             | [SSH access from the Internet should be blocked](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkSecurityGroup_SSHAccess_Audit.json)                                                                        |                            |       |           |             |                                |                      |                                          |                   |
-| Network             | [SSH access from the Internet should be blocked](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkSecurityGroup_SSHAccess_Audit.json)                                                                        |                            | 6.2   |           |             |                                |                      |                                          |                   |
-| Network             | [SSH access from the Internet should be blocked](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkSecurityGroup_SSHAccess_Audit.json)                                                                        | NS-4                       |       |           |             |                                |                      |                                          |                   |
-| Network             | [Service Bus should use a virtual network service endpoint](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/VirtualNetworkServiceEndpoint_ServiceBus_AuditIfNotExists.json)                                        |                            |       |           |             |                                |                      | ID : 0860.09m1Organizational.9 - 09.m    |                   |
-| Network             | [Storage Accounts should use a virtual network service endpoint](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/VirtualNetworkServiceEndpoint_StorageAccount_Audit.json)                                          |                            |       |           |             |                                |                      | ID : 0867.09m3Organizational.17 - 09.m   |                   |
-| Network             | [Web Application Firewall (WAF) should be enabled for Application Gateway](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/WAF_AppGatewayEnabled_Audit.json)                                                       |                            |       |           |             |                                |                      |                                          |                   |
-| Network             | [Web Application Firewall (WAF) should be enabled for Application Gateway](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/WAF_AppGatewayEnabled_Audit.json)                                                       |                            |       |           |             |                                |                      |                                          | NS-7              |
-| Network             | [Web Application Firewall (WAF) should be enabled for Application Gateway](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/WAF_AppGatewayEnabled_Audit.json)                                                       | NS-4                       |       |           |             |                                |                      |                                          |                   |
-| Network             | [Web Application Firewall (WAF) should be enabled for Azure Front Door Service service](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/WAF_AFD_Enabled_Audit.json)                                                |                            |       |           |             |                                |                      |                                          |                   |
-| Network             | [Web Application Firewall (WAF) should be enabled for Azure Front Door Service service](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/WAF_AFD_Enabled_Audit.json)                                                |                            |       |           |             |                                |                      |                                          | NS-7              |
-| Network             | [Web Application Firewall (WAF) should be enabled for Azure Front Door Service service](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/WAF_AFD_Enabled_Audit.json)                                                | NS-4                       |       |           |             |                                |                      |                                          |                   |
-| Network             | [[Preview]: All Internet traffic should be routed via your deployed Azure Firewall](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/ASC_All_Internet_traffic_should_be_routed_via_Azure_Firewall.json)             |                            |       |           |             |                                |                      |                                          |                   |
-| Network             | [[Preview]: All Internet traffic should be routed via your deployed Azure Firewall](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/ASC_All_Internet_traffic_should_be_routed_via_Azure_Firewall.json)             |                            |       |           |             |                                |                      |                                          | NS-7              |
-| Network             | [[Preview]: All Internet traffic should be routed via your deployed Azure Firewall](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/ASC_All_Internet_traffic_should_be_routed_via_Azure_Firewall.json)             | NS-5                       |       |           |             |                                |                      |                                          |                   |
-| Network             | [[Preview]: Container Registry should use a virtual network service endpoint](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/VirtualNetworkServiceEndpoint_ContainerRegistry_Audit.json)                          |                            |       |           |             |                                |                      | ID : 0871.09m3Organizational.22 - 09.m   |                   |
-| SQL                 | [Advanced data security should be enabled on SQL Managed Instance](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlManagedInstance_AdvancedDataSecurity_Audit.json)                                                 |                            |       |           |             |                                |                      |                                          |                   |
-| SQL                 | [Advanced data security should be enabled on SQL Managed Instance](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlManagedInstance_AdvancedDataSecurity_Audit.json)                                                 |                            |       |           |             |                                |                      |                                          | DM-6              |
-| SQL                 | [Advanced data security should be enabled on SQL Managed Instance](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlManagedInstance_AdvancedDataSecurity_Audit.json)                                                 |                            |       |           |             |                                | 3.14.6               |                                          |                   |
-| SQL                 | [Advanced data security should be enabled on SQL Managed Instance](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlManagedInstance_AdvancedDataSecurity_Audit.json)                                                 |                            |       |           |             | SI-4                           |                      |                                          |                   |
-| SQL                 | [Advanced data security should be enabled on SQL Managed Instance](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlManagedInstance_AdvancedDataSecurity_Audit.json)                                                 |                            | 4.2.1 |           |             |                                |                      |                                          |                   |
-| SQL                 | [Advanced data security should be enabled on SQL Managed Instance](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlManagedInstance_AdvancedDataSecurity_Audit.json)                                                 | IR-5                       |       |           |             |                                |                      |                                          |                   |
-| SQL                 | [Advanced data security should be enabled on your SQL servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServer_AdvancedDataSecurity_Audit.json)                                                              |                            |       |           |             |                                |                      |                                          |                   |
-| SQL                 | [Advanced data security should be enabled on your SQL servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServer_AdvancedDataSecurity_Audit.json)                                                              |                            |       |           |             |                                |                      |                                          | DM-6              |
-| SQL                 | [Advanced data security should be enabled on your SQL servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServer_AdvancedDataSecurity_Audit.json)                                                              |                            |       |           |             |                                | 3.14.6               |                                          |                   |
-| SQL                 | [Advanced data security should be enabled on your SQL servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServer_AdvancedDataSecurity_Audit.json)                                                              |                            |       |           |             | SI-4                           |                      |                                          |                   |
-| SQL                 | [Advanced data security should be enabled on your SQL servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServer_AdvancedDataSecurity_Audit.json)                                                              |                            | 4.2.1 |           |             |                                |                      |                                          |                   |
-| SQL                 | [An Azure Active Directory administrator should be provisioned for SQL servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SQL_DB_AuditServerADAdmins_Audit.json)                                                 |                            |       |           |             |                                |                      |                                          |                   |
-| SQL                 | [An Azure Active Directory administrator should be provisioned for SQL servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SQL_DB_AuditServerADAdmins_Audit.json)                                                 |                            |       |           |             |                                |                      |                                          | DM-6              |
-| SQL                 | [An Azure Active Directory administrator should be provisioned for SQL servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SQL_DB_AuditServerADAdmins_Audit.json)                                                 |                            |       |           |             | AC-2 (7)                       |                      |                                          |                   |
-| SQL                 | [An Azure Active Directory administrator should be provisioned for SQL servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SQL_DB_AuditServerADAdmins_Audit.json)                                                 |                            |       |           | A.9.2.3     |                                |                      |                                          |                   |
-| SQL                 | [An Azure Active Directory administrator should be provisioned for SQL servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SQL_DB_AuditServerADAdmins_Audit.json)                                                 |                            | 4.4   |           |             |                                |                      |                                          |                   |
-| SQL                 | [An Azure Active Directory administrator should be provisioned for SQL servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SQL_DB_AuditServerADAdmins_Audit.json)                                                 | IM-1                       |       |           |             |                                |                      |                                          |                   |
-| SQL                 | [Bring your own key data protection should be enabled for MySQL servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/MySQL_EnableByok_Audit.json)                                                                  | DP-5                       |       |           |             |                                |                      |                                          |                   |
-| SQL                 | [Bring your own key data protection should be enabled for PostgreSQL servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_EnableByok_Audit.json)                                                        | DP-5                       |       |           |             |                                |                      |                                          |                   |
-| SQL                 | [Connection throttling should be enabled for PostgreSQL database servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_ConnectionThrottling_Enabled_Audit.json)                                          |                            | 4.3.6 |           |             |                                |                      |                                          |                   |
-| SQL                 | [Disconnections should be logged for PostgreSQL database servers.](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_EnableLogDisconnections_Audit.json)                                                      |                            | 4.3.5 |           |             |                                |                      |                                          |                   |
-| SQL                 | [Enforce SSL connection should be enabled for MySQL database servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/MySQL_EnableSSL_Audit.json)                                                                      |                            |       |           |             |                                |                      |                                          |                   |
-| SQL                 | [Enforce SSL connection should be enabled for MySQL database servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/MySQL_EnableSSL_Audit.json)                                                                      |                            |       |           |             |                                |                      | ID : 0948.09y2Organizational.3 - 09.y    |                   |
-| SQL                 | [Enforce SSL connection should be enabled for MySQL database servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/MySQL_EnableSSL_Audit.json)                                                                      |                            | 4.3.1 |           |             |                                |                      |                                          |                   |
-| SQL                 | [Enforce SSL connection should be enabled for MySQL database servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/MySQL_EnableSSL_Audit.json)                                                                      | DP-4                       |       |           |             |                                |                      |                                          |                   |
-| SQL                 | [Enforce SSL connection should be enabled for PostgreSQL database servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_EnableSSL_Audit.json)                                                            |                            |       |           |             |                                |                      |                                          |                   |
-| SQL                 | [Enforce SSL connection should be enabled for PostgreSQL database servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_EnableSSL_Audit.json)                                                            |                            |       |           |             |                                |                      | ID : 0947.09y2Organizational.2 - 09.y    |                   |
-| SQL                 | [Enforce SSL connection should be enabled for PostgreSQL database servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_EnableSSL_Audit.json)                                                            |                            | 4.3.2 |           |             |                                |                      |                                          |                   |
-| SQL                 | [Enforce SSL connection should be enabled for PostgreSQL database servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_EnableSSL_Audit.json)                                                            | DP-4                       |       |           |             |                                |                      |                                          |                   |
-| SQL                 | [Geo-redundant backup should be enabled for Azure Database for MariaDB](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/GeoRedundant_DBForMariaDB_Audit.json)                                                          |                            |       |           |             |                                |                      |                                          |                   |
-| SQL                 | [Geo-redundant backup should be enabled for Azure Database for MariaDB](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/GeoRedundant_DBForMariaDB_Audit.json)                                                          |                            |       |           |             |                                |                      | ID : 1627.09l3Organizational.6 - 09.l    |                   |
-| SQL                 | [Geo-redundant backup should be enabled for Azure Database for MariaDB](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/GeoRedundant_DBForMariaDB_Audit.json)                                                          | BR-2                       |       |           |             |                                |                      |                                          |                   |
-| SQL                 | [Geo-redundant backup should be enabled for Azure Database for MySQL](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/GeoRedundant_DBForMySQL_Audit.json)                                                              |                            |       |           |             |                                |                      |                                          |                   |
-| SQL                 | [Geo-redundant backup should be enabled for Azure Database for MySQL](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/GeoRedundant_DBForMySQL_Audit.json)                                                              |                            |       |           |             |                                |                      | ID : 1622.09l2Organizational.23 - 09.l   |                   |
-| SQL                 | [Geo-redundant backup should be enabled for Azure Database for MySQL](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/GeoRedundant_DBForMySQL_Audit.json)                                                              | BR-2                       |       |           |             |                                |                      |                                          |                   |
-| SQL                 | [Geo-redundant backup should be enabled for Azure Database for PostgreSQL](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/GeoRedundant_DBForPostgreSQL_Audit.json)                                                    |                            |       |           |             |                                |                      |                                          |                   |
-| SQL                 | [Geo-redundant backup should be enabled for Azure Database for PostgreSQL](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/GeoRedundant_DBForPostgreSQL_Audit.json)                                                    |                            |       |           |             |                                |                      | ID : 1626.09l3Organizational.5 - 09.l    |                   |
-| SQL                 | [Geo-redundant backup should be enabled for Azure Database for PostgreSQL](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/GeoRedundant_DBForPostgreSQL_Audit.json)                                                    | BR-2                       |       |           |             |                                |                      |                                          |                   |
-| SQL                 | [Infrastructure encryption should be enabled for Azure Database for MySQL servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/MySQL_InfrastructureEncryption_Audit.json)                                          |                            |       |           |             |                                |                      |                                          |                   |
-| SQL                 | [Infrastructure encryption should be enabled for Azure Database for PostgreSQL servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_InfrastructureEncryption_Audit.json)                                |                            |       |           |             |                                |                      |                                          |                   |
-| SQL                 | [Log checkpoints should be enabled for PostgreSQL database servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_EnableLogCheckpoint_Audit.json)                                                         |                            | 4.3.3 |           |             |                                |                      |                                          |                   |
-| SQL                 | [Log connections should be enabled for PostgreSQL database servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_EnableLogConnections_Audit.json)                                                        |                            | 4.3.4 |           |             |                                |                      |                                          |                   |
-| SQL                 | [Long-term geo-redundant backup should be enabled for Azure SQL Databases](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/GeoRedundant_SQLDatabase_AuditIfNotExists.json)                                             |                            |       |           |             |                                |                      |                                          |                   |
-| SQL                 | [Long-term geo-redundant backup should be enabled for Azure SQL Databases](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/GeoRedundant_SQLDatabase_AuditIfNotExists.json)                                             |                            |       |           |             |                                |                      | ID : 1621.09l2Organizational.1 - 09.l    |                   |
-| SQL                 | [Long-term geo-redundant backup should be enabled for Azure SQL Databases](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/GeoRedundant_SQLDatabase_AuditIfNotExists.json)                                             | BR-2                       |       |           |             |                                |                      |                                          |                   |
-| SQL                 | [Private endpoint connections on Azure SQL Database should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServer_PrivateEndpoint_Audit.json)                                                           | NS-3                       |       |           |             |                                |                      |                                          |                   |
-| SQL                 | [Private endpoint should be enabled for MariaDB servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/MariaDB_EnablePrivateEndPoint_Audit.json)                                                                     | NS-3                       |       |           |             |                                |                      |                                          |                   |
-| SQL                 | [Private endpoint should be enabled for MySQL servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/MySQL_EnablePrivateEndPoint_Audit.json)                                                                         | NS-3                       |       |           |             |                                |                      |                                          |                   |
-| SQL                 | [Private endpoint should be enabled for PostgreSQL servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_EnablePrivateEndPoint_Audit.json)                                                               | NS-3                       |       |           |             |                                |                      |                                          |                   |
-| SQL                 | [Public network access on Azure SQL Database should be disabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServer_PublicNetworkAccess_Audit.json)                                                             |                            |       |           |             |                                |                      |                                          |                   |
-| SQL                 | [Public network access on Azure SQL Database should be disabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServer_PublicNetworkAccess_Audit.json)                                                             | NS-1                       |       |           |             |                                |                      |                                          |                   |
-| SQL                 | [Public network access should be disabled for MariaDB servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/MariaDB_DisablePublicNetworkAccess_Audit.json)                                                          |                            |       |           |             |                                |                      |                                          |                   |
-| SQL                 | [Public network access should be disabled for MariaDB servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/MariaDB_DisablePublicNetworkAccess_Audit.json)                                                          | NS-1                       |       |           |             |                                |                      |                                          |                   |
-| SQL                 | [Public network access should be disabled for MySQL flexible servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/MySQL_FlexibleServers_DisablePublicNetworkAccess_Audit.json)                                     |                            |       |           |             |                                |                      |                                          |                   |
-| SQL                 | [Public network access should be disabled for MySQL servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/MySQL_DisablePublicNetworkAccess_Audit.json)                                                              |                            |       |           |             |                                |                      |                                          |                   |
-| SQL                 | [Public network access should be disabled for MySQL servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/MySQL_DisablePublicNetworkAccess_Audit.json)                                                              | NS-1                       |       |           |             |                                |                      |                                          |                   |
-| SQL                 | [Public network access should be disabled for PostgreSQL flexible servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_FlexibleServers_DisablePublicNetworkAccess_Audit.json)                           |                            |       |           |             |                                |                      |                                          |                   |
-| SQL                 | [Public network access should be disabled for PostgreSQL servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_DisablePublicNetworkAccess_Audit.json)                                                    |                            |       |           |             |                                |                      |                                          |                   |
-| SQL                 | [Public network access should be disabled for PostgreSQL servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_DisablePublicNetworkAccess_Audit.json)                                                    | NS-1                       |       |           |             |                                |                      |                                          |                   |
-| SQL                 | [SQL managed instances should use customer-managed keys to encrypt data at rest](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlManagedInstance_EnsureServerTDEisEncryptedWithYourOwnKey_Audit.json)               |                            |       |           |             |                                |                      |                                          |                   |
-| SQL                 | [SQL managed instances should use customer-managed keys to encrypt data at rest](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlManagedInstance_EnsureServerTDEisEncryptedWithYourOwnKey_Audit.json)               |                            |       |           |             |                                |                      | ID : 0304.09o3Organizational.1 - 09.o    |                   |
-| SQL                 | [SQL managed instances should use customer-managed keys to encrypt data at rest](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlManagedInstance_EnsureServerTDEisEncryptedWithYourOwnKey_Audit.json)               |                            | 4.5   |           |             |                                |                      |                                          |                   |
-| SQL                 | [SQL managed instances should use customer-managed keys to encrypt data at rest](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlManagedInstance_EnsureServerTDEisEncryptedWithYourOwnKey_Audit.json)               | DP-5                       |       |           |             |                                |                      |                                          |                   |
-| SQL                 | [SQL servers should be configured with 90 days auditing retention or higher](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServerAuditingRetentionDays_Audit.json)                                                |                            | 4.1.3 |           |             |                                |                      |                                          |                   |
-| SQL                 | [SQL servers should use customer-managed keys to encrypt data at rest](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServer_EnsureServerTDEisEncryptedWithYourOwnKey_Audit.json)                                  |                            |       |           |             |                                |                      |                                          |                   |
-| SQL                 | [SQL servers should use customer-managed keys to encrypt data at rest](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServer_EnsureServerTDEisEncryptedWithYourOwnKey_Audit.json)                                  |                            |       |           |             |                                |                      | ID : 0304.09o3Organizational.1 - 09.o    |                   |
-| SQL                 | [SQL servers should use customer-managed keys to encrypt data at rest](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServer_EnsureServerTDEisEncryptedWithYourOwnKey_Audit.json)                                  |                            | 4.5   |           |             |                                |                      |                                          |                   |
-| SQL                 | [SQL servers should use customer-managed keys to encrypt data at rest](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServer_EnsureServerTDEisEncryptedWithYourOwnKey_Audit.json)                                  | DP-5                       |       |           |             |                                |                      |                                          |                   |
-| SQL                 | [Transparent Data Encryption on SQL databases should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlDBEncryption_Audit.json)                                                                           |                            |       |           |             |                                |                      |                                          |                   |
-| SQL                 | [Transparent Data Encryption on SQL databases should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlDBEncryption_Audit.json)                                                                           |                            |       |           |             |                                |                      |                                          | DM-6              |
-| SQL                 | [Transparent Data Encryption on SQL databases should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlDBEncryption_Audit.json)                                                                           |                            |       |           |             |                                |                      | ID : 0301.09o1Organizational.123 - 09.o  |                   |
-| SQL                 | [Transparent Data Encryption on SQL databases should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlDBEncryption_Audit.json)                                                                           |                            |       |           |             |                                | 3.13.16              |                                          |                   |
-| SQL                 | [Transparent Data Encryption on SQL databases should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlDBEncryption_Audit.json)                                                                           |                            |       |           |             | SC-28 (1)                      |                      |                                          |                   |
-| SQL                 | [Transparent Data Encryption on SQL databases should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlDBEncryption_Audit.json)                                                                           |                            |       |           | A.10.1.1    |                                |                      |                                          |                   |
-| SQL                 | [Transparent Data Encryption on SQL databases should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlDBEncryption_Audit.json)                                                                           |                            | 4.1.2 |           |             |                                |                      |                                          |                   |
-| SQL                 | [Transparent Data Encryption on SQL databases should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlDBEncryption_Audit.json)                                                                           | DP-5                       |       |           |             |                                |                      |                                          |                   |
-| SQL                 | [Vulnerability Assessment settings for SQL server should contain an email address to receive scan reports](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServer_VulnerabilityAssessmentEmails_Audit.json)         |                            |       |           |             |                                |                      |                                          |                   |
-| SQL                 | [Vulnerability Assessment settings for SQL server should contain an email address to receive scan reports](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServer_VulnerabilityAssessmentEmails_Audit.json)         |                            |       |           |             |                                |                      |                                          | ISM-3             |
-| SQL                 | [Vulnerability Assessment settings for SQL server should contain an email address to receive scan reports](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServer_VulnerabilityAssessmentEmails_Audit.json)         |                            | 4.2.4 |           |             |                                |                      |                                          |                   |
-| SQL                 | [Vulnerability assessment should be enabled on SQL Managed Instance](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/VulnerabilityAssessmentOnManagedInstance_Audit.json)                                              |                            |       |           |             |                                |                      |                                          |                   |
-| SQL                 | [Vulnerability assessment should be enabled on SQL Managed Instance](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/VulnerabilityAssessmentOnManagedInstance_Audit.json)                                              |                            |       |           |             |                                |                      |                                          | ISM-3             |
-| SQL                 | [Vulnerability assessment should be enabled on SQL Managed Instance](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/VulnerabilityAssessmentOnManagedInstance_Audit.json)                                              |                            |       |           |             |                                |                      | ID : 0719.10m3Organizational.5 - 10.m    |                   |
-| SQL                 | [Vulnerability assessment should be enabled on SQL Managed Instance](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/VulnerabilityAssessmentOnManagedInstance_Audit.json)                                              |                            | 4.2.2 |           |             |                                |                      |                                          |                   |
-| SQL                 | [Vulnerability assessment should be enabled on SQL Managed Instance](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/VulnerabilityAssessmentOnManagedInstance_Audit.json)                                              | PV-6                       |       |           |             |                                |                      |                                          |                   |
-| SQL                 | [Vulnerability assessment should be enabled on your SQL servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/VulnerabilityAssessmentOnServer_Audit.json)                                                           |                            |       |           |             |                                |                      |                                          |                   |
-| SQL                 | [Vulnerability assessment should be enabled on your SQL servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/VulnerabilityAssessmentOnServer_Audit.json)                                                           |                            |       |           |             |                                |                      |                                          | ISM-3             |
-| SQL                 | [Vulnerability assessment should be enabled on your SQL servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/VulnerabilityAssessmentOnServer_Audit.json)                                                           |                            |       |           |             |                                |                      | ID : 0709.10m1Organizational.1 - 10.m    |                   |
-| SQL                 | [Vulnerability assessment should be enabled on your SQL servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/VulnerabilityAssessmentOnServer_Audit.json)                                                           |                            | 4.2.2 |           |             |                                |                      |                                          |                   |
-| SQL                 | [Vulnerability assessment should be enabled on your SQL servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/VulnerabilityAssessmentOnServer_Audit.json)                                                           | PV-6                       |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [A maximum of 3 owners should be designated for your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_DesignateLessThanXOwners_Audit.json)                                              |                            |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [A maximum of 3 owners should be designated for your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_DesignateLessThanXOwners_Audit.json)                                              |                            |       |           |             |                                |                      |                                          | AC-2              |
-| Security Center     | [A maximum of 3 owners should be designated for your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_DesignateLessThanXOwners_Audit.json)                                              |                            |       |           |             |                                |                      | ID : 11112.01q2Organizational.67 - 01.q  |                   |
-| Security Center     | [A maximum of 3 owners should be designated for your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_DesignateLessThanXOwners_Audit.json)                                              |                            |       |           |             |                                | 3.1.4                |                                          |                   |
-| Security Center     | [A maximum of 3 owners should be designated for your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_DesignateLessThanXOwners_Audit.json)                                              |                            |       |           |             | AC-6 (7)                       |                      |                                          |                   |
-| Security Center     | [A maximum of 3 owners should be designated for your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_DesignateLessThanXOwners_Audit.json)                                              |                            |       |           | A.6.1.2     |                                |                      |                                          |                   |
-| Security Center     | [A maximum of 3 owners should be designated for your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_DesignateLessThanXOwners_Audit.json)                                              | PA-1                       |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [A vulnerability assessment solution should be enabled on your virtual machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_ServerVulnerabilityAssessment_Audit.json)                           |                            |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [A vulnerability assessment solution should be enabled on your virtual machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_ServerVulnerabilityAssessment_Audit.json)                           |                            |       |           |             |                                |                      |                                          | ISM-3             |
-| Security Center     | [A vulnerability assessment solution should be enabled on your virtual machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_ServerVulnerabilityAssessment_Audit.json)                           |                            |       |           |             |                                |                      | ID : 0711.10m2Organizational.23 - 10.m   |                   |
-| Security Center     | [A vulnerability assessment solution should be enabled on your virtual machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_ServerVulnerabilityAssessment_Audit.json)                           |                            |       |           |             |                                | 3.14.1               |                                          |                   |
-| Security Center     | [A vulnerability assessment solution should be enabled on your virtual machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_ServerVulnerabilityAssessment_Audit.json)                           |                            |       |           |             | SI-2                           |                      |                                          |                   |
-| Security Center     | [A vulnerability assessment solution should be enabled on your virtual machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_ServerVulnerabilityAssessment_Audit.json)                           |                            |       |           | A.12.6.1    |                                |                      |                                          |                   |
-| Security Center     | [A vulnerability assessment solution should be enabled on your virtual machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_ServerVulnerabilityAssessment_Audit.json)                           | PV-6                       |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Adaptive application controls for defining safe applications should be enabled on your machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_AdaptiveApplicationControls_Audit.json)            |                            |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Adaptive application controls for defining safe applications should be enabled on your machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_AdaptiveApplicationControls_Audit.json)            |                            |       |           |             |                                |                      |                                          | SS-4              |
-| Security Center     | [Adaptive application controls for defining safe applications should be enabled on your machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_AdaptiveApplicationControls_Audit.json)            |                            |       |           |             |                                |                      | ID : 0607.10h2System.23 - 10.h           |                   |
-| Security Center     | [Adaptive application controls for defining safe applications should be enabled on your machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_AdaptiveApplicationControls_Audit.json)            |                            |       |           |             |                                | 3.4.9                |                                          |                   |
-| Security Center     | [Adaptive application controls for defining safe applications should be enabled on your machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_AdaptiveApplicationControls_Audit.json)            |                            |       |           |             | CM-11                          |                      |                                          |                   |
-| Security Center     | [Adaptive application controls for defining safe applications should be enabled on your machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_AdaptiveApplicationControls_Audit.json)            |                            |       |           | A.12.6.2    |                                |                      |                                          |                   |
-| Security Center     | [Adaptive application controls for defining safe applications should be enabled on your machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_AdaptiveApplicationControls_Audit.json)            | AM-6                       |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Adaptive network hardening recommendations should be applied on internet facing virtual machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_AdaptiveNetworkHardenings_Audit.json)             |                            |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Adaptive network hardening recommendations should be applied on internet facing virtual machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_AdaptiveNetworkHardenings_Audit.json)             |                            |       |           |             |                                |                      |                                          | NS-2              |
-| Security Center     | [Adaptive network hardening recommendations should be applied on internet facing virtual machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_AdaptiveNetworkHardenings_Audit.json)             |                            |       |           |             |                                |                      | ID : 0859.09m1Organizational.78 - 09.m   |                   |
-| Security Center     | [Adaptive network hardening recommendations should be applied on internet facing virtual machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_AdaptiveNetworkHardenings_Audit.json)             |                            |       |           |             |                                | 3.13.5               |                                          |                   |
-| Security Center     | [Adaptive network hardening recommendations should be applied on internet facing virtual machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_AdaptiveNetworkHardenings_Audit.json)             |                            |       |           |             | SC-7                           |                      |                                          |                   |
-| Security Center     | [Adaptive network hardening recommendations should be applied on internet facing virtual machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_AdaptiveNetworkHardenings_Audit.json)             | NS-4                       |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [All network ports should be restricted on network security groups associated to your virtual machine](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UnprotectedEndpoints_Audit.json)              |                            |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [All network ports should be restricted on network security groups associated to your virtual machine](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UnprotectedEndpoints_Audit.json)              |                            |       |           |             |                                |                      | ID : 0858.09m1Organizational.4 - 09.m    |                   |
-| Security Center     | [All network ports should be restricted on network security groups associated to your virtual machine](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UnprotectedEndpoints_Audit.json)              |                            |       |           |             |                                | 3.13.5               |                                          |                   |
-| Security Center     | [All network ports should be restricted on network security groups associated to your virtual machine](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UnprotectedEndpoints_Audit.json)              |                            |       |           |             | SC-7                           |                      |                                          |                   |
-| Security Center     | [All network ports should be restricted on network security groups associated to your virtual machine](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UnprotectedEndpoints_Audit.json)              |                            |       |           | A.13.1.1    |                                |                      |                                          |                   |
-| Security Center     | [Allowlist rules in your adaptive application control policy should be updated](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_AdaptiveApplicationControlsUpdate_Audit.json)                        |                            |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Authorized IP ranges should be defined on Kubernetes Services](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableIpRanges_KubernetesService_Audit.json)                                         | NS-4                       |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Auto provisioning of the Log Analytics agent should be enabled on your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_Automatic_provisioning_log_analytics_monitoring_agent.json)    |                            |       |           |             |                                |                      | ID : 1220.09ab3System.56 - 09.ab         |                   |
-| Security Center     | [Auto provisioning of the Log Analytics agent should be enabled on your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_Automatic_provisioning_log_analytics_monitoring_agent.json)    |                            | 2.11  |           |             |                                |                      |                                          |                   |
-| Security Center     | [Auto provisioning of the Log Analytics agent should be enabled on your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_Automatic_provisioning_log_analytics_monitoring_agent.json)    | LT-5                       |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Azure DDoS Protection Standard should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableDDoSProtection_Audit.json)                                                                  |                            |       |           |             |                                |                      |                                          | NS-5              |
-| Security Center     | [Azure DDoS Protection Standard should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableDDoSProtection_Audit.json)                                                                  |                            |       |           |             | SC-5                           |                      |                                          |                   |
-| Security Center     | [Azure DDoS Protection Standard should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableDDoSProtection_Audit.json)                                                                  | NS-4                       |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Azure Defender for App Service should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnAppServices_Audit.json)                                           |                            |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Azure Defender for App Service should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnAppServices_Audit.json)                                           |                            | 2.2   |           |             |                                |                      |                                          |                   |
-| Security Center     | [Azure Defender for App Service should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnAppServices_Audit.json)                                           | IR-5                       |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Azure Defender for Azure SQL Database servers should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedDataSecurityOnSqlServers_Audit.json)                                 |                            |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Azure Defender for Azure SQL Database servers should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedDataSecurityOnSqlServers_Audit.json)                                 |                            | 2.3   |           |             |                                |                      |                                          |                   |
-| Security Center     | [Azure Defender for Azure SQL Database servers should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedDataSecurityOnSqlServers_Audit.json)                                 | IR-5                       |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Azure Defender for Key Vault should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnKeyVaults_Audit.json)                                               |                            |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Azure Defender for Key Vault should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnKeyVaults_Audit.json)                                               |                            | 2.8   |           |             |                                |                      |                                          |                   |
-| Security Center     | [Azure Defender for Key Vault should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnKeyVaults_Audit.json)                                               | IR-5                       |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Azure Defender for Kubernetes should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnKubernetesService_Audit.json)                                      |                            |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Azure Defender for Kubernetes should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnKubernetesService_Audit.json)                                      |                            | 2.6   |           |             |                                |                      |                                          |                   |
-| Security Center     | [Azure Defender for Kubernetes should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnKubernetesService_Audit.json)                                      | IR-5                       |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Azure Defender for SQL servers on machines should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedDataSecurityOnSqlServerVirtualMachines_Audit.json)                      |                            |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Azure Defender for SQL servers on machines should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedDataSecurityOnSqlServerVirtualMachines_Audit.json)                      |                            | 2.4   |           |             |                                |                      |                                          |                   |
-| Security Center     | [Azure Defender for SQL servers on machines should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedDataSecurityOnSqlServerVirtualMachines_Audit.json)                      | IR-5                       |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Azure Defender for Storage should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnStorageAccounts_Audit.json)                                           |                            |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Azure Defender for Storage should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnStorageAccounts_Audit.json)                                           |                            | 2.5   |           |             |                                |                      |                                          |                   |
-| Security Center     | [Azure Defender for Storage should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnStorageAccounts_Audit.json)                                           | IR-5                       |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Azure Defender for container registries should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnContainerRegistry_Audit.json)                            |                            |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Azure Defender for container registries should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnContainerRegistry_Audit.json)                            |                            | 2.7   |           |             |                                |                      |                                          |                   |
-| Security Center     | [Azure Defender for container registries should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnContainerRegistry_Audit.json)                            | IR-5                       |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Azure Defender for servers should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnVM_Audit.json)                                                        |                            |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Azure Defender for servers should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnVM_Audit.json)                                                        |                            | 2.1   |           |             |                                |                      |                                          |                   |
-| Security Center     | [Azure Defender for servers should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnVM_Audit.json)                                                        | ES-1                       |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Deprecated accounts should be removed from your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveDeprecatedAccounts_Audit.json)                                                  |                            |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Deprecated accounts should be removed from your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveDeprecatedAccounts_Audit.json)                                                  |                            |       |           |             |                                |                      |                                          | AC-5              |
-| Security Center     | [Deprecated accounts should be removed from your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveDeprecatedAccounts_Audit.json)                                                  |                            |       |           |             |                                | 3.1.1                |                                          |                   |
-| Security Center     | [Deprecated accounts should be removed from your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveDeprecatedAccounts_Audit.json)                                                  |                            |       |           |             | AC-2                           |                      |                                          |                   |
-| Security Center     | [Deprecated accounts should be removed from your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveDeprecatedAccounts_Audit.json)                                                  |                            |       |           | A.9.2.6     |                                |                      |                                          |                   |
-| Security Center     | [Deprecated accounts should be removed from your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveDeprecatedAccounts_Audit.json)                                                  | PA-3                       |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Deprecated accounts with owner permissions should be removed from your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveDeprecatedAccountsWithOwnerPermissions_Audit.json)       |                            |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Deprecated accounts with owner permissions should be removed from your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveDeprecatedAccountsWithOwnerPermissions_Audit.json)       |                            |       |           |             |                                |                      |                                          | AC-5              |
-| Security Center     | [Deprecated accounts with owner permissions should be removed from your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveDeprecatedAccountsWithOwnerPermissions_Audit.json)       |                            |       |           |             |                                |                      | ID : 1147.01c2System.456 - 01.c          |                   |
-| Security Center     | [Deprecated accounts with owner permissions should be removed from your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveDeprecatedAccountsWithOwnerPermissions_Audit.json)       |                            |       |           |             |                                | 3.1.1                |                                          |                   |
-| Security Center     | [Deprecated accounts with owner permissions should be removed from your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveDeprecatedAccountsWithOwnerPermissions_Audit.json)       |                            |       |           |             | AC-2                           |                      |                                          |                   |
-| Security Center     | [Deprecated accounts with owner permissions should be removed from your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveDeprecatedAccountsWithOwnerPermissions_Audit.json)       |                            |       |           | A.9.2.6     |                                |                      |                                          |                   |
-| Security Center     | [Deprecated accounts with owner permissions should be removed from your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveDeprecatedAccountsWithOwnerPermissions_Audit.json)       | PA-3                       |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Disk encryption should be applied on virtual machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UnencryptedVMDisks_Audit.json)                                                               |                            |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Disk encryption should be applied on virtual machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UnencryptedVMDisks_Audit.json)                                                               |                            |       |           |             |                                |                      |                                          | DM-6              |
-| Security Center     | [Disk encryption should be applied on virtual machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UnencryptedVMDisks_Audit.json)                                                               |                            |       |           |             |                                |                      | ID : 0302.09o2Organizational.1 - 09.o    |                   |
-| Security Center     | [Disk encryption should be applied on virtual machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UnencryptedVMDisks_Audit.json)                                                               |                            |       |           |             |                                | 3.13.16              |                                          |                   |
-| Security Center     | [Disk encryption should be applied on virtual machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UnencryptedVMDisks_Audit.json)                                                               |                            |       |           |             | SC-28 (1)                      |                      |                                          |                   |
-| Security Center     | [Disk encryption should be applied on virtual machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UnencryptedVMDisks_Audit.json)                                                               |                            |       |           | A.10.1.1    |                                |                      |                                          |                   |
-| Security Center     | [Disk encryption should be applied on virtual machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UnencryptedVMDisks_Audit.json)                                                               |                            | 7.2   |           |             |                                |                      |                                          |                   |
-| Security Center     | [Disk encryption should be applied on virtual machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UnencryptedVMDisks_Audit.json)                                                               | DP-5                       |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Email notification for high severity alerts should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_Email_notification.json)                                                             |                            |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Email notification for high severity alerts should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_Email_notification.json)                                                             |                            | 2.14  |           |             |                                |                      |                                          |                   |
-| Security Center     | [Email notification for high severity alerts should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_Email_notification.json)                                                             | IR-2                       |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Email notification to subscription owner for high severity alerts should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_Email_notification_to_subscription_owner.json)                 |                            |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Email notification to subscription owner for high severity alerts should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_Email_notification_to_subscription_owner.json)                 |                            |       |           |             |                                | 3.14.6               |                                          |                   |
-| Security Center     | [Email notification to subscription owner for high severity alerts should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_Email_notification_to_subscription_owner.json)                 | IR-2                       |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Endpoint protection solution should be installed on virtual machine scale sets](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_VmssMissingEndpointProtection_Audit.json)                           |                            |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Endpoint protection solution should be installed on virtual machine scale sets](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_VmssMissingEndpointProtection_Audit.json)                           |                            |       |           |             |                                |                      |                                          | DM-4              |
-| Security Center     | [Endpoint protection solution should be installed on virtual machine scale sets](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_VmssMissingEndpointProtection_Audit.json)                           |                            |       |           |             |                                |                      | ID : 0201.09j1Organizational.124 - 09.j  |                   |
-| Security Center     | [Endpoint protection solution should be installed on virtual machine scale sets](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_VmssMissingEndpointProtection_Audit.json)                           |                            |       |           |             |                                | 3.14.2               |                                          |                   |
-| Security Center     | [Endpoint protection solution should be installed on virtual machine scale sets](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_VmssMissingEndpointProtection_Audit.json)                           |                            |       |           |             | SI-3 (1)                       |                      |                                          |                   |
-| Security Center     | [Endpoint protection solution should be installed on virtual machine scale sets](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_VmssMissingEndpointProtection_Audit.json)                           | ES-3                       |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [External accounts with owner permissions should be removed from your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveExternalAccountsWithOwnerPermissions_Audit.json)           |                            |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [External accounts with owner permissions should be removed from your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveExternalAccountsWithOwnerPermissions_Audit.json)           |                            |       |           |             |                                |                      |                                          | PRS-5             |
-| Security Center     | [External accounts with owner permissions should be removed from your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveExternalAccountsWithOwnerPermissions_Audit.json)           |                            |       |           |             |                                |                      | ID : 1146.01c2System.23 - 01.c           |                   |
-| Security Center     | [External accounts with owner permissions should be removed from your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveExternalAccountsWithOwnerPermissions_Audit.json)           |                            |       |           |             |                                | 3.1.1                |                                          |                   |
-| Security Center     | [External accounts with owner permissions should be removed from your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveExternalAccountsWithOwnerPermissions_Audit.json)           |                            |       |           |             | AC-2                           |                      |                                          |                   |
-| Security Center     | [External accounts with owner permissions should be removed from your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveExternalAccountsWithOwnerPermissions_Audit.json)           |                            |       |           | A.9.2.5     |                                |                      |                                          |                   |
-| Security Center     | [External accounts with owner permissions should be removed from your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveExternalAccountsWithOwnerPermissions_Audit.json)           |                            | 1.3   |           |             |                                |                      |                                          |                   |
-| Security Center     | [External accounts with owner permissions should be removed from your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveExternalAccountsWithOwnerPermissions_Audit.json)           | PA-3                       |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [External accounts with read permissions should be removed from your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveExternalAccountsReadPermissions_Audit.json)                 |                            |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [External accounts with read permissions should be removed from your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveExternalAccountsReadPermissions_Audit.json)                 |                            |       |           |             |                                | 3.1.1                |                                          |                   |
-| Security Center     | [External accounts with read permissions should be removed from your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveExternalAccountsReadPermissions_Audit.json)                 |                            |       |           |             | AC-2                           |                      |                                          |                   |
-| Security Center     | [External accounts with read permissions should be removed from your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveExternalAccountsReadPermissions_Audit.json)                 |                            | 1.3   |           |             |                                |                      |                                          |                   |
-| Security Center     | [External accounts with read permissions should be removed from your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveExternalAccountsReadPermissions_Audit.json)                 | PA-3                       |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [External accounts with write permissions should be removed from your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveExternalAccountsWritePermissions_Audit.json)               |                            |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [External accounts with write permissions should be removed from your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveExternalAccountsWritePermissions_Audit.json)               |                            |       |           |             |                                |                      |                                          | PRS-5             |
-| Security Center     | [External accounts with write permissions should be removed from your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveExternalAccountsWritePermissions_Audit.json)               |                            |       |           |             |                                | 3.1.1                |                                          |                   |
-| Security Center     | [External accounts with write permissions should be removed from your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveExternalAccountsWritePermissions_Audit.json)               |                            |       |           |             | AC-2                           |                      |                                          |                   |
-| Security Center     | [External accounts with write permissions should be removed from your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveExternalAccountsWritePermissions_Audit.json)               |                            |       |           | A.9.2.5     |                                |                      |                                          |                   |
-| Security Center     | [External accounts with write permissions should be removed from your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveExternalAccountsWritePermissions_Audit.json)               |                            | 1.3   |           |             |                                |                      |                                          |                   |
-| Security Center     | [External accounts with write permissions should be removed from your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveExternalAccountsWritePermissions_Audit.json)               | PA-3                       |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Guest Configuration extension should be installed on your machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_GCExtOnVm.json)                                                                 |                            |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [IP Forwarding on your virtual machine should be disabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_IPForwardingOnVirtualMachines_Audit.json)                                                 | NS-4                       |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Internet-facing virtual machines should be protected with network security groups](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_NetworkSecurityGroupsOnInternetFacingVirtualMachines_Audit.json) |                            |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Internet-facing virtual machines should be protected with network security groups](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_NetworkSecurityGroupsOnInternetFacingVirtualMachines_Audit.json) |                            |       |           |             |                                |                      |                                          | NS-2              |
-| Security Center     | [Internet-facing virtual machines should be protected with network security groups](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_NetworkSecurityGroupsOnInternetFacingVirtualMachines_Audit.json) |                            |       |           |             |                                |                      | ID : 0814.01n1Organizational.12 - 01.n   |                   |
-| Security Center     | [Internet-facing virtual machines should be protected with network security groups](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_NetworkSecurityGroupsOnInternetFacingVirtualMachines_Audit.json) |                            |       |           |             |                                | 3.13.5               |                                          |                   |
-| Security Center     | [Internet-facing virtual machines should be protected with network security groups](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_NetworkSecurityGroupsOnInternetFacingVirtualMachines_Audit.json) | NS-4                       |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UpgradeVersion_KubernetesService_Audit.json)                         |                            |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UpgradeVersion_KubernetesService_Audit.json)                         |                            |       |           |             |                                | 3.14.1               |                                          |                   |
-| Security Center     | [Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UpgradeVersion_KubernetesService_Audit.json)                         | PV-7                       |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Log Analytics agent health issues should be resolved on your machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_ResolveLaHealthIssues.json)                                                  | LT-5                       |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Log Analytics agent should be installed on your virtual machine for Azure Security Center monitoring](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_InstallLaAgentOnVm.json)                      | LT-5                       |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Log Analytics agent should be installed on your virtual machine scale sets for Azure Security Center monitoring](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_InstallLaAgentOnVmss.json)         | LT-5                       |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [MFA should be enabled accounts with write permissions on your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForWritePermissions_Audit.json)                                |                            |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [MFA should be enabled accounts with write permissions on your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForWritePermissions_Audit.json)                                |                            |       |           |             |                                |                      |                                          | AC-17             |
-| Security Center     | [MFA should be enabled accounts with write permissions on your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForWritePermissions_Audit.json)                                |                            |       |           |             |                                |                      | ID : 11110.01q1Organizational.6 - 01.q   |                   |
-| Security Center     | [MFA should be enabled accounts with write permissions on your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForWritePermissions_Audit.json)                                |                            |       |           |             |                                | 3.5.3                |                                          |                   |
-| Security Center     | [MFA should be enabled accounts with write permissions on your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForWritePermissions_Audit.json)                                |                            |       |           |             | IA-2 (1)                       |                      |                                          |                   |
-| Security Center     | [MFA should be enabled accounts with write permissions on your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForWritePermissions_Audit.json)                                |                            |       |           | A.9.4.2     |                                |                      |                                          |                   |
-| Security Center     | [MFA should be enabled accounts with write permissions on your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForWritePermissions_Audit.json)                                |                            | 1.1   |           |             |                                |                      |                                          |                   |
-| Security Center     | [MFA should be enabled accounts with write permissions on your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForWritePermissions_Audit.json)                                | IM-4                       |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [MFA should be enabled on accounts with owner permissions on your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForOwnerPermissions_Audit.json)                             |                            |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [MFA should be enabled on accounts with owner permissions on your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForOwnerPermissions_Audit.json)                             |                            |       |           |             |                                |                      |                                          | AC-17             |
-| Security Center     | [MFA should be enabled on accounts with owner permissions on your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForOwnerPermissions_Audit.json)                             |                            |       |           |             |                                |                      | ID : 11109.01q1Organizational.57 - 01.q  |                   |
-| Security Center     | [MFA should be enabled on accounts with owner permissions on your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForOwnerPermissions_Audit.json)                             |                            |       |           |             |                                | 3.5.3                |                                          |                   |
-| Security Center     | [MFA should be enabled on accounts with owner permissions on your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForOwnerPermissions_Audit.json)                             |                            |       |           |             | IA-2 (1)                       |                      |                                          |                   |
-| Security Center     | [MFA should be enabled on accounts with owner permissions on your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForOwnerPermissions_Audit.json)                             |                            |       |           | A.9.4.2     |                                |                      |                                          |                   |
-| Security Center     | [MFA should be enabled on accounts with owner permissions on your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForOwnerPermissions_Audit.json)                             |                            | 1.1   |           |             |                                |                      |                                          |                   |
-| Security Center     | [MFA should be enabled on accounts with owner permissions on your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForOwnerPermissions_Audit.json)                             | IM-4                       |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [MFA should be enabled on accounts with read permissions on your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForReadPermissions_Audit.json)                               |                            |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [MFA should be enabled on accounts with read permissions on your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForReadPermissions_Audit.json)                               |                            |       |           |             |                                |                      |                                          | AC-17             |
-| Security Center     | [MFA should be enabled on accounts with read permissions on your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForReadPermissions_Audit.json)                               |                            |       |           |             |                                |                      | ID : 11111.01q2System.4 - 01.q           |                   |
-| Security Center     | [MFA should be enabled on accounts with read permissions on your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForReadPermissions_Audit.json)                               |                            |       |           |             |                                | 3.5.3                |                                          |                   |
-| Security Center     | [MFA should be enabled on accounts with read permissions on your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForReadPermissions_Audit.json)                               |                            |       |           |             | IA-2 (2)                       |                      |                                          |                   |
-| Security Center     | [MFA should be enabled on accounts with read permissions on your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForReadPermissions_Audit.json)                               |                            |       |           | A.9.4.2     |                                |                      |                                          |                   |
-| Security Center     | [MFA should be enabled on accounts with read permissions on your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForReadPermissions_Audit.json)                               |                            | 1.2   |           |             |                                |                      |                                          |                   |
-| Security Center     | [MFA should be enabled on accounts with read permissions on your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForReadPermissions_Audit.json)                               | IM-4                       |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Management ports of virtual machines should be protected with just-in-time network access control](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_JITNetworkAccess_Audit.json)                     |                            |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Management ports of virtual machines should be protected with just-in-time network access control](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_JITNetworkAccess_Audit.json)                     |                            |       |           |             |                                |                      |                                          | AC-7              |
-| Security Center     | [Management ports of virtual machines should be protected with just-in-time network access control](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_JITNetworkAccess_Audit.json)                     |                            |       |           |             |                                |                      | ID : 0858.09m1Organizational.4 - 09.m    |                   |
-| Security Center     | [Management ports of virtual machines should be protected with just-in-time network access control](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_JITNetworkAccess_Audit.json)                     |                            |       |           |             | SC-7 (4) Ownership : Microsoft |                      |                                          |                   |
-| Security Center     | [Management ports of virtual machines should be protected with just-in-time network access control](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_JITNetworkAccess_Audit.json)                     | NS-4                       |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Management ports should be closed on your virtual machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_OpenManagementPortsOnVirtualMachines_Audit.json)                                        |                            |       |           |             |                                |                      | ID : 1193.01l2Organizational.13 - 01.l   |                   |
-| Security Center     | [Management ports should be closed on your virtual machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_OpenManagementPortsOnVirtualMachines_Audit.json)                                        | NS-1                       |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Monitor missing Endpoint Protection in Azure Security Center](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_MissingEndpointProtection_Audit.json)                                                 |                            |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Monitor missing Endpoint Protection in Azure Security Center](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_MissingEndpointProtection_Audit.json)                                                 |                            |       |           |             |                                |                      |                                          | DM-4              |
-| Security Center     | [Monitor missing Endpoint Protection in Azure Security Center](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_MissingEndpointProtection_Audit.json)                                                 |                            |       |           |             |                                |                      | ID : 0201.09j1Organizational.124 - 09.j  |                   |
-| Security Center     | [Monitor missing Endpoint Protection in Azure Security Center](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_MissingEndpointProtection_Audit.json)                                                 |                            |       |           |             |                                | 3.14.2               |                                          |                   |
-| Security Center     | [Monitor missing Endpoint Protection in Azure Security Center](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_MissingEndpointProtection_Audit.json)                                                 |                            |       |           |             | SI-3 (1)                       |                      |                                          |                   |
-| Security Center     | [Monitor missing Endpoint Protection in Azure Security Center](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_MissingEndpointProtection_Audit.json)                                                 |                            |       |           | A.12.6.1    |                                |                      |                                          |                   |
-| Security Center     | [Monitor missing Endpoint Protection in Azure Security Center](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_MissingEndpointProtection_Audit.json)                                                 |                            | 7.6   |           |             |                                |                      |                                          |                   |
-| Security Center     | [Monitor missing Endpoint Protection in Azure Security Center](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_MissingEndpointProtection_Audit.json)                                                 | ES-3                       |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Non-internet-facing virtual machines should be protected with network security groups](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_NetworkSecurityGroupsOnInternalVirtualMachines_Audit.json)   |                            |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Role-Based Access Control (RBAC) should be used on Kubernetes Services](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableRBAC_KubernetesService_Audit.json)                                    |                            |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Role-Based Access Control (RBAC) should be used on Kubernetes Services](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableRBAC_KubernetesService_Audit.json)                                    |                            |       |           |             |                                |                      | ID : 1229.09c1Organizational.1 - 09.c    |                   |
-| Security Center     | [Role-Based Access Control (RBAC) should be used on Kubernetes Services](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableRBAC_KubernetesService_Audit.json)                                    |                            | 8.5   |           |             |                                |                      |                                          |                   |
-| Security Center     | [Role-Based Access Control (RBAC) should be used on Kubernetes Services](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableRBAC_KubernetesService_Audit.json)                                    | PA-7                       |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Security Center standard pricing tier should be selected](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_Standard_pricing_tier.json)                                                               |                            |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Service principals should be used to protect your subscriptions instead of management certificates](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UseServicePrincipalToProtectSubscriptions.json) | IM-2                       |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Subnets should be associated with a Network Security Group](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_NetworkSecurityGroupsOnSubnets_Audit.json)                                              |                            |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Subnets should be associated with a Network Security Group](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_NetworkSecurityGroupsOnSubnets_Audit.json)                                              |                            |       |           |             |                                |                      | ID : 0814.01n1Organizational.12 - 01.n   |                   |
-| Security Center     | [Subnets should be associated with a Network Security Group](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_NetworkSecurityGroupsOnSubnets_Audit.json)                                              | NS-4                       |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Subscriptions should have a contact email address for security issues](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_Security_contact_email.json)                                                 |                            |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Subscriptions should have a contact email address for security issues](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_Security_contact_email.json)                                                 |                            |       |           |             |                                | 3.14.6               |                                          |                   |
-| Security Center     | [Subscriptions should have a contact email address for security issues](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_Security_contact_email.json)                                                 |                            | 2.13  |           |             |                                |                      |                                          |                   |
-| Security Center     | [Subscriptions should have a contact email address for security issues](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_Security_contact_email.json)                                                 | IR-2                       |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [System updates on virtual machine scale sets should be installed](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_VmssMissingSystemUpdates_Audit.json)                                              |                            |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [System updates on virtual machine scale sets should be installed](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_VmssMissingSystemUpdates_Audit.json)                                              |                            |       |           |             |                                |                      |                                          | PRS-5             |
-| Security Center     | [System updates on virtual machine scale sets should be installed](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_VmssMissingSystemUpdates_Audit.json)                                              |                            |       |           |             |                                |                      | ID : 1202.09aa1System.1 - 09.aa          |                   |
-| Security Center     | [System updates on virtual machine scale sets should be installed](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_VmssMissingSystemUpdates_Audit.json)                                              |                            |       |           |             |                                | 3.14.1               |                                          |                   |
-| Security Center     | [System updates on virtual machine scale sets should be installed](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_VmssMissingSystemUpdates_Audit.json)                                              |                            |       |           |             | SI-2                           |                      |                                          |                   |
-| Security Center     | [System updates on virtual machine scale sets should be installed](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_VmssMissingSystemUpdates_Audit.json)                                              | PV-7                       |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [System updates should be installed on your machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_MissingSystemUpdates_Audit.json)                                                               |                            |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [System updates should be installed on your machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_MissingSystemUpdates_Audit.json)                                                               |                            |       |           |             |                                |                      |                                          | PRS-5             |
-| Security Center     | [System updates should be installed on your machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_MissingSystemUpdates_Audit.json)                                                               |                            |       |           |             |                                |                      | ID : 0201.09j1Organizational.124 - 09.j  |                   |
-| Security Center     | [System updates should be installed on your machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_MissingSystemUpdates_Audit.json)                                                               |                            |       |           |             |                                | 3.14.1               |                                          |                   |
-| Security Center     | [System updates should be installed on your machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_MissingSystemUpdates_Audit.json)                                                               |                            |       |           |             | SI-2                           |                      |                                          |                   |
-| Security Center     | [System updates should be installed on your machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_MissingSystemUpdates_Audit.json)                                                               |                            |       |           | A.12.6.1    |                                |                      |                                          |                   |
-| Security Center     | [System updates should be installed on your machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_MissingSystemUpdates_Audit.json)                                                               |                            | 7.5   |           |             |                                |                      |                                          |                   |
-| Security Center     | [System updates should be installed on your machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_MissingSystemUpdates_Audit.json)                                                               | PV-7                       |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [There should be more than one owner assigned to your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_DesignateMoreThanOneOwner_Audit.json)                                            |                            |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [There should be more than one owner assigned to your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_DesignateMoreThanOneOwner_Audit.json)                                            |                            |       |           |             |                                |                      |                                          | AC-2              |
-| Security Center     | [There should be more than one owner assigned to your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_DesignateMoreThanOneOwner_Audit.json)                                            |                            |       |           |             |                                |                      | ID : 11208.01q1Organizational.8 - 01.q   |                   |
-| Security Center     | [There should be more than one owner assigned to your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_DesignateMoreThanOneOwner_Audit.json)                                            |                            |       |           |             |                                | 3.1.4                |                                          |                   |
-| Security Center     | [There should be more than one owner assigned to your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_DesignateMoreThanOneOwner_Audit.json)                                            |                            |       |           |             | AC-6 (7)                       |                      |                                          |                   |
-| Security Center     | [There should be more than one owner assigned to your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_DesignateMoreThanOneOwner_Audit.json)                                            |                            |       |           | A.6.1.2     |                                |                      |                                          |                   |
-| Security Center     | [There should be more than one owner assigned to your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_DesignateMoreThanOneOwner_Audit.json)                                            | PA-1                       |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_GCExtOnVmWithNoSAMI.json)                 |                            |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Vulnerabilities in Azure Container Registry images should be remediated](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_ContainerRegistryVulnerabilityAssessment_Audit.json)                       |                            |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Vulnerabilities in Azure Container Registry images should be remediated](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_ContainerRegistryVulnerabilityAssessment_Audit.json)                       | PV-6                       |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Vulnerabilities in container security configurations should be remediated](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_ContainerBenchmark_Audit.json)                                           |                            |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Vulnerabilities in container security configurations should be remediated](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_ContainerBenchmark_Audit.json)                                           |                            |       |           |             |                                |                      |                                          | ISM-3             |
-| Security Center     | [Vulnerabilities in container security configurations should be remediated](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_ContainerBenchmark_Audit.json)                                           |                            |       |           |             |                                |                      | ID : 0715.10m2Organizational.8 - 10.m    |                   |
-| Security Center     | [Vulnerabilities in container security configurations should be remediated](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_ContainerBenchmark_Audit.json)                                           |                            |       |           |             |                                | 3.11.2               |                                          |                   |
-| Security Center     | [Vulnerabilities in container security configurations should be remediated](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_ContainerBenchmark_Audit.json)                                           | PV-4                       |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Vulnerabilities in security configuration on your machines should be remediated](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_OSVulnerabilities_Audit.json)                                      |                            |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Vulnerabilities in security configuration on your machines should be remediated](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_OSVulnerabilities_Audit.json)                                      |                            |       |           |             |                                |                      |                                          | ISM-3             |
-| Security Center     | [Vulnerabilities in security configuration on your machines should be remediated](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_OSVulnerabilities_Audit.json)                                      |                            |       |           |             |                                |                      | ID : 0718.10m3Organizational.34 - 10.m   |                   |
-| Security Center     | [Vulnerabilities in security configuration on your machines should be remediated](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_OSVulnerabilities_Audit.json)                                      |                            |       |           |             |                                | 3.14.1               |                                          |                   |
-| Security Center     | [Vulnerabilities in security configuration on your machines should be remediated](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_OSVulnerabilities_Audit.json)                                      |                            |       |           |             | SI-2                           |                      |                                          |                   |
-| Security Center     | [Vulnerabilities in security configuration on your machines should be remediated](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_OSVulnerabilities_Audit.json)                                      |                            |       |           | A.12.6.1    |                                |                      |                                          |                   |
-| Security Center     | [Vulnerabilities in security configuration on your machines should be remediated](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_OSVulnerabilities_Audit.json)                                      | PV-4                       |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Vulnerabilities in security configuration on your virtual machine scale sets should be remediated](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_VmssOSVulnerabilities_Audit.json)                |                            |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Vulnerabilities in security configuration on your virtual machine scale sets should be remediated](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_VmssOSVulnerabilities_Audit.json)                |                            |       |           |             |                                |                      |                                          | ISM-3             |
-| Security Center     | [Vulnerabilities in security configuration on your virtual machine scale sets should be remediated](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_VmssOSVulnerabilities_Audit.json)                |                            |       |           |             |                                |                      | ID : 0717.10m3Organizational.2 - 10.m    |                   |
-| Security Center     | [Vulnerabilities in security configuration on your virtual machine scale sets should be remediated](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_VmssOSVulnerabilities_Audit.json)                |                            |       |           |             |                                | 3.14.1               |                                          |                   |
-| Security Center     | [Vulnerabilities in security configuration on your virtual machine scale sets should be remediated](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_VmssOSVulnerabilities_Audit.json)                |                            |       |           |             | SI-2                           |                      |                                          |                   |
-| Security Center     | [Vulnerabilities in security configuration on your virtual machine scale sets should be remediated](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_VmssOSVulnerabilities_Audit.json)                | PV-4                       |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Vulnerabilities on your SQL databases should be remediated](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_SQLDbVulnerabilities_Audit.json)                                                        |                            |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [Vulnerabilities on your SQL databases should be remediated](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_SQLDbVulnerabilities_Audit.json)                                                        |                            |       |           |             |                                |                      |                                          | ISM-3             |
-| Security Center     | [Vulnerabilities on your SQL databases should be remediated](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_SQLDbVulnerabilities_Audit.json)                                                        |                            |       |           |             |                                |                      | ID : 0716.10m3Organizational.1 - 10.m    |                   |
-| Security Center     | [Vulnerabilities on your SQL databases should be remediated](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_SQLDbVulnerabilities_Audit.json)                                                        |                            |       |           |             |                                | 3.14.1               |                                          |                   |
-| Security Center     | [Vulnerabilities on your SQL databases should be remediated](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_SQLDbVulnerabilities_Audit.json)                                                        |                            |       |           |             | SI-2                           |                      |                                          |                   |
-| Security Center     | [Vulnerabilities on your SQL databases should be remediated](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_SQLDbVulnerabilities_Audit.json)                                                        |                            |       |           | A.12.6.1    |                                |                      |                                          |                   |
-| Security Center     | [Vulnerabilities on your SQL databases should be remediated](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_SQLDbVulnerabilities_Audit.json)                                                        | PV-6                       |       |           |             |                                |                      |                                          |                   |
-| Security Center     | [[Preview]: Sensitive data in your SQL databases should be classified](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_SQLDbDataClassification_Audit.json)                                           | DP-1                       |       |           |             |                                |                      |                                          |                   |
-| Service Fabric      | [Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Service%20Fabric/ServiceFabric_AuditClusterProtectionLevel_Audit.json)     |                            |       |           |             |                                |                      |                                          |                   |
-| Service Fabric      | [Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Service%20Fabric/ServiceFabric_AuditClusterProtectionLevel_Audit.json)     |                            |       |           | A.10.1.1    |                                |                      |                                          |                   |
-| Service Fabric      | [Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Service%20Fabric/ServiceFabric_AuditClusterProtectionLevel_Audit.json)     | DP-5                       |       |           |             |                                |                      |                                          |                   |
-| Service Fabric      | [Service Fabric clusters should only use Azure Active Directory for client authentication](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Service%20Fabric/ServiceFabric_AuditADAuth_Audit.json)                          |                            |       |           |             |                                |                      |                                          | AC-2              |
-| Service Fabric      | [Service Fabric clusters should only use Azure Active Directory for client authentication](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Service%20Fabric/ServiceFabric_AuditADAuth_Audit.json)                          |                            |       |           |             | AC-2 (7)                       |                      |                                          |                   |
-| Service Fabric      | [Service Fabric clusters should only use Azure Active Directory for client authentication](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Service%20Fabric/ServiceFabric_AuditADAuth_Audit.json)                          |                            |       |           | A.9.2.3     |                                |                      |                                          |                   |
-| Service Fabric      | [Service Fabric clusters should only use Azure Active Directory for client authentication](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Service%20Fabric/ServiceFabric_AuditADAuth_Audit.json)                          | IM-1                       |       |           |             |                                |                      |                                          |                   |
-| SignalR             | [Azure SignalR Service should use private link](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SignalR/SignalR_PrivateEndpointEnabled_Audit.json)                                                                         | NS-3                       |       |           |             |                                |                      |                                          |                   |
-| Storage             | [Secure transfer to storage accounts should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Storage_AuditForHTTPSEnabled_Audit.json)                                                                   |                            |       |           |             |                                |                      |                                          |                   |
-| Storage             | [Secure transfer to storage accounts should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Storage_AuditForHTTPSEnabled_Audit.json)                                                                   |                            |       |           |             |                                |                      |                                          | DM-6              |
-| Storage             | [Secure transfer to storage accounts should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Storage_AuditForHTTPSEnabled_Audit.json)                                                                   |                            |       |           |             |                                |                      | ID : 0943.09y1Organizational.1 - 09.y    |                   |
-| Storage             | [Secure transfer to storage accounts should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Storage_AuditForHTTPSEnabled_Audit.json)                                                                   |                            |       |           |             |                                | 3.13.8               |                                          |                   |
-| Storage             | [Secure transfer to storage accounts should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Storage_AuditForHTTPSEnabled_Audit.json)                                                                   |                            |       |           |             | SC-8 (1)                       |                      |                                          |                   |
-| Storage             | [Secure transfer to storage accounts should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Storage_AuditForHTTPSEnabled_Audit.json)                                                                   |                            |       |           | A.13.2.1    |                                |                      |                                          |                   |
-| Storage             | [Secure transfer to storage accounts should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Storage_AuditForHTTPSEnabled_Audit.json)                                                                   |                            | 3.1   |           |             |                                |                      |                                          |                   |
-| Storage             | [Secure transfer to storage accounts should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Storage_AuditForHTTPSEnabled_Audit.json)                                                                   | DP-4                       |       |           |             |                                |                      |                                          |                   |
-| Storage             | [Storage account should use a private link connection](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/StorageAccountPrivateEndpointEnabled_Audit.json)                                                            | NS-3                       |       |           |             |                                |                      |                                          |                   |
-| Storage             | [Storage accounts should allow access from trusted Microsoft services](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/StorageAccess_TrustedMicrosoftServices_Audit.json)                                          |                            |       |           |             |                                |                      |                                          |                   |
-| Storage             | [Storage accounts should allow access from trusted Microsoft services](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/StorageAccess_TrustedMicrosoftServices_Audit.json)                                          |                            | 3.7   |           |             |                                |                      |                                          |                   |
-| Storage             | [Storage accounts should be migrated to new Azure Resource Manager resources](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Classic_AuditForClassicStorages_Audit.json)                                          |                            |       |           | A.9.1.2     |                                |                      |                                          |                   |
-| Storage             | [Storage accounts should be migrated to new Azure Resource Manager resources](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Classic_AuditForClassicStorages_Audit.json)                                          | AM-3                       |       |           |             |                                |                      |                                          |                   |
-| Storage             | [Storage accounts should have infrastructure encryption](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/StorageAccountInfrastructureEncryptionEnabled_Audit.json)                                                 |                            |       |           |             |                                |                      |                                          |                   |
-| Storage             | [Storage accounts should restrict network access using virtual network rules](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/StorageAccountOnlyVnetRulesEnabled_Audit.json)                                       |                            | 3.6   |           |             |                                |                      |                                          |                   |
-| Storage             | [Storage accounts should restrict network access using virtual network rules](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/StorageAccountOnlyVnetRulesEnabled_Audit.json)                                       | NS-1                       |       |           |             |                                |                      |                                          |                   |
-| Storage             | [Storage accounts should restrict network access](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Storage_NetworkAcls_Audit.json)                                                                                  |                            |       |           |             |                                |                      |                                          |                   |
-| Storage             | [Storage accounts should restrict network access](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Storage_NetworkAcls_Audit.json)                                                                                  |                            |       |           |             |                                |                      |                                          | NS-2              |
-| Storage             | [Storage accounts should restrict network access](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Storage_NetworkAcls_Audit.json)                                                                                  |                            |       |           |             |                                |                      | ID : 0866.09m3Organizational.1516 - 09.m |                   |
-| Storage             | [Storage accounts should restrict network access](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Storage_NetworkAcls_Audit.json)                                                                                  |                            |       |           |             |                                | 3.13.5               |                                          |                   |
-| Storage             | [Storage accounts should restrict network access](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Storage_NetworkAcls_Audit.json)                                                                                  |                            |       |           |             | SC-7                           |                      |                                          |                   |
-| Storage             | [Storage accounts should restrict network access](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Storage_NetworkAcls_Audit.json)                                                                                  |                            |       |           | A.13.1.1    |                                |                      |                                          |                   |
-| Storage             | [Storage accounts should restrict network access](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Storage_NetworkAcls_Audit.json)                                                                                  |                            | 3.6   |           |             |                                |                      |                                          |                   |
-| Storage             | [Storage accounts should restrict network access](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Storage_NetworkAcls_Audit.json)                                                                                  | NS-4                       |       |           |             |                                |                      |                                          |                   |
-| Storage             | [Storage accounts should use customer-managed key for encryption](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/StorageAccountCustomerManagedKeyEnabled_Audit.json)                                              |                            |       |           |             |                                |                      |                                          |                   |
-| Storage             | [Storage accounts should use customer-managed key for encryption](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/StorageAccountCustomerManagedKeyEnabled_Audit.json)                                              |                            | 3.9   |           |             |                                |                      |                                          |                   |
-| Storage             | [Storage accounts should use customer-managed key for encryption](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/StorageAccountCustomerManagedKeyEnabled_Audit.json)                                              | DP-5                       |       |           |             |                                |                      |                                          |                   |
-| Storage             | [[Preview]: Storage account public access should be disallowed](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/ASC_Storage_DisallowPublicBlobAccess_Audit.json)                                                   |                            |       |           |             |                                |                      |                                          |                   |
-| Storage             | [[Preview]: Storage account public access should be disallowed](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/ASC_Storage_DisallowPublicBlobAccess_Audit.json)                                                   |                            |       |           |             |                                |                      |                                          | NS-2              |
-| Storage             | [[Preview]: Storage account public access should be disallowed](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/ASC_Storage_DisallowPublicBlobAccess_Audit.json)                                                   |                            | 5.1.3 |           |             |                                |                      |                                          |                   |
-| Storage             | [[Preview]: Storage account public access should be disallowed](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/ASC_Storage_DisallowPublicBlobAccess_Audit.json)                                                   | DP-2                       |       |           |             |                                |                      |                                          |                   |
-| Stream Analytics    | [Azure Stream Analytics jobs should use customer-managed keys to encrypt data](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Stream%20Analytics/StreamAnalytics_CMK_Audit.json)                                          |                            |       |           |             |                                |                      |                                          |                   |
-| Synapse             | [Azure Synapse workspaces should use customer-managed keys to encrypt data at rest](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Synapse/SynapseWorkspaceCMK_Audit.json)                                                |                            |       |           |             |                                |                      |                                          |                   |
-| VM Image Builder    | [VM Image Builder templates should use private link](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/VM%20Image%20Builder/PrivateLinkEnabled_Audit.json)                                                                   | NS-3                       |       |           |             |                                |                      |                                          |                   |
\ No newline at end of file
+| Service             | Policy Definition                                                                                                                                                                                                                                                | Azure Security Benchmark   | CIS   | CCMC L3   | ISO 27001   | NIST SP 800-171 R2   | NIST SP 800-53 R4              | HIPAA HITRUST 9.2                   | New Zealand ISM   | Link                                                                                                                                                                        |
+|---------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------|-------|-----------|-------------|----------------------|--------------------------------|-------------------------------------|-------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| API for FHIR        | [Azure API for FHIR should use a customer-managed key to encrypt data at rest](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/API%20for%20FHIR/HealthcareAPIs_EnableByok_Audit.json)                                      |                            |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/API%20for%20FHIR/HealthcareAPIs_EnableByok_Audit.json                                 |
+| API for FHIR        | [CORS should not allow every domain to access your API for FHIR](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/API%20for%20FHIR/HealthcareAPIs_RestrictCORSAccess_Audit.json)                                            |                            |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/API%20for%20FHIR/HealthcareAPIs_RestrictCORSAccess_Audit.json                         |
+| App Configuration   | [App Configuration should use private link](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Configuration/PrivateLink_Audit.json)                                                                                    | NS-3                       |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Configuration/PrivateLink_Audit.json                                            |
+| App Service         | [API App should only be accessible over HTTPS](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceApiApp_AuditHTTP_Audit.json)                                                                        | DP-4                       |       |           | A.10.1.1    | 3.13.8               | SC-8 (1)                       | 0949.09y2Organizational.5 - 09.y    | SS-8              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceApiApp_AuditHTTP_Audit.json                                   |
+| App Service         | [Authentication should be enabled on your API app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_Authentication_ApiApp_Audit.json)                                                              |                            | 9.1   |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_Authentication_ApiApp_Audit.json                             |
+| App Service         | [Authentication should be enabled on your Function app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_Authentication_functionapp_Audit.json)                                                    |                            | 9.1   |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_Authentication_functionapp_Audit.json                        |
+| App Service         | [Authentication should be enabled on your web app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_Authentication_WebApp_Audit.json)                                                              |                            | 9.1   |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_Authentication_WebApp_Audit.json                             |
+| App Service         | [CORS should not allow every resource to access your API App](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RestrictCORSAccess_ApiApp_Audit.json)                                               | PV-2                       |       |           |             |                      |                                | 0911.09s1Organizational.2 - 09.s    |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RestrictCORSAccess_ApiApp_Audit.json                         |
+| App Service         | [CORS should not allow every resource to access your Function Apps](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RestrictCORSAccess_FuntionApp_Audit.json)                                     | PV-2                       |       |           |             |                      |                                | 0960.09sCSPOrganizational.1 - 09.s  |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RestrictCORSAccess_FuntionApp_Audit.json                     |
+| App Service         | [CORS should not allow every resource to access your Web Applications](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RestrictCORSAccess_WebApp_Audit.json)                                      | PV-2                       |       |           |             | 3.1.3                | AC-4                           | 0916.09s2Organizational.4 - 09.s    | SS-8              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RestrictCORSAccess_WebApp_Audit.json                         |
+| App Service         | [Diagnostic logs in App Services should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_AuditLoggingMonitoring_Audit.json)                                                            | LT-4                       | 5.3   |           |             |                      |                                | 1209.09aa3System.2 - 09.aa          |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_AuditLoggingMonitoring_Audit.json                            |
+| App Service         | [Ensure API app has 'Client Certificates (Incoming client certificates)' set to 'On'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_ClientCert.json)                               | PV-2                       | 9.4   |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_ClientCert.json                                 |
+| App Service         | [Ensure WEB app has 'Client Certificates (Incoming client certificates)' set to 'On'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_Webapp_Audit_ClientCert.json)                               | PV-2                       | 9.4   |           |             |                      |                                | 0915.09s2Organizational.2 - 09.s    |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_Webapp_Audit_ClientCert.json                                 |
+| App Service         | [Ensure that 'HTTP Version' is the latest, if used to run the API app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_HTTP_Latest.json)                                             |                            | 9.9   |           |             | 3.14.1               |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_HTTP_Latest.json                                |
+| App Service         | [Ensure that 'HTTP Version' is the latest, if used to run the Function app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_HTTP_Latest.json)                                   |                            | 9.9   |           |             | 3.14.1               |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_HTTP_Latest.json                           |
+| App Service         | [Ensure that 'HTTP Version' is the latest, if used to run the Web app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_HTTP_Latest.json)                                             |                            | 9.9   |           |             | 3.14.1               |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_HTTP_Latest.json                                |
+| App Service         | [FTPS only should be required in your API App](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_AuditFTPS_ApiApp_Audit.json)                                                                       | DP-4                       | 9.10  |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_AuditFTPS_ApiApp_Audit.json                                  |
+| App Service         | [FTPS only should be required in your Function App](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_AuditFTPS_FunctionApp_Audit.json)                                                             | DP-4                       | 9.10  |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_AuditFTPS_FunctionApp_Audit.json                             |
+| App Service         | [FTPS should be required in your Web App](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_AuditFTPS_WebApp_Audit.json)                                                                            | DP-4                       | 9.10  |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_AuditFTPS_WebApp_Audit.json                                  |
+| App Service         | [Function App should only be accessible over HTTPS](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceFunctionApp_AuditHTTP_Audit.json)                                                              | DP-4                       |       |           | A.10.1.1    | 3.13.8               | SC-8 (1)                       | 0949.09y2Organizational.5 - 09.y    | SS-8              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceFunctionApp_AuditHTTP_Audit.json                              |
+| App Service         | [Function apps should have 'Client Certificates (Incoming client certificates)' enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_ClientCert.json)                       | PV-2                       | 9.4   |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_ClientCert.json                            |
+| App Service         | [Latest TLS version should be used in your API App](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RequireLatestTls_ApiApp_Audit.json)                                                           | DP-4                       | 9.3   |           |             | 3.14.1               |                                | 0949.09y2Organizational.5 - 09.y    | CR-6              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RequireLatestTls_ApiApp_Audit.json                           |
+| App Service         | [Latest TLS version should be used in your Function App](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RequireLatestTls_FunctionApp_Audit.json)                                                 | DP-4                       | 9.3   |           |             | 3.14.1               |                                | 0949.09y2Organizational.5 - 09.y    | CR-6              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RequireLatestTls_FunctionApp_Audit.json                      |
+| App Service         | [Latest TLS version should be used in your Web App](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RequireLatestTls_WebApp_Audit.json)                                                           | DP-4                       | 9.3   |           |             | 3.14.1               |                                | 0949.09y2Organizational.5 - 09.y    | CR-6              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_RequireLatestTls_WebApp_Audit.json                           |
+| App Service         | [Managed identity should be used in your API App](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_UseManagedIdentity_ApiApp_Audit.json)                                                           | IM-2                       | 9.5   |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_UseManagedIdentity_ApiApp_Audit.json                         |
+| App Service         | [Managed identity should be used in your Function App](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_UseManagedIdentity_FunctionApp_Audit.json)                                                 | IM-2                       | 9.5   |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_UseManagedIdentity_FunctionApp_Audit.json                    |
+| App Service         | [Managed identity should be used in your Web App](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_UseManagedIdentity_WebApp_Audit.json)                                                           | IM-2                       | 9.5   |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_UseManagedIdentity_WebApp_Audit.json                         |
+| App Service         | [Remote debugging should be turned off for API Apps](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_DisableRemoteDebugging_ApiApp_Audit.json)                                                    | PV-2                       |       |           |             | 3.1.12               | AC-17 (1)                      | 0914.09s1Organizational.6 - 09.s    | AC-7              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_DisableRemoteDebugging_ApiApp_Audit.json                     |
+| App Service         | [Remote debugging should be turned off for Function Apps](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_DisableRemoteDebugging_FunctionApp_Audit.json)                                          | PV-2                       |       |           |             | 3.1.12               | AC-17 (1)                      | 1325.09s1Organizational.3 - 09.s    | AC-7              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_DisableRemoteDebugging_FunctionApp_Audit.json                |
+| App Service         | [Remote debugging should be turned off for Web Applications](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_DisableRemoteDebugging_WebApp_Audit.json)                                            | PV-2                       |       |           |             | 3.1.12               | AC-17 (1)                      | 0912.09s1Organizational.4 - 09.s    | AC-7              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_DisableRemoteDebugging_WebApp_Audit.json                     |
+| App Service         | [Web Application should only be accessible over HTTPS](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceWebapp_AuditHTTP_Audit.json)                                                                | DP-4                       | 9.2   |           | A.10.1.1    | 3.13.8               | SC-8 (1)                       | 0949.09y2Organizational.5 - 09.y    | SS-8              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppServiceWebapp_AuditHTTP_Audit.json                                   |
+| Automation          | [Automation account variables should be encrypted](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Automation/Automation_AuditUnencryptedVars_Audit.json)                                                                  | DP-5                       |       |           | A.10.1.1    |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Automation/Automation_AuditUnencryptedVars_Audit.json                                 |
+| Azure Data Explorer | [Azure Data Explorer encryption at rest should use a customer-managed key](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Azure%20Data%20Explorer/ADX_CMK.json)                                                           |                            |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Azure%20Data%20Explorer/ADX_CMK.json                                                  |
+| Azure Data Explorer | [Disk encryption should be enabled on Azure Data Explorer](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Azure%20Data%20Explorer/ADX_disk_encrypted.json)                                                                |                            |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Azure%20Data%20Explorer/ADX_disk_encrypted.json                                       |
+| Azure Data Explorer | [Double encryption should be enabled on Azure Data Explorer](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Azure%20Data%20Explorer/ADX_doubleEncryption.json)                                                            |                            |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Azure%20Data%20Explorer/ADX_doubleEncryption.json                                     |
+| Backup              | [Azure Backup should be enabled for Virtual Machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Backup/VirtualMachines_EnableAzureBackup_Audit.json)                                                                 | BR-2                       |       |           |             |                      |                                | 1699.09l1Organizational.10 - 09.l   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Backup/VirtualMachines_EnableAzureBackup_Audit.json                                   |
+| Cache               | [Azure Cache for Redis should reside within a virtual network](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cache/RedisCache_CacheInVnet_Audit.json)                                                                    | NS-2                       |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cache/RedisCache_CacheInVnet_Audit.json                                               |
+| Cache               | [Only secure connections to your Azure Cache for Redis should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cache/RedisCache_AuditSSLPort_Audit.json)                                                        | DP-4                       |       |           | A.13.2.1    | 3.13.8               | SC-8 (1)                       | 0946.09y2Organizational.14 - 09.y   | DM-6              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cache/RedisCache_AuditSSLPort_Audit.json                                              |
+| Cognitive Services  | [Cognitive Services accounts should enable data encryption with a customer-managed key](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cognitive%20Services/CognitiveServices_CustomerManagedKey_Audit.json)              | DP-5                       |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cognitive%20Services/CognitiveServices_CustomerManagedKey_Audit.json                  |
+| Cognitive Services  | [Cognitive Services accounts should enable data encryption](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cognitive%20Services/CognitiveServices_Encryption_Audit.json)                                                  | DP-2                       |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cognitive%20Services/CognitiveServices_Encryption_Audit.json                          |
+| Cognitive Services  | [Cognitive Services accounts should restrict network access](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cognitive%20Services/CognitiveServices_NetworkAcls_Audit.json)                                                | NS-1                       |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cognitive%20Services/CognitiveServices_NetworkAcls_Audit.json                         |
+| Cognitive Services  | [Cognitive Services accounts should use customer owned storage or enable data encryption.](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cognitive%20Services/CognitiveServices_BYOX_Audit.json)                         | DP-5                       |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cognitive%20Services/CognitiveServices_BYOX_Audit.json                                |
+| Cognitive Services  | [Public network access should be disabled for Cognitive Services accounts](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cognitive%20Services/CognitiveServices_DisablePublicNetworkAccess_Audit.json)                   | NS-1                       |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cognitive%20Services/CognitiveServices_DisablePublicNetworkAccess_Audit.json          |
+| Compute             | [Audit VMs that do not use managed disks](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/VMRequireManagedDisk_Audit.json)                                                                                         |                            | 7.1   |           | A.9.1.2     |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/VMRequireManagedDisk_Audit.json                                               |
+| Compute             | [Audit virtual machines without disaster recovery configured](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/RecoveryServices_DisasterRecovery_Audit.json)                                                        |                            |       |           |             |                      | CP-7                           | 1638.12b2Organizational.345 - 12.b  | ESS-3             | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/RecoveryServices_DisasterRecovery_Audit.json                                  |
+| Compute             | [Microsoft Antimalware for Azure should be configured to automatically update protection signatures](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/VirtualMachines_AntiMalwareAutoUpdate_AuditIfNotExists.json)  |                            |       |           |             |                      |                                | 0201.09j1Organizational.124 - 09.j  |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/VirtualMachines_AntiMalwareAutoUpdate_AuditIfNotExists.json                   |
+| Compute             | [Microsoft IaaSAntimalware extension should be deployed on Windows servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/WindowsServers_AntiMalware_AuditIfNotExists.json)                                      |                            |       |           |             | 3.14.2               |                                |                                     | SS-2              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/WindowsServers_AntiMalware_AuditIfNotExists.json                              |
+| Compute             | [Unattached disks should be encrypted](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/UnattachedDisk_Encryption_Audit.json)                                                                                       |                            | 7.3   |           |             |                      |                                | 0303.09o2Organizational.2 - 09.o    |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/UnattachedDisk_Encryption_Audit.json                                          |
+| Compute             | [Virtual machines should be migrated to new Azure Resource Manager resources](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/ClassicCompute_Audit.json)                                                           | AM-3                       |       |           | A.9.1.2     |                      |                                | 0835.09n1Organizational.1 - 09.n    |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/ClassicCompute_Audit.json                                                     |
+| Container Registry  | [Container registries should be encrypted with a customer-managed key](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Container%20Registry/ACR_CMKEncryptionEnabled_Audit.json)                                           | DP-5                       |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Container%20Registry/ACR_CMKEncryptionEnabled_Audit.json                              |
+| Container Registry  | [Container registries should not allow unrestricted network access](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Container%20Registry/ACR_NetworkRulesExist_Audit.json)                                                 | NS-1                       |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Container%20Registry/ACR_NetworkRulesExist_Audit.json                                 |
+| Container Registry  | [Container registries should use private link](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Container%20Registry/ACR_PrivateEndpointEnabled_Audit.json)                                                                 | NS-3                       |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Container%20Registry/ACR_PrivateEndpointEnabled_Audit.json                            |
+| Cosmos DB           | [Azure Cosmos DB accounts should have firewall rules](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cosmos%20DB/Cosmos_NetworkRulesExist_Audit.json)                                                                     | NS-4                       |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cosmos%20DB/Cosmos_NetworkRulesExist_Audit.json                                       |
+| Cosmos DB           | [Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cosmos%20DB/Cosmos_CMK_Deny.json)                                                      | DP-5                       |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Cosmos%20DB/Cosmos_CMK_Deny.json                                                      |
+| Data Lake           | [Require encryption on Data Lake Store accounts](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Lake/DataLakeStoreEncryption_Deny.json)                                                                            |                            |       |           |             |                      |                                | 0304.09o3Organizational.1 - 09.o    |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Lake/DataLakeStoreEncryption_Deny.json                                         |
+| Event Grid          | [Azure Event Grid domains should use private link](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Event%20Grid/Domains_PrivateEndpoint_Audit.json)                                                                        | NS-3                       |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Event%20Grid/Domains_PrivateEndpoint_Audit.json                                       |
+| Event Grid          | [Azure Event Grid topics should use private link](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Event%20Grid/Topics_PrivateEndpoint_Audit.json)                                                                          | NS-3                       |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Event%20Grid/Topics_PrivateEndpoint_Audit.json                                        |
+| General             | [Audit usage of custom RBAC rules](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/General/Subscription_AuditCustomRBACRoles_Audit.json)                                                                                   | PA-7                       |       |           | A.9.2.3     |                      | AC-2 (7)                       | 1230.09c2Organizational.1 - 09.c    |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/General/Subscription_AuditCustomRBACRoles_Audit.json                                  |
+| General             | [Custom subscription owner roles should not exist](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/General/CustomSubscription_OwnerRole_Audit.json)                                                                        | PA-7                       | 1.21  |           |             |                      |                                | 1278.09c2Organizational.56 - 09.c   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/General/CustomSubscription_OwnerRole_Audit.json                                       |
+| Key Vault           | [Azure Key Vault Managed HSM should have purge protection enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/ManagedHsm_Recoverable_Audit.json)                                                          |                            |       |           |             |                      |                                | 1635.12b1Organizational.2 - 12.b    |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/ManagedHsm_Recoverable_Audit.json                                         |
+| Key Vault           | [Key vaults should have purge protection enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/KeyVault_Recoverable_Audit.json)                                                                             | BR-4                       | 8.4   |           |             |                      |                                | 1635.12b1Organizational.2 - 12.b    |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/KeyVault_Recoverable_Audit.json                                           |
+| Key Vault           | [Key vaults should have soft delete enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/KeyVault_SoftDeleteMustBeEnabled_Audit.json)                                                                      | BR-4                       |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/KeyVault_SoftDeleteMustBeEnabled_Audit.json                               |
+| Key Vault           | [[Preview]: Firewall should be enabled on Key Vault](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/AzureKeyVaultFirewallEnabled_Audit.json)                                                                  | NS-4                       |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/AzureKeyVaultFirewallEnabled_Audit.json                                   |
+| Key Vault           | [[Preview]: Key Vault keys should have an expiration date](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/Keys_ExpirationSet.json)                                                                            |                            | 8.1   |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/Keys_ExpirationSet.json                                                   |
+| Key Vault           | [[Preview]: Key Vault secrets should have an expiration date](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/Secrets_ExpirationSet.json)                                                                      |                            | 8.2   |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/Secrets_ExpirationSet.json                                                |
+| Key Vault           | [[Preview]: Private endpoint should be configured for Key Vault](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/AzureKeyVaultPrivateEndpointEnabled_Audit.json)                                               | NS-3                       |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/AzureKeyVaultPrivateEndpointEnabled_Audit.json                            |
+| Kubernetes          | [Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/AKS_AzurePolicyAddOn_Audit.json)                            | PV-2                       |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/AKS_AzurePolicyAddOn_Audit.json                                            |
+| Kubernetes          | [Both operating systems and data disks in Azure Kubernetes Service clusters should be encrypted by customer-managed keys](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/AKS_CMK_Deny.json)                    |                            |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/AKS_CMK_Deny.json                                                          |
+| Machine Learning    | [Azure Machine Learning workspaces should be encrypted with a customer-managed key](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Machine%20Learning/Workspace_CMKEnabled_Audit.json)                                    | DP-5                       |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Machine%20Learning/Workspace_CMKEnabled_Audit.json                                    |
+| Machine Learning    | [Azure Machine Learning workspaces should use private link](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Machine%20Learning/Workspace_PrivateLinkEnabled_Audit.json)                                                    | NS-3                       |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Machine%20Learning/Workspace_PrivateLinkEnabled_Audit.json                            |
+| Monitoring          | [Activity log should be retained for at least one year](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLogRetention_365orGreater.json)                                                                 |                            |       |           |             |                      |                                |                                     | AC-15             | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLogRetention_365orGreater.json                                     |
+| Monitoring          | [Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_CaptureAllCategories.json)                           |                            |       |           |             |                      |                                | 1219.09ab3System.10 - 09.ab         |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_CaptureAllCategories.json                                      |
+| Monitoring          | [Azure Monitor should collect activity logs from all regions](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_CaptureAllRegions.json)                                                               |                            |       |           |             |                      |                                | 1214.09ab2System.3456 - 09.ab       |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_CaptureAllRegions.json                                         |
+| Monitoring          | [Azure subscriptions should have a log profile for Activity Log](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/Logprofile_activityLogs_Audit.json)                                                            |                            |       |           |             |                      |                                |                                     | AC-13             | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/Logprofile_activityLogs_Audit.json                                         |
+| Monitoring          | [Storage account containing the container with activity logs must be encrypted with BYOK](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_StorageAccountBYOK_Audit.json)                            |                            | 5.1.4 |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_StorageAccountBYOK_Audit.json                                  |
+| Monitoring          | [The Log Analytics agent should be installed on Virtual Machine Scale Sets](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/VMSS_LogAnalyticsAgent_AuditIfNotExists.json)                                       |                            |       |           |             | 3.3.2                |                                | 1216.09ab3System.12 - 09.ab         |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/VMSS_LogAnalyticsAgent_AuditIfNotExists.json                               |
+| Monitoring          | [The Log Analytics agent should be installed on virtual machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/VirtualMachines_LogAnalyticsAgent_AuditIfNotExists.json)                                      |                            |       |           |             | 3.3.2                |                                | 1215.09ab2System.7 - 09.ab          |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/VirtualMachines_LogAnalyticsAgent_AuditIfNotExists.json                    |
+| Monitoring          | [[Preview]: Log Analytics agent should be installed on your Linux Azure Arc machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/Arc_Linux_LogAnalytics_Audit.json)                                        | LT-5                       |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/Arc_Linux_LogAnalytics_Audit.json                                          |
+| Monitoring          | [[Preview]: Log Analytics agent should be installed on your Windows Azure Arc machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/Arc_Windows_LogAnalytics_Audit.json)                                    | LT-5                       |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/Arc_Windows_LogAnalytics_Audit.json                                        |
+| Monitoring          | [[Preview]: Network traffic data collection agent should be installed on Linux virtual machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ASC_Dependency_Agent_Audit_Linux.json)                         | LT-3                       |       |           |             |                      |                                | 0885.09n2Organizational.3 - 09.n    |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ASC_Dependency_Agent_Audit_Linux.json                                      |
+| Monitoring          | [[Preview]: Network traffic data collection agent should be installed on Windows virtual machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ASC_Dependency_Agent_Audit_Windows.json)                     | LT-3                       |       |           |             |                      |                                | 0887.09n2Organizational.5 - 09.n    |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ASC_Dependency_Agent_Audit_Windows.json                                    |
+| Network             | [App Service should use a virtual network service endpoint](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/VirtualNetworkServiceEndpoint_AppService_AuditIfNotExists.json)                                        |                            |       |           |             |                      |                                | 0861.09m2Organizational.67 - 09.m   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/VirtualNetworkServiceEndpoint_AppService_AuditIfNotExists.json                |
+| Network             | [Cosmos DB should use a virtual network service endpoint](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/VirtualNetworkServiceEndpoint_CosmosDB_Audit.json)                                                       |                            |       |           |             |                      |                                | 0864.09m2Organizational.12 - 09.m   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/VirtualNetworkServiceEndpoint_CosmosDB_Audit.json                             |
+| Network             | [Event Hub should use a virtual network service endpoint](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/VirtualNetworkServiceEndpoint_EventHub_AuditIfNotExists.json)                                            |                            |       |           |             |                      |                                | 0863.09m2Organizational.910 - 09.m  |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/VirtualNetworkServiceEndpoint_EventHub_AuditIfNotExists.json                  |
+| Network             | [Flow log should be configured for every network security group](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkSecurityGroup_FlowLog_Audit.json)                                                          |                            |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkSecurityGroup_FlowLog_Audit.json                                       |
+| Network             | [Gateway subnets should not be configured with a network security group](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkSecurityGroupOnGatewaySubnet_Deny.json)                                            |                            |       |           |             |                      |                                | 0894.01m2Organizational.7 - 01.m    |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkSecurityGroupOnGatewaySubnet_Deny.json                                 |
+| Network             | [Key Vault should use a virtual network service endpoint](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/VirtualNetworkServiceEndpoint_KeyVault_Audit.json)                                                       |                            |       |           |             |                      |                                | 0865.09m2Organizational.13 - 09.m   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/VirtualNetworkServiceEndpoint_KeyVault_Audit.json                             |
+| Network             | [RDP access from the Internet should be blocked](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkSecurityGroup_RDPAccess_Audit.json)                                                                        | NS-4                       | 6.1   |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkSecurityGroup_RDPAccess_Audit.json                                     |
+| Network             | [SQL Server should use a virtual network service endpoint](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/VirtualNetworkServiceEndpoint_SQLServer_AuditIfNotExists.json)                                          |                            |       |           |             |                      |                                | 0862.09m2Organizational.8 - 09.m    |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/VirtualNetworkServiceEndpoint_SQLServer_AuditIfNotExists.json                 |
+| Network             | [SSH access from the Internet should be blocked](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkSecurityGroup_SSHAccess_Audit.json)                                                                        | NS-4                       | 6.2   |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkSecurityGroup_SSHAccess_Audit.json                                     |
+| Network             | [Service Bus should use a virtual network service endpoint](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/VirtualNetworkServiceEndpoint_ServiceBus_AuditIfNotExists.json)                                        |                            |       |           |             |                      |                                | 0860.09m1Organizational.9 - 09.m    |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/VirtualNetworkServiceEndpoint_ServiceBus_AuditIfNotExists.json                |
+| Network             | [Storage Accounts should use a virtual network service endpoint](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/VirtualNetworkServiceEndpoint_StorageAccount_Audit.json)                                          |                            |       |           |             |                      |                                | 0867.09m3Organizational.17 - 09.m   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/VirtualNetworkServiceEndpoint_StorageAccount_Audit.json                       |
+| Network             | [Web Application Firewall (WAF) should be enabled for Application Gateway](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/WAF_AppGatewayEnabled_Audit.json)                                                       | NS-4                       |       |           |             |                      |                                |                                     | NS-7              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/WAF_AppGatewayEnabled_Audit.json                                              |
+| Network             | [Web Application Firewall (WAF) should be enabled for Azure Front Door Service service](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/WAF_AFD_Enabled_Audit.json)                                                | NS-4                       |       |           |             |                      |                                |                                     | NS-7              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/WAF_AFD_Enabled_Audit.json                                                    |
+| Network             | [[Preview]: All Internet traffic should be routed via your deployed Azure Firewall](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/ASC_All_Internet_traffic_should_be_routed_via_Azure_Firewall.json)             | NS-5                       |       |           |             |                      |                                |                                     | NS-7              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/ASC_All_Internet_traffic_should_be_routed_via_Azure_Firewall.json             |
+| Network             | [[Preview]: Container Registry should use a virtual network service endpoint](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/VirtualNetworkServiceEndpoint_ContainerRegistry_Audit.json)                          |                            |       |           |             |                      |                                | 0871.09m3Organizational.22 - 09.m   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/VirtualNetworkServiceEndpoint_ContainerRegistry_Audit.json                    |
+| SQL                 | [Advanced data security should be enabled on SQL Managed Instance](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlManagedInstance_AdvancedDataSecurity_Audit.json)                                                 | IR-5                       | 4.2.1 |           |             | 3.14.6               | SI-4                           |                                     | DM-6              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlManagedInstance_AdvancedDataSecurity_Audit.json                                |
+| SQL                 | [Advanced data security should be enabled on your SQL servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServer_AdvancedDataSecurity_Audit.json)                                                              |                            | 4.2.1 |           |             | 3.14.6               | SI-4                           |                                     | DM-6              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServer_AdvancedDataSecurity_Audit.json                                         |
+| SQL                 | [An Azure Active Directory administrator should be provisioned for SQL servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SQL_DB_AuditServerADAdmins_Audit.json)                                                 | IM-1                       | 4.4   |           | A.9.2.3     |                      | AC-2 (7)                       |                                     | DM-6              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SQL_DB_AuditServerADAdmins_Audit.json                                             |
+| SQL                 | [Bring your own key data protection should be enabled for MySQL servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/MySQL_EnableByok_Audit.json)                                                                  | DP-5                       |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/MySQL_EnableByok_Audit.json                                                       |
+| SQL                 | [Bring your own key data protection should be enabled for PostgreSQL servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_EnableByok_Audit.json)                                                        | DP-5                       |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_EnableByok_Audit.json                                                  |
+| SQL                 | [Connection throttling should be enabled for PostgreSQL database servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_ConnectionThrottling_Enabled_Audit.json)                                          |                            | 4.3.6 |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_ConnectionThrottling_Enabled_Audit.json                                |
+| SQL                 | [Disconnections should be logged for PostgreSQL database servers.](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_EnableLogDisconnections_Audit.json)                                                      |                            | 4.3.5 |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_EnableLogDisconnections_Audit.json                                     |
+| SQL                 | [Enforce SSL connection should be enabled for MySQL database servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/MySQL_EnableSSL_Audit.json)                                                                      | DP-4                       | 4.3.1 |           |             |                      |                                | 0948.09y2Organizational.3 - 09.y    |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/MySQL_EnableSSL_Audit.json                                                        |
+| SQL                 | [Enforce SSL connection should be enabled for PostgreSQL database servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_EnableSSL_Audit.json)                                                            | DP-4                       | 4.3.2 |           |             |                      |                                | 0947.09y2Organizational.2 - 09.y    |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_EnableSSL_Audit.json                                                   |
+| SQL                 | [Geo-redundant backup should be enabled for Azure Database for MariaDB](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/GeoRedundant_DBForMariaDB_Audit.json)                                                          | BR-2                       |       |           |             |                      |                                | 1627.09l3Organizational.6 - 09.l    |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/GeoRedundant_DBForMariaDB_Audit.json                                              |
+| SQL                 | [Geo-redundant backup should be enabled for Azure Database for MySQL](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/GeoRedundant_DBForMySQL_Audit.json)                                                              | BR-2                       |       |           |             |                      |                                | 1622.09l2Organizational.23 - 09.l   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/GeoRedundant_DBForMySQL_Audit.json                                                |
+| SQL                 | [Geo-redundant backup should be enabled for Azure Database for PostgreSQL](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/GeoRedundant_DBForPostgreSQL_Audit.json)                                                    | BR-2                       |       |           |             |                      |                                | 1626.09l3Organizational.5 - 09.l    |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/GeoRedundant_DBForPostgreSQL_Audit.json                                           |
+| SQL                 | [Infrastructure encryption should be enabled for Azure Database for MySQL servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/MySQL_InfrastructureEncryption_Audit.json)                                          |                            |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/MySQL_InfrastructureEncryption_Audit.json                                         |
+| SQL                 | [Infrastructure encryption should be enabled for Azure Database for PostgreSQL servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_InfrastructureEncryption_Audit.json)                                |                            |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_InfrastructureEncryption_Audit.json                                    |
+| SQL                 | [Log checkpoints should be enabled for PostgreSQL database servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_EnableLogCheckpoint_Audit.json)                                                         |                            | 4.3.3 |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_EnableLogCheckpoint_Audit.json                                         |
+| SQL                 | [Log connections should be enabled for PostgreSQL database servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_EnableLogConnections_Audit.json)                                                        |                            | 4.3.4 |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_EnableLogConnections_Audit.json                                        |
+| SQL                 | [Long-term geo-redundant backup should be enabled for Azure SQL Databases](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/GeoRedundant_SQLDatabase_AuditIfNotExists.json)                                             | BR-2                       |       |           |             |                      |                                | 1621.09l2Organizational.1 - 09.l    |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/GeoRedundant_SQLDatabase_AuditIfNotExists.json                                    |
+| SQL                 | [Private endpoint connections on Azure SQL Database should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServer_PrivateEndpoint_Audit.json)                                                           | NS-3                       |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServer_PrivateEndpoint_Audit.json                                              |
+| SQL                 | [Private endpoint should be enabled for MariaDB servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/MariaDB_EnablePrivateEndPoint_Audit.json)                                                                     | NS-3                       |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/MariaDB_EnablePrivateEndPoint_Audit.json                                          |
+| SQL                 | [Private endpoint should be enabled for MySQL servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/MySQL_EnablePrivateEndPoint_Audit.json)                                                                         | NS-3                       |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/MySQL_EnablePrivateEndPoint_Audit.json                                            |
+| SQL                 | [Private endpoint should be enabled for PostgreSQL servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_EnablePrivateEndPoint_Audit.json)                                                               | NS-3                       |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_EnablePrivateEndPoint_Audit.json                                       |
+| SQL                 | [Public network access on Azure SQL Database should be disabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServer_PublicNetworkAccess_Audit.json)                                                             | NS-1                       |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServer_PublicNetworkAccess_Audit.json                                          |
+| SQL                 | [Public network access should be disabled for MariaDB servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/MariaDB_DisablePublicNetworkAccess_Audit.json)                                                          | NS-1                       |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/MariaDB_DisablePublicNetworkAccess_Audit.json                                     |
+| SQL                 | [Public network access should be disabled for MySQL flexible servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/MySQL_FlexibleServers_DisablePublicNetworkAccess_Audit.json)                                     |                            |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/MySQL_FlexibleServers_DisablePublicNetworkAccess_Audit.json                       |
+| SQL                 | [Public network access should be disabled for MySQL servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/MySQL_DisablePublicNetworkAccess_Audit.json)                                                              | NS-1                       |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/MySQL_DisablePublicNetworkAccess_Audit.json                                       |
+| SQL                 | [Public network access should be disabled for PostgreSQL flexible servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_FlexibleServers_DisablePublicNetworkAccess_Audit.json)                           |                            |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_FlexibleServers_DisablePublicNetworkAccess_Audit.json                  |
+| SQL                 | [Public network access should be disabled for PostgreSQL servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_DisablePublicNetworkAccess_Audit.json)                                                    | NS-1                       |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/PostgreSQL_DisablePublicNetworkAccess_Audit.json                                  |
+| SQL                 | [SQL managed instances should use customer-managed keys to encrypt data at rest](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlManagedInstance_EnsureServerTDEisEncryptedWithYourOwnKey_Audit.json)               | DP-5                       | 4.5   |           |             |                      |                                | 0304.09o3Organizational.1 - 09.o    |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlManagedInstance_EnsureServerTDEisEncryptedWithYourOwnKey_Audit.json            |
+| SQL                 | [SQL servers should be configured with 90 days auditing retention or higher](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServerAuditingRetentionDays_Audit.json)                                                |                            | 4.1.3 |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServerAuditingRetentionDays_Audit.json                                         |
+| SQL                 | [SQL servers should use customer-managed keys to encrypt data at rest](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServer_EnsureServerTDEisEncryptedWithYourOwnKey_Audit.json)                                  | DP-5                       | 4.5   |           |             |                      |                                | 0304.09o3Organizational.1 - 09.o    |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServer_EnsureServerTDEisEncryptedWithYourOwnKey_Audit.json                     |
+| SQL                 | [Transparent Data Encryption on SQL databases should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlDBEncryption_Audit.json)                                                                           | DP-5                       | 4.1.2 |           | A.10.1.1    | 3.13.16              | SC-28 (1)                      | 0301.09o1Organizational.123 - 09.o  | DM-6              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlDBEncryption_Audit.json                                                        |
+| SQL                 | [Vulnerability Assessment settings for SQL server should contain an email address to receive scan reports](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServer_VulnerabilityAssessmentEmails_Audit.json)         |                            | 4.2.4 |           |             |                      |                                |                                     | ISM-3             | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServer_VulnerabilityAssessmentEmails_Audit.json                                |
+| SQL                 | [Vulnerability assessment should be enabled on SQL Managed Instance](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/VulnerabilityAssessmentOnManagedInstance_Audit.json)                                              | PV-6                       | 4.2.2 |           |             |                      |                                | 0719.10m3Organizational.5 - 10.m    | ISM-3             | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/VulnerabilityAssessmentOnManagedInstance_Audit.json                               |
+| SQL                 | [Vulnerability assessment should be enabled on your SQL servers](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/VulnerabilityAssessmentOnServer_Audit.json)                                                           | PV-6                       | 4.2.2 |           |             |                      |                                | 0709.10m1Organizational.1 - 10.m    | ISM-3             | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/VulnerabilityAssessmentOnServer_Audit.json                                        |
+| Security Center     | [A maximum of 3 owners should be designated for your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_DesignateLessThanXOwners_Audit.json)                                              | PA-1                       |       |           | A.6.1.2     | 3.1.4                | AC-6 (7)                       | 11112.01q2Organizational.67 - 01.q  | AC-2              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_DesignateLessThanXOwners_Audit.json                             |
+| Security Center     | [A vulnerability assessment solution should be enabled on your virtual machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_ServerVulnerabilityAssessment_Audit.json)                           | PV-6                       |       |           | A.12.6.1    | 3.14.1               | SI-2                           | 0711.10m2Organizational.23 - 10.m   | ISM-3             | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_ServerVulnerabilityAssessment_Audit.json                        |
+| Security Center     | [Adaptive application controls for defining safe applications should be enabled on your machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_AdaptiveApplicationControls_Audit.json)            | AM-6                       |       |           | A.12.6.2    | 3.4.9                | CM-11                          | 0607.10h2System.23 - 10.h           | SS-4              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_AdaptiveApplicationControls_Audit.json                          |
+| Security Center     | [Adaptive network hardening recommendations should be applied on internet facing virtual machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_AdaptiveNetworkHardenings_Audit.json)             | NS-4                       |       |           |             | 3.13.5               | SC-7                           | 0859.09m1Organizational.78 - 09.m   | NS-2              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_AdaptiveNetworkHardenings_Audit.json                            |
+| Security Center     | [All network ports should be restricted on network security groups associated to your virtual machine](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UnprotectedEndpoints_Audit.json)              |                            |       |           | A.13.1.1    | 3.13.5               | SC-7                           | 0858.09m1Organizational.4 - 09.m    |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UnprotectedEndpoints_Audit.json                                 |
+| Security Center     | [Allowlist rules in your adaptive application control policy should be updated](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_AdaptiveApplicationControlsUpdate_Audit.json)                        |                            |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_AdaptiveApplicationControlsUpdate_Audit.json                    |
+| Security Center     | [Authorized IP ranges should be defined on Kubernetes Services](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableIpRanges_KubernetesService_Audit.json)                                         | NS-4                       |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableIpRanges_KubernetesService_Audit.json                     |
+| Security Center     | [Auto provisioning of the Log Analytics agent should be enabled on your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_Automatic_provisioning_log_analytics_monitoring_agent.json)    | LT-5                       | 2.11  |           |             |                      |                                | 1220.09ab3System.56 - 09.ab         |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_Automatic_provisioning_log_analytics_monitoring_agent.json      |
+| Security Center     | [Azure DDoS Protection Standard should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableDDoSProtection_Audit.json)                                                                  | NS-4                       |       |           |             |                      | SC-5                           |                                     | NS-5              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableDDoSProtection_Audit.json                                 |
+| Security Center     | [Azure Defender for App Service should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnAppServices_Audit.json)                                           | IR-5                       | 2.2   |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnAppServices_Audit.json          |
+| Security Center     | [Azure Defender for Azure SQL Database servers should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedDataSecurityOnSqlServers_Audit.json)                                 | IR-5                       | 2.3   |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedDataSecurityOnSqlServers_Audit.json               |
+| Security Center     | [Azure Defender for Key Vault should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnKeyVaults_Audit.json)                                               | IR-5                       | 2.8   |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnKeyVaults_Audit.json            |
+| Security Center     | [Azure Defender for Kubernetes should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnKubernetesService_Audit.json)                                      | IR-5                       | 2.6   |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnKubernetesService_Audit.json    |
+| Security Center     | [Azure Defender for SQL servers on machines should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedDataSecurityOnSqlServerVirtualMachines_Audit.json)                      | IR-5                       | 2.4   |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedDataSecurityOnSqlServerVirtualMachines_Audit.json |
+| Security Center     | [Azure Defender for Storage should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnStorageAccounts_Audit.json)                                           | IR-5                       | 2.5   |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnStorageAccounts_Audit.json      |
+| Security Center     | [Azure Defender for container registries should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnContainerRegistry_Audit.json)                            | IR-5                       | 2.7   |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnContainerRegistry_Audit.json    |
+| Security Center     | [Azure Defender for servers should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnVM_Audit.json)                                                        | ES-1                       | 2.1   |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableAdvancedThreatProtectionOnVM_Audit.json                   |
+| Security Center     | [Deprecated accounts should be removed from your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveDeprecatedAccounts_Audit.json)                                                  | PA-3                       |       |           | A.9.2.6     | 3.1.1                | AC-2                           |                                     | AC-5              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveDeprecatedAccounts_Audit.json                             |
+| Security Center     | [Deprecated accounts with owner permissions should be removed from your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveDeprecatedAccountsWithOwnerPermissions_Audit.json)       | PA-3                       |       |           | A.9.2.6     | 3.1.1                | AC-2                           | 1147.01c2System.456 - 01.c          | AC-5              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveDeprecatedAccountsWithOwnerPermissions_Audit.json         |
+| Security Center     | [Disk encryption should be applied on virtual machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UnencryptedVMDisks_Audit.json)                                                               | DP-5                       | 7.2   |           | A.10.1.1    | 3.13.16              | SC-28 (1)                      | 0302.09o2Organizational.1 - 09.o    | DM-6              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UnencryptedVMDisks_Audit.json                                   |
+| Security Center     | [Email notification for high severity alerts should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_Email_notification.json)                                                             | IR-2                       | 2.14  |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_Email_notification.json                                         |
+| Security Center     | [Email notification to subscription owner for high severity alerts should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_Email_notification_to_subscription_owner.json)                 | IR-2                       |       |           |             | 3.14.6               |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_Email_notification_to_subscription_owner.json                   |
+| Security Center     | [Endpoint protection solution should be installed on virtual machine scale sets](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_VmssMissingEndpointProtection_Audit.json)                           | ES-3                       |       |           |             | 3.14.2               | SI-3 (1)                       | 0201.09j1Organizational.124 - 09.j  | DM-4              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_VmssMissingEndpointProtection_Audit.json                        |
+| Security Center     | [External accounts with owner permissions should be removed from your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveExternalAccountsWithOwnerPermissions_Audit.json)           | PA-3                       | 1.3   |           | A.9.2.5     | 3.1.1                | AC-2                           | 1146.01c2System.23 - 01.c           | PRS-5             | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveExternalAccountsWithOwnerPermissions_Audit.json           |
+| Security Center     | [External accounts with read permissions should be removed from your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveExternalAccountsReadPermissions_Audit.json)                 | PA-3                       | 1.3   |           |             | 3.1.1                | AC-2                           |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveExternalAccountsReadPermissions_Audit.json                |
+| Security Center     | [External accounts with write permissions should be removed from your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveExternalAccountsWritePermissions_Audit.json)               | PA-3                       | 1.3   |           | A.9.2.5     | 3.1.1                | AC-2                           |                                     | PRS-5             | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_RemoveExternalAccountsWritePermissions_Audit.json               |
+| Security Center     | [Guest Configuration extension should be installed on your machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_GCExtOnVm.json)                                                                 |                            |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_GCExtOnVm.json                                                  |
+| Security Center     | [IP Forwarding on your virtual machine should be disabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_IPForwardingOnVirtualMachines_Audit.json)                                                 | NS-4                       |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_IPForwardingOnVirtualMachines_Audit.json                        |
+| Security Center     | [Internet-facing virtual machines should be protected with network security groups](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_NetworkSecurityGroupsOnInternetFacingVirtualMachines_Audit.json) | NS-4                       |       |           |             | 3.13.5               |                                | 0814.01n1Organizational.12 - 01.n   | NS-2              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_NetworkSecurityGroupsOnInternetFacingVirtualMachines_Audit.json |
+| Security Center     | [Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UpgradeVersion_KubernetesService_Audit.json)                         | PV-7                       |       |           |             | 3.14.1               |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UpgradeVersion_KubernetesService_Audit.json                     |
+| Security Center     | [Log Analytics agent health issues should be resolved on your machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_ResolveLaHealthIssues.json)                                                  | LT-5                       |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_ResolveLaHealthIssues.json                                      |
+| Security Center     | [Log Analytics agent should be installed on your virtual machine for Azure Security Center monitoring](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_InstallLaAgentOnVm.json)                      | LT-5                       |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_InstallLaAgentOnVm.json                                         |
+| Security Center     | [Log Analytics agent should be installed on your virtual machine scale sets for Azure Security Center monitoring](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_InstallLaAgentOnVmss.json)         | LT-5                       |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_InstallLaAgentOnVmss.json                                       |
+| Security Center     | [MFA should be enabled accounts with write permissions on your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForWritePermissions_Audit.json)                                | IM-4                       | 1.1   |           | A.9.4.2     | 3.5.3                | IA-2 (1)                       | 11110.01q1Organizational.6 - 01.q   | AC-17             | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForWritePermissions_Audit.json                         |
+| Security Center     | [MFA should be enabled on accounts with owner permissions on your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForOwnerPermissions_Audit.json)                             | IM-4                       | 1.1   |           | A.9.4.2     | 3.5.3                | IA-2 (1)                       | 11109.01q1Organizational.57 - 01.q  | AC-17             | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForOwnerPermissions_Audit.json                         |
+| Security Center     | [MFA should be enabled on accounts with read permissions on your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForReadPermissions_Audit.json)                               | IM-4                       | 1.2   |           | A.9.4.2     | 3.5.3                | IA-2 (2)                       | 11111.01q2System.4 - 01.q           | AC-17             | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableMFAForReadPermissions_Audit.json                          |
+| Security Center     | [Management ports of virtual machines should be protected with just-in-time network access control](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_JITNetworkAccess_Audit.json)                     | NS-4                       |       |           |             |                      | SC-7 (4) Ownership : Microsoft | 0858.09m1Organizational.4 - 09.m    | AC-7              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_JITNetworkAccess_Audit.json                                     |
+| Security Center     | [Management ports should be closed on your virtual machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_OpenManagementPortsOnVirtualMachines_Audit.json)                                        | NS-1                       |       |           |             |                      |                                | 1193.01l2Organizational.13 - 01.l   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_OpenManagementPortsOnVirtualMachines_Audit.json                 |
+| Security Center     | [Monitor missing Endpoint Protection in Azure Security Center](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_MissingEndpointProtection_Audit.json)                                                 | ES-3                       | 7.6   |           | A.12.6.1    | 3.14.2               | SI-3 (1)                       | 0201.09j1Organizational.124 - 09.j  | DM-4              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_MissingEndpointProtection_Audit.json                            |
+| Security Center     | [Non-internet-facing virtual machines should be protected with network security groups](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_NetworkSecurityGroupsOnInternalVirtualMachines_Audit.json)   |                            |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_NetworkSecurityGroupsOnInternalVirtualMachines_Audit.json       |
+| Security Center     | [Role-Based Access Control (RBAC) should be used on Kubernetes Services](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableRBAC_KubernetesService_Audit.json)                                    | PA-7                       | 8.5   |           |             |                      |                                | 1229.09c1Organizational.1 - 09.c    |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_EnableRBAC_KubernetesService_Audit.json                         |
+| Security Center     | [Security Center standard pricing tier should be selected](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_Standard_pricing_tier.json)                                                               |                            |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_Standard_pricing_tier.json                                      |
+| Security Center     | [Service principals should be used to protect your subscriptions instead of management certificates](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UseServicePrincipalToProtectSubscriptions.json) | IM-2                       |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_UseServicePrincipalToProtectSubscriptions.json                  |
+| Security Center     | [Subnets should be associated with a Network Security Group](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_NetworkSecurityGroupsOnSubnets_Audit.json)                                              | NS-4                       |       |           |             |                      |                                | 0814.01n1Organizational.12 - 01.n   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_NetworkSecurityGroupsOnSubnets_Audit.json                       |
+| Security Center     | [Subscriptions should have a contact email address for security issues](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_Security_contact_email.json)                                                 | IR-2                       | 2.13  |           |             | 3.14.6               |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_Security_contact_email.json                                     |
+| Security Center     | [System updates on virtual machine scale sets should be installed](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_VmssMissingSystemUpdates_Audit.json)                                              | PV-7                       |       |           |             | 3.14.1               | SI-2                           | 1202.09aa1System.1 - 09.aa          | PRS-5             | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_VmssMissingSystemUpdates_Audit.json                             |
+| Security Center     | [System updates should be installed on your machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_MissingSystemUpdates_Audit.json)                                                               | PV-7                       | 7.5   |           | A.12.6.1    | 3.14.1               | SI-2                           | 0201.09j1Organizational.124 - 09.j  | PRS-5             | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_MissingSystemUpdates_Audit.json                                 |
+| Security Center     | [There should be more than one owner assigned to your subscription](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_DesignateMoreThanOneOwner_Audit.json)                                            | PA-1                       |       |           | A.6.1.2     | 3.1.4                | AC-6 (7)                       | 11208.01q1Organizational.8 - 01.q   | AC-2              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_DesignateMoreThanOneOwner_Audit.json                            |
+| Security Center     | [Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_GCExtOnVmWithNoSAMI.json)                 |                            |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_GCExtOnVmWithNoSAMI.json                                        |
+| Security Center     | [Vulnerabilities in Azure Container Registry images should be remediated](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_ContainerRegistryVulnerabilityAssessment_Audit.json)                       | PV-6                       |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_ContainerRegistryVulnerabilityAssessment_Audit.json             |
+| Security Center     | [Vulnerabilities in container security configurations should be remediated](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_ContainerBenchmark_Audit.json)                                           | PV-4                       |       |           |             | 3.11.2               |                                | 0715.10m2Organizational.8 - 10.m    | ISM-3             | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_ContainerBenchmark_Audit.json                                   |
+| Security Center     | [Vulnerabilities in security configuration on your machines should be remediated](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_OSVulnerabilities_Audit.json)                                      | PV-4                       |       |           | A.12.6.1    | 3.14.1               | SI-2                           | 0718.10m3Organizational.34 - 10.m   | ISM-3             | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_OSVulnerabilities_Audit.json                                    |
+| Security Center     | [Vulnerabilities in security configuration on your virtual machine scale sets should be remediated](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_VmssOSVulnerabilities_Audit.json)                | PV-4                       |       |           |             | 3.14.1               | SI-2                           | 0717.10m3Organizational.2 - 10.m    | ISM-3             | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_VmssOSVulnerabilities_Audit.json                                |
+| Security Center     | [Vulnerabilities on your SQL databases should be remediated](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_SQLDbVulnerabilities_Audit.json)                                                        | PV-6                       |       |           | A.12.6.1    | 3.14.1               | SI-2                           | 0716.10m3Organizational.1 - 10.m    | ISM-3             | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_SQLDbVulnerabilities_Audit.json                                 |
+| Security Center     | [[Preview]: Sensitive data in your SQL databases should be classified](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_SQLDbDataClassification_Audit.json)                                           | DP-1                       |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Security%20Center/ASC_SQLDbDataClassification_Audit.json                              |
+| Service Fabric      | [Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Service%20Fabric/ServiceFabric_AuditClusterProtectionLevel_Audit.json)     | DP-5                       |       |           | A.10.1.1    |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Service%20Fabric/ServiceFabric_AuditClusterProtectionLevel_Audit.json                 |
+| Service Fabric      | [Service Fabric clusters should only use Azure Active Directory for client authentication](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Service%20Fabric/ServiceFabric_AuditADAuth_Audit.json)                          | IM-1                       |       |           | A.9.2.3     |                      | AC-2 (7)                       |                                     | AC-2              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Service%20Fabric/ServiceFabric_AuditADAuth_Audit.json                                 |
+| SignalR             | [Azure SignalR Service should use private link](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SignalR/SignalR_PrivateEndpointEnabled_Audit.json)                                                                         | NS-3                       |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SignalR/SignalR_PrivateEndpointEnabled_Audit.json                                     |
+| Storage             | [Secure transfer to storage accounts should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Storage_AuditForHTTPSEnabled_Audit.json)                                                                   | DP-4                       | 3.1   |           | A.13.2.1    | 3.13.8               | SC-8 (1)                       | 0943.09y1Organizational.1 - 09.y    | DM-6              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Storage_AuditForHTTPSEnabled_Audit.json                                       |
+| Storage             | [Storage account should use a private link connection](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/StorageAccountPrivateEndpointEnabled_Audit.json)                                                            | NS-3                       |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/StorageAccountPrivateEndpointEnabled_Audit.json                               |
+| Storage             | [Storage accounts should allow access from trusted Microsoft services](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/StorageAccess_TrustedMicrosoftServices_Audit.json)                                          |                            | 3.7   |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/StorageAccess_TrustedMicrosoftServices_Audit.json                             |
+| Storage             | [Storage accounts should be migrated to new Azure Resource Manager resources](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Classic_AuditForClassicStorages_Audit.json)                                          | AM-3                       |       |           | A.9.1.2     |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Classic_AuditForClassicStorages_Audit.json                                    |
+| Storage             | [Storage accounts should have infrastructure encryption](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/StorageAccountInfrastructureEncryptionEnabled_Audit.json)                                                 |                            |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/StorageAccountInfrastructureEncryptionEnabled_Audit.json                      |
+| Storage             | [Storage accounts should restrict network access using virtual network rules](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/StorageAccountOnlyVnetRulesEnabled_Audit.json)                                       | NS-1                       | 3.6   |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/StorageAccountOnlyVnetRulesEnabled_Audit.json                                 |
+| Storage             | [Storage accounts should restrict network access](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Storage_NetworkAcls_Audit.json)                                                                                  | NS-4                       | 3.6   |           | A.13.1.1    | 3.13.5               | SC-7                           | 0866.09m3Organizational.1516 - 09.m | NS-2              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/Storage_NetworkAcls_Audit.json                                                |
+| Storage             | [Storage accounts should use customer-managed key for encryption](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/StorageAccountCustomerManagedKeyEnabled_Audit.json)                                              | DP-5                       | 3.9   |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/StorageAccountCustomerManagedKeyEnabled_Audit.json                            |
+| Storage             | [[Preview]: Storage account public access should be disallowed](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/ASC_Storage_DisallowPublicBlobAccess_Audit.json)                                                   | DP-2                       | 5.1.3 |           |             |                      |                                |                                     | NS-2              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Storage/ASC_Storage_DisallowPublicBlobAccess_Audit.json                               |
+| Stream Analytics    | [Azure Stream Analytics jobs should use customer-managed keys to encrypt data](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Stream%20Analytics/StreamAnalytics_CMK_Audit.json)                                          |                            |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Stream%20Analytics/StreamAnalytics_CMK_Audit.json                                     |
+| Synapse             | [Azure Synapse workspaces should use customer-managed keys to encrypt data at rest](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Synapse/SynapseWorkspaceCMK_Audit.json)                                                |                            |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Synapse/SynapseWorkspaceCMK_Audit.json                                                |
+| VM Image Builder    | [VM Image Builder templates should use private link](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/VM%20Image%20Builder/PrivateLinkEnabled_Audit.json)                                                                   | NS-3                       |       |           |             |                      |                                |                                     |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/VM%20Image%20Builder/PrivateLinkEnabled_Audit.json                                    |
\ No newline at end of file
diff --git a/docs/params-optional.csv b/docs/params-optional.csv
index 0b5cd70..caf743a 100644
--- a/docs/params-optional.csv
+++ b/docs/params-optional.csv
@@ -1,139 +1,57 @@
-Service,Policy Definition,Azure Security Benchmark,CIS,CCMC L3,ISO 27001,NIST SP 800-53 R4,NIST SP 800-171 R2,HIPAA HITRUST 9.2,New Zealand ISM,Policy Link
+Service,Policy Definition,Azure Security Benchmark,CIS,CCMC L3,ISO 27001,NIST SP 800-53 R4,NIST SP 800-171 R2,HIPAA HITRUST 9.2,New Zealand ISM,Link
 API Management,API Management services should use a virtual network,NS-1,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/API%20Management/ApiManagement_VNETEnabled_Audit.json
 App Platform,Azure Spring Cloud should use network injection,NS-2,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Platform/Spring_VNETEnabled_Audit.json
-App Service,"Ensure that 'Java version' is the latest, if used as a part of the API app",,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_java_Latest.json
-App Service,"Ensure that 'Java version' is the latest, if used as a part of the API app",,,,,,3.14.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_java_Latest.json
-App Service,"Ensure that 'Java version' is the latest, if used as a part of the API app",,9.8,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_java_Latest.json
-App Service,"Ensure that 'Java version' is the latest, if used as a part of the API app",PV-7,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_java_Latest.json
-App Service,"Ensure that 'Java version' is the latest, if used as a part of the Function app",,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_java_Latest.json
-App Service,"Ensure that 'Java version' is the latest, if used as a part of the Function app",,,,,,3.14.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_java_Latest.json
-App Service,"Ensure that 'Java version' is the latest, if used as a part of the Function app",,9.8,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_java_Latest.json
-App Service,"Ensure that 'Java version' is the latest, if used as a part of the Function app",PV-7,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_java_Latest.json
-App Service,"Ensure that 'Java version' is the latest, if used as a part of the Web app",,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_java_Latest.json
-App Service,"Ensure that 'Java version' is the latest, if used as a part of the Web app",,,,,,3.14.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_java_Latest.json
-App Service,"Ensure that 'Java version' is the latest, if used as a part of the Web app",,9.8,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_java_Latest.json
-App Service,"Ensure that 'Java version' is the latest, if used as a part of the Web app",PV-7,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_java_Latest.json
-App Service,"Ensure that 'PHP version' is the latest, if used as a part of the API app",,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_PHP_Latest.json
-App Service,"Ensure that 'PHP version' is the latest, if used as a part of the API app",,,,,,3.14.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_PHP_Latest.json
-App Service,"Ensure that 'PHP version' is the latest, if used as a part of the API app",,9.6,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_PHP_Latest.json
-App Service,"Ensure that 'PHP version' is the latest, if used as a part of the API app",PV-7,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_PHP_Latest.json
-App Service,"Ensure that 'PHP version' is the latest, if used as a part of the WEB app",,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_Webapp_Audit_PHP_Latest.json
-App Service,"Ensure that 'PHP version' is the latest, if used as a part of the WEB app",,,,,,3.14.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_Webapp_Audit_PHP_Latest.json
-App Service,"Ensure that 'PHP version' is the latest, if used as a part of the WEB app",,9.6,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_Webapp_Audit_PHP_Latest.json
-App Service,"Ensure that 'PHP version' is the latest, if used as a part of the WEB app",PV-7,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_Webapp_Audit_PHP_Latest.json
-App Service,"Ensure that 'Python version' is the latest, if used as a part of the API app",,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_python_Latest.json
-App Service,"Ensure that 'Python version' is the latest, if used as a part of the API app",,,,,,3.14.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_python_Latest.json
-App Service,"Ensure that 'Python version' is the latest, if used as a part of the API app",,9.7,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_python_Latest.json
-App Service,"Ensure that 'Python version' is the latest, if used as a part of the API app",PV-7,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_python_Latest.json
-App Service,"Ensure that 'Python version' is the latest, if used as a part of the Function app",,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_python_Latest.json
-App Service,"Ensure that 'Python version' is the latest, if used as a part of the Function app",,,,,,3.14.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_python_Latest.json
-App Service,"Ensure that 'Python version' is the latest, if used as a part of the Function app",,9.7,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_python_Latest.json
-App Service,"Ensure that 'Python version' is the latest, if used as a part of the Function app",PV-7,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_python_Latest.json
-App Service,"Ensure that 'Python version' is the latest, if used as a part of the Web app",,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_python_Latest.json
-App Service,"Ensure that 'Python version' is the latest, if used as a part of the Web app",,,,,,3.14.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_python_Latest.json
-App Service,"Ensure that 'Python version' is the latest, if used as a part of the Web app",,9.7,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_python_Latest.json
-App Service,"Ensure that 'Python version' is the latest, if used as a part of the Web app",PV-7,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_python_Latest.json
-Batch,Resource logs in Batch accounts should be enabled,,,,,,,ID : 1205.09aa2System.1 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Batch/Batch_AuditDiagnosticLog_Audit.json
-Batch,Resource logs in Batch accounts should be enabled,,5.3,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Batch/Batch_AuditDiagnosticLog_Audit.json
-Batch,Resource logs in Batch accounts should be enabled,LT-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Batch/Batch_AuditDiagnosticLog_Audit.json
+App Service,"Ensure that 'Java version' is the latest, if used as a part of the API app",PV-7,9.8,,,,3.14.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_java_Latest.json
+App Service,"Ensure that 'Java version' is the latest, if used as a part of the Function app",PV-7,9.8,,,,3.14.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_java_Latest.json
+App Service,"Ensure that 'Java version' is the latest, if used as a part of the Web app",PV-7,9.8,,,,3.14.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_java_Latest.json
+App Service,"Ensure that 'PHP version' is the latest, if used as a part of the API app",PV-7,9.6,,,,3.14.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_PHP_Latest.json
+App Service,"Ensure that 'PHP version' is the latest, if used as a part of the WEB app",PV-7,9.6,,,,3.14.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_Webapp_Audit_PHP_Latest.json
+App Service,"Ensure that 'Python version' is the latest, if used as a part of the API app",PV-7,9.7,,,,3.14.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_python_Latest.json
+App Service,"Ensure that 'Python version' is the latest, if used as a part of the Function app",PV-7,9.7,,,,3.14.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_python_Latest.json
+App Service,"Ensure that 'Python version' is the latest, if used as a part of the Web app",PV-7,9.7,,,,3.14.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_python_Latest.json
+Batch,Resource logs in Batch accounts should be enabled,LT-4,5.3,,,,,1205.09aa2System.1 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Batch/Batch_AuditDiagnosticLog_Audit.json
 Compute,Only approved VM extensions should be installed,,7.4,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/VirtualMachines_ApprovedExtensions_Audit.json
-Compute,Resource logs in Virtual Machine Scale Sets should be enabled,,,,,,,ID : 1206.09aa2System.23 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/ServiceFabric_and_VMSS_AuditVMSSDiagnostics.json
-Compute,Resource logs in Virtual Machine Scale Sets should be enabled,,5.3,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/ServiceFabric_and_VMSS_AuditVMSSDiagnostics.json
-Compute,Resource logs in Virtual Machine Scale Sets should be enabled,LT-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/ServiceFabric_and_VMSS_AuditVMSSDiagnostics.json
+Compute,Resource logs in Virtual Machine Scale Sets should be enabled,LT-4,5.3,,,,,1206.09aa2System.23 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/ServiceFabric_and_VMSS_AuditVMSSDiagnostics.json
 Data Box,Azure Data Box jobs should enable double encryption for data at rest on the device,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Box/DataBox_DoubleEncryption_Audit.json
-Data Lake,Resource logs in Azure Data Lake Store should be enabled,,,,,,,ID : 1202.09aa1System.1 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Lake/DataLakeStore_AuditDiagnosticLog_Audit.json
-Data Lake,Resource logs in Azure Data Lake Store should be enabled,,5.3,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Lake/DataLakeStore_AuditDiagnosticLog_Audit.json
-Data Lake,Resource logs in Azure Data Lake Store should be enabled,LT-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Lake/DataLakeStore_AuditDiagnosticLog_Audit.json
-Data Lake,Resource logs in Data Lake Analytics should be enabled,,,,,,,ID : 1210.09aa3System.3 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Lake/DataLakeAnalytics_AuditDiagnosticLog_Audit.json
-Data Lake,Resource logs in Data Lake Analytics should be enabled,,5.3,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Lake/DataLakeAnalytics_AuditDiagnosticLog_Audit.json
-Data Lake,Resource logs in Data Lake Analytics should be enabled,LT-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Lake/DataLakeAnalytics_AuditDiagnosticLog_Audit.json
-Event Hub,Resource logs in Event Hub should be enabled,,,,,,,ID : 1207.09aa2System.4 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Event%20Hub/EventHub_AuditDiagnosticLog_Audit.json
-Event Hub,Resource logs in Event Hub should be enabled,,5.3,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Event%20Hub/EventHub_AuditDiagnosticLog_Audit.json
-Event Hub,Resource logs in Event Hub should be enabled,LT-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Event%20Hub/EventHub_AuditDiagnosticLog_Audit.json
+Data Lake,Resource logs in Azure Data Lake Store should be enabled,LT-4,5.3,,,,,1202.09aa1System.1 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Lake/DataLakeStore_AuditDiagnosticLog_Audit.json
+Data Lake,Resource logs in Data Lake Analytics should be enabled,LT-4,5.3,,,,,1210.09aa3System.3 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Lake/DataLakeAnalytics_AuditDiagnosticLog_Audit.json
+Event Hub,Resource logs in Event Hub should be enabled,LT-4,5.3,,,,,1207.09aa2System.4 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Event%20Hub/EventHub_AuditDiagnosticLog_Audit.json
 General,Allowed locations,,,,,,,,ESS-2,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/General/AllowedLocations_Deny.json
 General,Allowed locations for resource groups,,,,,,,,ESS-2,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/General/ResourceGroupAllowedLocations_Deny.json
-Guest Configuration,Audit Linux machines that allow remote connections from accounts without passwords,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword110_AINE.json
-Guest Configuration,Audit Linux machines that allow remote connections from accounts without passwords,,,,,,,,AC-2,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword110_AINE.json
-Guest Configuration,Audit Linux machines that allow remote connections from accounts without passwords,,,,,,3.1.12,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword110_AINE.json
-Guest Configuration,Audit Linux machines that allow remote connections from accounts without passwords,,,,,AC-17 (1),,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword110_AINE.json
-Guest Configuration,Audit Linux machines that allow remote connections from accounts without passwords,,,,A.9.1.2,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword110_AINE.json
-Guest Configuration,Audit Linux machines that do not have the passwd file permissions set to 0644,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword121_AINE.json
-Guest Configuration,Audit Linux machines that do not have the passwd file permissions set to 0644,,,,,,3.5.10,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword121_AINE.json
-Guest Configuration,Audit Linux machines that do not have the passwd file permissions set to 0644,,,,,IA-5,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword121_AINE.json
-Guest Configuration,Audit Linux machines that do not have the passwd file permissions set to 0644,,,,A.9.2.4,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword121_AINE.json
-Guest Configuration,Audit Linux machines that have accounts without passwords,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword232_AINE.json
-Guest Configuration,Audit Linux machines that have accounts without passwords,,,,,,,,AC-2,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword232_AINE.json
-Guest Configuration,Audit Linux machines that have accounts without passwords,,,,,,3.5.7,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword232_AINE.json
-Guest Configuration,Audit Linux machines that have accounts without passwords,,,,,IA-5,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword232_AINE.json
-Guest Configuration,Audit Linux machines that have accounts without passwords,,,,A.9.1.2,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword232_AINE.json
-Guest Configuration,Audit Windows machines missing any of specified members in the Administrators group,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToInclude_AINE.json
-Guest Configuration,Audit Windows machines missing any of specified members in the Administrators group,,,,,,,,AC-9,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToInclude_AINE.json
-Guest Configuration,Audit Windows machines missing any of specified members in the Administrators group,,,,,,,ID : 1127.01q2System.3 - 01.q,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToInclude_AINE.json
-Guest Configuration,Audit Windows machines missing any of specified members in the Administrators group,,,,,,3.1.4,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToInclude_AINE.json
-Guest Configuration,Audit Windows machines missing any of specified members in the Administrators group,,,,,AC-6 (7),,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToInclude_AINE.json
-Guest Configuration,Audit Windows machines on which the Log Analytics agent is not connected as expected,,,,,,,ID : 1217.09ab3System.3 - 09.ab,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsLogAnalyticsAgentConnection_AINE.json
-Guest Configuration,Audit Windows machines that allow re-use of the previous 24 passwords,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordEnforce_AINE.json
-Guest Configuration,Audit Windows machines that allow re-use of the previous 24 passwords,,,,,,3.5.8,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordEnforce_AINE.json
-Guest Configuration,Audit Windows machines that allow re-use of the previous 24 passwords,,,,,IA-5 (1),,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordEnforce_AINE.json
-Guest Configuration,Audit Windows machines that allow re-use of the previous 24 passwords,,,,A.9.4.3,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordEnforce_AINE.json
-Guest Configuration,Audit Windows machines that do not contain the specified certificates in Trusted Root,,,,,,,ID : 0945.09y1Organizational.3 - 09.y,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsCertificateInTrustedRoot_AINE.json
-Guest Configuration,Audit Windows machines that do not have a maximum password age of 70 days,,,,,IA-5 (1),,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsMaximumPassword_AINE.json
-Guest Configuration,Audit Windows machines that do not have a maximum password age of 70 days,,,,A.9.4.3,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsMaximumPassword_AINE.json
-Guest Configuration,Audit Windows machines that do not have a minimum password age of 1 day,,,,,IA-5 (1),,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsMinimumPassword_AINE.json
-Guest Configuration,Audit Windows machines that do not have a minimum password age of 1 day,,,,A.9.4.3,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsMinimumPassword_AINE.json
-Guest Configuration,Audit Windows machines that do not have the password complexity setting enabled,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordComplexity_AINE.json
-Guest Configuration,Audit Windows machines that do not have the password complexity setting enabled,,,,,,3.5.7,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordComplexity_AINE.json
-Guest Configuration,Audit Windows machines that do not have the password complexity setting enabled,,,,,IA-5 (1),,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordComplexity_AINE.json
-Guest Configuration,Audit Windows machines that do not have the password complexity setting enabled,,,,A.9.4.3,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordComplexity_AINE.json
-Guest Configuration,Audit Windows machines that do not restrict the minimum password length to 14 characters,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordLength_AINE.json
-Guest Configuration,Audit Windows machines that do not restrict the minimum password length to 14 characters,,,,,,3.5.7,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordLength_AINE.json
-Guest Configuration,Audit Windows machines that do not restrict the minimum password length to 14 characters,,,,,IA-5 (1),,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordLength_AINE.json
-Guest Configuration,Audit Windows machines that do not restrict the minimum password length to 14 characters,,,,A.9.4.3,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordLength_AINE.json
-Guest Configuration,Audit Windows machines that do not store passwords using reversible encryption,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordEncryption_AINE.json
-Guest Configuration,Audit Windows machines that do not store passwords using reversible encryption,,,,,,3.5.10,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordEncryption_AINE.json
-Guest Configuration,Audit Windows machines that do not store passwords using reversible encryption,,,,,IA-5 (1),,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordEncryption_AINE.json
-Guest Configuration,Audit Windows machines that do not store passwords using reversible encryption,,,,A.10.1.1,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordEncryption_AINE.json
-Guest Configuration,Audit Windows machines that have extra accounts in the Administrators group,,,,,,,,AC-9,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembers_AINE.json
-Guest Configuration,Audit Windows machines that have extra accounts in the Administrators group,,,,,,,ID : 1123.01q1System.2 - 01.q,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembers_AINE.json
-Guest Configuration,Audit Windows machines that have the specified members in the Administrators group,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToExclude_AINE.json
-Guest Configuration,Audit Windows machines that have the specified members in the Administrators group,,,,,,,,AC-9,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToExclude_AINE.json
-Guest Configuration,Audit Windows machines that have the specified members in the Administrators group,,,,,,,ID : 1125.01q2System.1 - 01.q,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToExclude_AINE.json
-Guest Configuration,Audit Windows machines that have the specified members in the Administrators group,,,,,,3.1.4,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToExclude_AINE.json
-Guest Configuration,Audit Windows machines that have the specified members in the Administrators group,,,,,AC-6 (7),,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToExclude_AINE.json
-Guest Configuration,Windows Defender Exploit Guard should be enabled on your machines,,,,,,,,DM-4,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsDefenderExploitGuard_AINE.json
-Guest Configuration,Windows Defender Exploit Guard should be enabled on your machines,ES-2,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsDefenderExploitGuard_AINE.json
-Guest Configuration,Windows machines should meet requirements for 'Security Options - Accounts',,,,,,,ID : 1148.01c2System.78 - 01.c,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsAccounts_AINE.json
-Guest Configuration,Windows machines should meet requirements for 'Security Options - Audit',,,,,,,ID : 0605.10h1System.12 - 10.h,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsAudit_AINE.json
-Guest Configuration,Windows machines should meet requirements for 'Security Options - Microsoft Network Server',,,,,,,ID : 0709.10m1Organizational.1 - 10.m,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsMicrosoftNetworkServer_AINE.json
-Guest Configuration,Windows machines should meet requirements for 'Security Options - Network Access',,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsNetworkAccess_AINE.json
-Guest Configuration,Windows machines should meet requirements for 'Security Options - Network Access',,,,,,,ID : 0861.09m2Organizational.67 - 09.m,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsNetworkAccess_AINE.json
-Guest Configuration,Windows machines should meet requirements for 'Security Options - Network Security',,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsNetworkSecurity_AINE.json
+Guest Configuration,Audit Linux machines that allow remote connections from accounts without passwords,,,,A.9.1.2,AC-17 (1),3.1.12,,AC-2,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword110_AINE.json
+Guest Configuration,Audit Linux machines that do not have the passwd file permissions set to 0644,,,,A.9.2.4,IA-5,3.5.10,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword121_AINE.json
+Guest Configuration,Audit Linux machines that have accounts without passwords,,,,A.9.1.2,IA-5,3.5.7,,AC-2,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword232_AINE.json
+Guest Configuration,Audit Windows machines missing any of specified members in the Administrators group,,,,,AC-6 (7),3.1.4,1127.01q2System.3 - 01.q,AC-9,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToInclude_AINE.json
+Guest Configuration,Audit Windows machines on which the Log Analytics agent is not connected as expected,,,,,,,1217.09ab3System.3 - 09.ab,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsLogAnalyticsAgentConnection_AINE.json
+Guest Configuration,Audit Windows machines that allow re-use of the previous 24 passwords,,,,A.9.4.3,IA-5 (1),3.5.8,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordEnforce_AINE.json
+Guest Configuration,Audit Windows machines that do not contain the specified certificates in Trusted Root,,,,,,,0945.09y1Organizational.3 - 09.y,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsCertificateInTrustedRoot_AINE.json
+Guest Configuration,Audit Windows machines that do not have a maximum password age of 70 days,,,,A.9.4.3,IA-5 (1),,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsMaximumPassword_AINE.json
+Guest Configuration,Audit Windows machines that do not have a minimum password age of 1 day,,,,A.9.4.3,IA-5 (1),,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsMinimumPassword_AINE.json
+Guest Configuration,Audit Windows machines that do not have the password complexity setting enabled,,,,A.9.4.3,IA-5 (1),3.5.7,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordComplexity_AINE.json
+Guest Configuration,Audit Windows machines that do not restrict the minimum password length to 14 characters,,,,A.9.4.3,IA-5 (1),3.5.7,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordLength_AINE.json
+Guest Configuration,Audit Windows machines that do not store passwords using reversible encryption,,,,A.10.1.1,IA-5 (1),3.5.10,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordEncryption_AINE.json
+Guest Configuration,Audit Windows machines that have extra accounts in the Administrators group,,,,,,,1123.01q1System.2 - 01.q,AC-9,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembers_AINE.json
+Guest Configuration,Audit Windows machines that have the specified members in the Administrators group,,,,,AC-6 (7),3.1.4,1125.01q2System.1 - 01.q,AC-9,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToExclude_AINE.json
+Guest Configuration,Windows Defender Exploit Guard should be enabled on your machines,ES-2,,,,,,,DM-4,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsDefenderExploitGuard_AINE.json
+Guest Configuration,Windows machines should meet requirements for 'Security Options - Accounts',,,,,,,1148.01c2System.78 - 01.c,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsAccounts_AINE.json
+Guest Configuration,Windows machines should meet requirements for 'Security Options - Audit',,,,,,,0605.10h1System.12 - 10.h,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsAudit_AINE.json
+Guest Configuration,Windows machines should meet requirements for 'Security Options - Microsoft Network Server',,,,,,,0709.10m1Organizational.1 - 10.m,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsMicrosoftNetworkServer_AINE.json
+Guest Configuration,Windows machines should meet requirements for 'Security Options - Network Access',,,,,,,0861.09m2Organizational.67 - 09.m,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsNetworkAccess_AINE.json
 Guest Configuration,Windows machines should meet requirements for 'Security Options - Network Security',,,,,,3.5.10,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsNetworkSecurity_AINE.json
-Guest Configuration,Windows machines should meet requirements for 'Security Options - Recovery console',,,,,,,ID : 1637.12b2Organizational.2 - 12.b,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsRecoveryconsole_AINE.json
-Guest Configuration,Windows machines should meet requirements for 'Security Options - User Account Control',,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsUserAccountControl_AINE.json
-Guest Configuration,Windows machines should meet requirements for 'Security Options - User Account Control',,,,,,,ID : 1277.09c2Organizational.4 - 09.c,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsUserAccountControl_AINE.json
+Guest Configuration,Windows machines should meet requirements for 'Security Options - Recovery console',,,,,,,1637.12b2Organizational.2 - 12.b,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsRecoveryconsole_AINE.json
+Guest Configuration,Windows machines should meet requirements for 'Security Options - User Account Control',,,,,,,1277.09c2Organizational.4 - 09.c,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsUserAccountControl_AINE.json
 Guest Configuration,Windows machines should meet requirements for 'Security Settings - Account Policies',,,,,,,,AC-4,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecuritySettingsAccountPolicies_AINE.json
-Guest Configuration,Windows machines should meet requirements for 'System Audit Policies - Account Management',,,,,,,ID : 0605.10h1System.12 - 10.h,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SystemAuditPoliciesAccountManagement_AINE.json
-Guest Configuration,Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking',,,,,,,ID : 0644.10k3Organizational.4 - 10.k,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SystemAuditPoliciesDetailedTracking_AINE.json
+Guest Configuration,Windows machines should meet requirements for 'System Audit Policies - Account Management',,,,,,,0605.10h1System.12 - 10.h,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SystemAuditPoliciesAccountManagement_AINE.json
+Guest Configuration,Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking',,,,,,,0644.10k3Organizational.4 - 10.k,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SystemAuditPoliciesDetailedTracking_AINE.json
 Guest Configuration,Windows machines should meet requirements for 'System Audit Policies - Policy Change',,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SystemAuditPoliciesPolicyChange_AINE.json
 Guest Configuration,Windows machines should meet requirements for 'System Audit Policies - Privilege Use',,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SystemAuditPoliciesPrivilegeUse_AINE.json
-Guest Configuration,Windows machines should meet requirements for 'User Rights Assignment',,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_UserRightsAssignment_AINE.json
-Guest Configuration,Windows machines should meet requirements for 'User Rights Assignment',,,,,,,ID : 1232.09c3Organizational.12 - 09.c,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_UserRightsAssignment_AINE.json
-Guest Configuration,Windows machines should meet requirements for 'Windows Firewall Properties',,,,,,,ID : 0858.09m1Organizational.4 - 09.m,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsFirewallProperties_AINE.json
-Guest Configuration,Windows web servers should be configured to use secure communication protocols,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecureWebProtocol_AINE.json
-Guest Configuration,Windows web servers should be configured to use secure communication protocols,,,,,,,,DM-6,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecureWebProtocol_AINE.json
-Guest Configuration,Windows web servers should be configured to use secure communication protocols,,,,,,3.13.8,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecureWebProtocol_AINE.json
-Guest Configuration,Windows web servers should be configured to use secure communication protocols,,,,,SC-8 (1),,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecureWebProtocol_AINE.json
-Guest Configuration,Windows web servers should be configured to use secure communication protocols,DP-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecureWebProtocol_AINE.json
+Guest Configuration,Windows machines should meet requirements for 'User Rights Assignment',,,,,,,1232.09c3Organizational.12 - 09.c,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_UserRightsAssignment_AINE.json
+Guest Configuration,Windows machines should meet requirements for 'Windows Firewall Properties',,,,,,,0858.09m1Organizational.4 - 09.m,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsFirewallProperties_AINE.json
+Guest Configuration,Windows web servers should be configured to use secure communication protocols,DP-4,,,,SC-8 (1),3.13.8,,DM-6,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecureWebProtocol_AINE.json
 Guest Configuration,[Preview]: Linux machines should meet requirements for the Azure security baseline,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AzureLinuxBaseline_AINE.json
-Internet of Things,Resource logs in IoT Hub should be enabled,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Internet%20of%20Things/IoTHub_AuditDiagnosticLog_Audit.json
-Internet of Things,Resource logs in IoT Hub should be enabled,,,,,,,ID : 1204.09aa1System.3 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Internet%20of%20Things/IoTHub_AuditDiagnosticLog_Audit.json
-Internet of Things,Resource logs in IoT Hub should be enabled,,5.3,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Internet%20of%20Things/IoTHub_AuditDiagnosticLog_Audit.json
-Internet of Things,Resource logs in IoT Hub should be enabled,LT-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Internet%20of%20Things/IoTHub_AuditDiagnosticLog_Audit.json
-Key Vault,Resource logs in Azure Key Vault Managed HSM should be enabled,,,,,,,ID : 1211.09aa3System.4 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/ManagedHsm_AuditDiagnosticLog_Audit.json
-Key Vault,Resource logs in Key Vault should be enabled,,,,,,,ID : 1211.09aa3System.4 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/KeyVault_AuditDiagnosticLog_Audit.json
-Key Vault,Resource logs in Key Vault should be enabled,,5.3,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/KeyVault_AuditDiagnosticLog_Audit.json
-Key Vault,Resource logs in Key Vault should be enabled,LT-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/KeyVault_AuditDiagnosticLog_Audit.json
+Internet of Things,Resource logs in IoT Hub should be enabled,LT-4,5.3,,,,,1204.09aa1System.3 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Internet%20of%20Things/IoTHub_AuditDiagnosticLog_Audit.json
+Key Vault,Resource logs in Azure Key Vault Managed HSM should be enabled,,,,,,,1211.09aa3System.4 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/ManagedHsm_AuditDiagnosticLog_Audit.json
+Key Vault,Resource logs in Key Vault should be enabled,LT-4,5.3,,,,,1211.09aa3System.4 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/KeyVault_AuditDiagnosticLog_Audit.json
 Key Vault,[Preview]: Certificates using RSA cryptography should have the specified minimum key size,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/Certificates_RSA_MinimumKeySize.json
 Key Vault,[Preview]: Keys should be the specified cryptographic type RSA or EC,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/Keys_AllowedKeyTypes.json
 Key Vault,[Preview]: Keys using RSA cryptography should have a specified minimum key size,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/Keys_RSA_MinimumKeySize.json
@@ -149,60 +67,23 @@ Kubernetes,Kubernetes cluster containers should only use allowed capabilities,PV
 Kubernetes,Kubernetes cluster containers should run with a read only root file system,PV-2,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ReadOnlyRootFileSystem.json
 Kubernetes,Kubernetes cluster pod hostPath volumes should only use allowed host paths,PV-2,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/AllowedHostPaths.json
 Kubernetes,Kubernetes cluster pods and containers should only run with approved user and group IDs,PV-2,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/AllowedUsersGroups.json
-Kubernetes,Kubernetes cluster pods should only use approved host network and port range,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/HostNetworkPorts.json
 Kubernetes,Kubernetes cluster pods should only use approved host network and port range,PV-2,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/HostNetworkPorts.json
 Kubernetes,Kubernetes clusters should be accessible only over HTTPS,DP-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/IngressHttpsOnly.json
 Kubernetes,Kubernetes clusters should not allow container privilege escalation,PV-2,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ContainerNoPrivilegeEscalation.json
-Logic Apps,Resource logs in Logic Apps should be enabled,,,,,,,ID : 1203.09aa1System.2 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Logic%20Apps/LogicApps_AuditDiagnosticLog_Audit.json
-Logic Apps,Resource logs in Logic Apps should be enabled,,5.3,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Logic%20Apps/LogicApps_AuditDiagnosticLog_Audit.json
-Logic Apps,Resource logs in Logic Apps should be enabled,LT-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Logic%20Apps/LogicApps_AuditDiagnosticLog_Audit.json
-Monitoring,An activity log alert should exist for specific Administrative operations,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_AdministrativeOperations_Audit.json
-Monitoring,An activity log alert should exist for specific Administrative operations,,,,,,,ID : 1271.09ad1System.1 - 09.ad,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_AdministrativeOperations_Audit.json
-Monitoring,An activity log alert should exist for specific Administrative operations,,5.2.9,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_AdministrativeOperations_Audit.json
-Monitoring,An activity log alert should exist for specific Policy operations,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_PolicyOperations_Audit.json
+Logic Apps,Resource logs in Logic Apps should be enabled,LT-4,5.3,,,,,1203.09aa1System.2 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Logic%20Apps/LogicApps_AuditDiagnosticLog_Audit.json
+Monitoring,An activity log alert should exist for specific Administrative operations,,5.2.9,,,,,1271.09ad1System.1 - 09.ad,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_AdministrativeOperations_Audit.json
 Monitoring,An activity log alert should exist for specific Policy operations,,5.2.2,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_PolicyOperations_Audit.json
-Monitoring,An activity log alert should exist for specific Security operations,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_SecurityOperations_Audit.json
 Monitoring,An activity log alert should exist for specific Security operations,,5.2.8,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_SecurityOperations_Audit.json
 Monitoring,Audit Dependency agent deployment - VM Image (OS) unlisted,,,,A.12.4.4,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DependencyAgent_OSImage_Audit.json
 Monitoring,Audit Dependency agent deployment in virtual machine scale sets - VM Image (OS) unlisted,,,,A.12.4.4,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DependencyAgent_OSImage_VMSS_Audit.json
-Monitoring,Audit Log Analytics agent deployment in virtual machine scale sets - VM Image (OS) unlisted,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/LogAnalytics_OSImage_VMSS_Audit.json
-Monitoring,Audit Log Analytics agent deployment in virtual machine scale sets - VM Image (OS) unlisted,,,,,,,,AC-14,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/LogAnalytics_OSImage_VMSS_Audit.json
-Monitoring,Audit Log Analytics agent deployment in virtual machine scale sets - VM Image (OS) unlisted,,,,,,3.3.2,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/LogAnalytics_OSImage_VMSS_Audit.json
-Monitoring,Audit Log Analytics agent deployment in virtual machine scale sets - VM Image (OS) unlisted,,,,,SI-4,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/LogAnalytics_OSImage_VMSS_Audit.json
-Monitoring,Audit Log Analytics agent deployment in virtual machine scale sets - VM Image (OS) unlisted,,,,A.12.4.4,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/LogAnalytics_OSImage_VMSS_Audit.json
-Monitoring,Audit Log Analytics workspace for VM - Report Mismatch,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/LogAnalytics_WorkspaceMismatch_VM_Audit.json
-Monitoring,Audit Log Analytics workspace for VM - Report Mismatch,,,,,,,,AC-14,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/LogAnalytics_WorkspaceMismatch_VM_Audit.json
-Monitoring,Audit Log Analytics workspace for VM - Report Mismatch,,,,,,3.3.2,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/LogAnalytics_WorkspaceMismatch_VM_Audit.json
-Monitoring,Audit Log Analytics workspace for VM - Report Mismatch,,,,,SI-4,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/LogAnalytics_WorkspaceMismatch_VM_Audit.json
-Monitoring,Audit diagnostic setting,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DiagnosticSettingsForTypes_Audit.json
-Monitoring,Audit diagnostic setting,,,,,,,,DM-6,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DiagnosticSettingsForTypes_Audit.json
-Monitoring,Audit diagnostic setting,,,,,,,ID : 1210.09aa3System.3 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DiagnosticSettingsForTypes_Audit.json
-Monitoring,Audit diagnostic setting,,,,,,3.3.4,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DiagnosticSettingsForTypes_Audit.json
-Monitoring,Audit diagnostic setting,,,,,AU-12,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DiagnosticSettingsForTypes_Audit.json
-Monitoring,Audit diagnostic setting,,,,A.12.4.4,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DiagnosticSettingsForTypes_Audit.json
-Network,Network Watcher should be enabled,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkWatcher_Enabled_Audit.json
-Network,Network Watcher should be enabled,,,,,,,ID : 0888.09n2Organizational.6 - 09.n,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkWatcher_Enabled_Audit.json
-Network,Network Watcher should be enabled,,,,,,3.14.6,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkWatcher_Enabled_Audit.json
-Network,Network Watcher should be enabled,,6.5,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkWatcher_Enabled_Audit.json
-Network,Network Watcher should be enabled,LT-3,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkWatcher_Enabled_Audit.json
-Network,Virtual machines should be connected to an approved virtual network,,,,,,,ID : 0814.01n1Organizational.12 - 01.n,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/ApprovedVirtualNetwork_Audit.json
-Network,Web Application Firewall (WAF) should use the specified mode for Application Gateway,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/WAF_AppGatewayMode_Audit.json
+Monitoring,Audit Log Analytics agent deployment in virtual machine scale sets - VM Image (OS) unlisted,,,,A.12.4.4,SI-4,3.3.2,,AC-14,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/LogAnalytics_OSImage_VMSS_Audit.json
+Monitoring,Audit Log Analytics workspace for VM - Report Mismatch,,,,,SI-4,3.3.2,,AC-14,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/LogAnalytics_WorkspaceMismatch_VM_Audit.json
+Monitoring,Audit diagnostic setting,,,,A.12.4.4,AU-12,3.3.4,1210.09aa3System.3 - 09.aa,DM-6,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DiagnosticSettingsForTypes_Audit.json
+Network,Network Watcher should be enabled,LT-3,6.5,,,,3.14.6,0888.09n2Organizational.6 - 09.n,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkWatcher_Enabled_Audit.json
+Network,Virtual machines should be connected to an approved virtual network,,,,,,,0814.01n1Organizational.12 - 01.n,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/ApprovedVirtualNetwork_Audit.json
 Network,Web Application Firewall (WAF) should use the specified mode for Application Gateway,,,,,,,,NS-7,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/WAF_AppGatewayMode_Audit.json
-Network,Web Application Firewall (WAF) should use the specified mode for Azure Front Door Service,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/WAF_AFD_Mode_Audit.json
 Network,Web Application Firewall (WAF) should use the specified mode for Azure Front Door Service,,,,,,,,NS-7,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/WAF_AFD_Mode_Audit.json
-SQL,Auditing on SQL server should be enabled,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServerAuditing_Audit.json
-SQL,Auditing on SQL server should be enabled,,,,,,,ID : 1211.09aa3System.4 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServerAuditing_Audit.json
-SQL,Auditing on SQL server should be enabled,,,,,,3.3.4,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServerAuditing_Audit.json
-SQL,Auditing on SQL server should be enabled,,,,,AU-12,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServerAuditing_Audit.json
-SQL,Auditing on SQL server should be enabled,,,,A.12.4.4,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServerAuditing_Audit.json
-SQL,Auditing on SQL server should be enabled,,4.1.1,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServerAuditing_Audit.json
-SQL,Auditing on SQL server should be enabled,LT-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServerAuditing_Audit.json
-Search,Resource logs in Search services should be enabled,,,,,,,ID : 1208.09aa3System.1 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Search/Search_AuditDiagnosticLog_Audit.json
-Search,Resource logs in Search services should be enabled,,5.3,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Search/Search_AuditDiagnosticLog_Audit.json
-Search,Resource logs in Search services should be enabled,LT-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Search/Search_AuditDiagnosticLog_Audit.json
-Service Bus,Resource logs in Service Bus should be enabled,,,,,,,ID : 1208.09aa3System.1 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Service%20Bus/ServiceBus_AuditDiagnosticLog_Audit.json
-Service Bus,Resource logs in Service Bus should be enabled,,5.3,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Service%20Bus/ServiceBus_AuditDiagnosticLog_Audit.json
-Service Bus,Resource logs in Service Bus should be enabled,LT-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Service%20Bus/ServiceBus_AuditDiagnosticLog_Audit.json
-Stream Analytics,Resource logs in Azure Stream Analytics should be enabled,,,,,,,ID : 1207.09aa2System.4 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Stream%20Analytics/StreamAnalytics_AuditDiagnosticLog_Audit.json
-Stream Analytics,Resource logs in Azure Stream Analytics should be enabled,,5.3,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Stream%20Analytics/StreamAnalytics_AuditDiagnosticLog_Audit.json
-Stream Analytics,Resource logs in Azure Stream Analytics should be enabled,LT-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Stream%20Analytics/StreamAnalytics_AuditDiagnosticLog_Audit.json
+SQL,Auditing on SQL server should be enabled,LT-4,4.1.1,,A.12.4.4,AU-12,3.3.4,1211.09aa3System.4 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServerAuditing_Audit.json
+Search,Resource logs in Search services should be enabled,LT-4,5.3,,,,,1208.09aa3System.1 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Search/Search_AuditDiagnosticLog_Audit.json
+Service Bus,Resource logs in Service Bus should be enabled,LT-4,5.3,,,,,1208.09aa3System.1 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Service%20Bus/ServiceBus_AuditDiagnosticLog_Audit.json
+Stream Analytics,Resource logs in Azure Stream Analytics should be enabled,LT-4,5.3,,,,,1207.09aa2System.4 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Stream%20Analytics/StreamAnalytics_AuditDiagnosticLog_Audit.json
diff --git a/docs/params-optional.md b/docs/params-optional.md
index ab3db50..cdb4cc5 100644
--- a/docs/params-optional.md
+++ b/docs/params-optional.md
@@ -1,209 +1,90 @@
-| Service             | Policy Definition                                                                                                                                                                                                                                                             | Azure Security Benchmark   | CIS   | CCMC L3   | ISO 27001   | NIST SP 800-53 R4   | NIST SP 800-171 R2   | HIPAA HITRUST 9.2                      | New Zealand ISM   |
-|---------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------|-------|-----------|-------------|---------------------|----------------------|----------------------------------------|-------------------|
-| API Management      | [API Management services should use a virtual network](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/API%20Management/ApiManagement_VNETEnabled_Audit.json)                                                                           | NS-1                       |       |           |             |                     |                      |                                        |                   |
-| App Platform        | [Azure Spring Cloud should use network injection](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Platform/Spring_VNETEnabled_Audit.json)                                                                                         | NS-2                       |       |           |             |                     |                      |                                        |                   |
-| App Service         | [Ensure that 'Java version' is the latest, if used as a part of the API app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_java_Latest.json)                                                    |                            |       |           |             |                     |                      |                                        |                   |
-| App Service         | [Ensure that 'Java version' is the latest, if used as a part of the API app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_java_Latest.json)                                                    |                            |       |           |             |                     | 3.14.1               |                                        |                   |
-| App Service         | [Ensure that 'Java version' is the latest, if used as a part of the API app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_java_Latest.json)                                                    |                            | 9.8   |           |             |                     |                      |                                        |                   |
-| App Service         | [Ensure that 'Java version' is the latest, if used as a part of the API app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_java_Latest.json)                                                    | PV-7                       |       |           |             |                     |                      |                                        |                   |
-| App Service         | [Ensure that 'Java version' is the latest, if used as a part of the Function app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_java_Latest.json)                                          |                            |       |           |             |                     |                      |                                        |                   |
-| App Service         | [Ensure that 'Java version' is the latest, if used as a part of the Function app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_java_Latest.json)                                          |                            |       |           |             |                     | 3.14.1               |                                        |                   |
-| App Service         | [Ensure that 'Java version' is the latest, if used as a part of the Function app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_java_Latest.json)                                          |                            | 9.8   |           |             |                     |                      |                                        |                   |
-| App Service         | [Ensure that 'Java version' is the latest, if used as a part of the Function app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_java_Latest.json)                                          | PV-7                       |       |           |             |                     |                      |                                        |                   |
-| App Service         | [Ensure that 'Java version' is the latest, if used as a part of the Web app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_java_Latest.json)                                                    |                            |       |           |             |                     |                      |                                        |                   |
-| App Service         | [Ensure that 'Java version' is the latest, if used as a part of the Web app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_java_Latest.json)                                                    |                            |       |           |             |                     | 3.14.1               |                                        |                   |
-| App Service         | [Ensure that 'Java version' is the latest, if used as a part of the Web app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_java_Latest.json)                                                    |                            | 9.8   |           |             |                     |                      |                                        |                   |
-| App Service         | [Ensure that 'Java version' is the latest, if used as a part of the Web app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_java_Latest.json)                                                    | PV-7                       |       |           |             |                     |                      |                                        |                   |
-| App Service         | [Ensure that 'PHP version' is the latest, if used as a part of the API app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_PHP_Latest.json)                                                      |                            |       |           |             |                     |                      |                                        |                   |
-| App Service         | [Ensure that 'PHP version' is the latest, if used as a part of the API app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_PHP_Latest.json)                                                      |                            |       |           |             |                     | 3.14.1               |                                        |                   |
-| App Service         | [Ensure that 'PHP version' is the latest, if used as a part of the API app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_PHP_Latest.json)                                                      |                            | 9.6   |           |             |                     |                      |                                        |                   |
-| App Service         | [Ensure that 'PHP version' is the latest, if used as a part of the API app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_PHP_Latest.json)                                                      | PV-7                       |       |           |             |                     |                      |                                        |                   |
-| App Service         | [Ensure that 'PHP version' is the latest, if used as a part of the WEB app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_Webapp_Audit_PHP_Latest.json)                                                      |                            |       |           |             |                     |                      |                                        |                   |
-| App Service         | [Ensure that 'PHP version' is the latest, if used as a part of the WEB app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_Webapp_Audit_PHP_Latest.json)                                                      |                            |       |           |             |                     | 3.14.1               |                                        |                   |
-| App Service         | [Ensure that 'PHP version' is the latest, if used as a part of the WEB app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_Webapp_Audit_PHP_Latest.json)                                                      |                            | 9.6   |           |             |                     |                      |                                        |                   |
-| App Service         | [Ensure that 'PHP version' is the latest, if used as a part of the WEB app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_Webapp_Audit_PHP_Latest.json)                                                      | PV-7                       |       |           |             |                     |                      |                                        |                   |
-| App Service         | [Ensure that 'Python version' is the latest, if used as a part of the API app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_python_Latest.json)                                                |                            |       |           |             |                     |                      |                                        |                   |
-| App Service         | [Ensure that 'Python version' is the latest, if used as a part of the API app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_python_Latest.json)                                                |                            |       |           |             |                     | 3.14.1               |                                        |                   |
-| App Service         | [Ensure that 'Python version' is the latest, if used as a part of the API app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_python_Latest.json)                                                |                            | 9.7   |           |             |                     |                      |                                        |                   |
-| App Service         | [Ensure that 'Python version' is the latest, if used as a part of the API app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_python_Latest.json)                                                | PV-7                       |       |           |             |                     |                      |                                        |                   |
-| App Service         | [Ensure that 'Python version' is the latest, if used as a part of the Function app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_python_Latest.json)                                      |                            |       |           |             |                     |                      |                                        |                   |
-| App Service         | [Ensure that 'Python version' is the latest, if used as a part of the Function app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_python_Latest.json)                                      |                            |       |           |             |                     | 3.14.1               |                                        |                   |
-| App Service         | [Ensure that 'Python version' is the latest, if used as a part of the Function app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_python_Latest.json)                                      |                            | 9.7   |           |             |                     |                      |                                        |                   |
-| App Service         | [Ensure that 'Python version' is the latest, if used as a part of the Function app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_python_Latest.json)                                      | PV-7                       |       |           |             |                     |                      |                                        |                   |
-| App Service         | [Ensure that 'Python version' is the latest, if used as a part of the Web app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_python_Latest.json)                                                |                            |       |           |             |                     |                      |                                        |                   |
-| App Service         | [Ensure that 'Python version' is the latest, if used as a part of the Web app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_python_Latest.json)                                                |                            |       |           |             |                     | 3.14.1               |                                        |                   |
-| App Service         | [Ensure that 'Python version' is the latest, if used as a part of the Web app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_python_Latest.json)                                                |                            | 9.7   |           |             |                     |                      |                                        |                   |
-| App Service         | [Ensure that 'Python version' is the latest, if used as a part of the Web app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_python_Latest.json)                                                | PV-7                       |       |           |             |                     |                      |                                        |                   |
-| Batch               | [Resource logs in Batch accounts should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Batch/Batch_AuditDiagnosticLog_Audit.json)                                                                                          |                            |       |           |             |                     |                      | ID : 1205.09aa2System.1 - 09.aa        |                   |
-| Batch               | [Resource logs in Batch accounts should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Batch/Batch_AuditDiagnosticLog_Audit.json)                                                                                          |                            | 5.3   |           |             |                     |                      |                                        |                   |
-| Batch               | [Resource logs in Batch accounts should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Batch/Batch_AuditDiagnosticLog_Audit.json)                                                                                          | LT-4                       |       |           |             |                     |                      |                                        |                   |
-| Compute             | [Only approved VM extensions should be installed](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/VirtualMachines_ApprovedExtensions_Audit.json)                                                                                |                            | 7.4   |           |             |                     |                      |                                        |                   |
-| Compute             | [Resource logs in Virtual Machine Scale Sets should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/ServiceFabric_and_VMSS_AuditVMSSDiagnostics.json)                                                               |                            |       |           |             |                     |                      | ID : 1206.09aa2System.23 - 09.aa       |                   |
-| Compute             | [Resource logs in Virtual Machine Scale Sets should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/ServiceFabric_and_VMSS_AuditVMSSDiagnostics.json)                                                               |                            | 5.3   |           |             |                     |                      |                                        |                   |
-| Compute             | [Resource logs in Virtual Machine Scale Sets should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/ServiceFabric_and_VMSS_AuditVMSSDiagnostics.json)                                                               | LT-4                       |       |           |             |                     |                      |                                        |                   |
-| Data Box            | [Azure Data Box jobs should enable double encryption for data at rest on the device](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Box/DataBox_DoubleEncryption_Audit.json)                                                    |                            |       |           |             |                     |                      |                                        |                   |
-| Data Lake           | [Resource logs in Azure Data Lake Store should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Lake/DataLakeStore_AuditDiagnosticLog_Audit.json)                                                                     |                            |       |           |             |                     |                      | ID : 1202.09aa1System.1 - 09.aa        |                   |
-| Data Lake           | [Resource logs in Azure Data Lake Store should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Lake/DataLakeStore_AuditDiagnosticLog_Audit.json)                                                                     |                            | 5.3   |           |             |                     |                      |                                        |                   |
-| Data Lake           | [Resource logs in Azure Data Lake Store should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Lake/DataLakeStore_AuditDiagnosticLog_Audit.json)                                                                     | LT-4                       |       |           |             |                     |                      |                                        |                   |
-| Data Lake           | [Resource logs in Data Lake Analytics should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Lake/DataLakeAnalytics_AuditDiagnosticLog_Audit.json)                                                                   |                            |       |           |             |                     |                      | ID : 1210.09aa3System.3 - 09.aa        |                   |
-| Data Lake           | [Resource logs in Data Lake Analytics should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Lake/DataLakeAnalytics_AuditDiagnosticLog_Audit.json)                                                                   |                            | 5.3   |           |             |                     |                      |                                        |                   |
-| Data Lake           | [Resource logs in Data Lake Analytics should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Lake/DataLakeAnalytics_AuditDiagnosticLog_Audit.json)                                                                   | LT-4                       |       |           |             |                     |                      |                                        |                   |
-| Event Hub           | [Resource logs in Event Hub should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Event%20Hub/EventHub_AuditDiagnosticLog_Audit.json)                                                                                      |                            |       |           |             |                     |                      | ID : 1207.09aa2System.4 - 09.aa        |                   |
-| Event Hub           | [Resource logs in Event Hub should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Event%20Hub/EventHub_AuditDiagnosticLog_Audit.json)                                                                                      |                            | 5.3   |           |             |                     |                      |                                        |                   |
-| Event Hub           | [Resource logs in Event Hub should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Event%20Hub/EventHub_AuditDiagnosticLog_Audit.json)                                                                                      | LT-4                       |       |           |             |                     |                      |                                        |                   |
-| General             | [Allowed locations for resource groups](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/General/ResourceGroupAllowedLocations_Deny.json)                                                                                                |                            |       |           |             |                     |                      |                                        | ESS-2             |
-| General             | [Allowed locations](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/General/AllowedLocations_Deny.json)                                                                                                                                 |                            |       |           |             |                     |                      |                                        | ESS-2             |
-| Guest Configuration | [Audit Linux machines that allow remote connections from accounts without passwords](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword110_AINE.json)                               |                            |       |           |             |                     |                      |                                        |                   |
-| Guest Configuration | [Audit Linux machines that allow remote connections from accounts without passwords](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword110_AINE.json)                               |                            |       |           |             |                     |                      |                                        | AC-2              |
-| Guest Configuration | [Audit Linux machines that allow remote connections from accounts without passwords](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword110_AINE.json)                               |                            |       |           |             |                     | 3.1.12               |                                        |                   |
-| Guest Configuration | [Audit Linux machines that allow remote connections from accounts without passwords](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword110_AINE.json)                               |                            |       |           |             | AC-17 (1)           |                      |                                        |                   |
-| Guest Configuration | [Audit Linux machines that allow remote connections from accounts without passwords](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword110_AINE.json)                               |                            |       |           | A.9.1.2     |                     |                      |                                        |                   |
-| Guest Configuration | [Audit Linux machines that do not have the passwd file permissions set to 0644](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword121_AINE.json)                                    |                            |       |           |             |                     |                      |                                        |                   |
-| Guest Configuration | [Audit Linux machines that do not have the passwd file permissions set to 0644](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword121_AINE.json)                                    |                            |       |           |             |                     | 3.5.10               |                                        |                   |
-| Guest Configuration | [Audit Linux machines that do not have the passwd file permissions set to 0644](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword121_AINE.json)                                    |                            |       |           |             | IA-5                |                      |                                        |                   |
-| Guest Configuration | [Audit Linux machines that do not have the passwd file permissions set to 0644](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword121_AINE.json)                                    |                            |       |           | A.9.2.4     |                     |                      |                                        |                   |
-| Guest Configuration | [Audit Linux machines that have accounts without passwords](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword232_AINE.json)                                                        |                            |       |           |             |                     |                      |                                        |                   |
-| Guest Configuration | [Audit Linux machines that have accounts without passwords](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword232_AINE.json)                                                        |                            |       |           |             |                     |                      |                                        | AC-2              |
-| Guest Configuration | [Audit Linux machines that have accounts without passwords](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword232_AINE.json)                                                        |                            |       |           |             |                     | 3.5.7                |                                        |                   |
-| Guest Configuration | [Audit Linux machines that have accounts without passwords](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword232_AINE.json)                                                        |                            |       |           |             | IA-5                |                      |                                        |                   |
-| Guest Configuration | [Audit Linux machines that have accounts without passwords](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword232_AINE.json)                                                        |                            |       |           | A.9.1.2     |                     |                      |                                        |                   |
-| Guest Configuration | [Audit Windows machines missing any of specified members in the Administrators group](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToInclude_AINE.json)           |                            |       |           |             |                     |                      |                                        |                   |
-| Guest Configuration | [Audit Windows machines missing any of specified members in the Administrators group](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToInclude_AINE.json)           |                            |       |           |             |                     |                      |                                        | AC-9              |
-| Guest Configuration | [Audit Windows machines missing any of specified members in the Administrators group](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToInclude_AINE.json)           |                            |       |           |             |                     |                      | ID : 1127.01q2System.3 - 01.q          |                   |
-| Guest Configuration | [Audit Windows machines missing any of specified members in the Administrators group](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToInclude_AINE.json)           |                            |       |           |             |                     | 3.1.4                |                                        |                   |
-| Guest Configuration | [Audit Windows machines missing any of specified members in the Administrators group](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToInclude_AINE.json)           |                            |       |           |             | AC-6 (7)            |                      |                                        |                   |
-| Guest Configuration | [Audit Windows machines on which the Log Analytics agent is not connected as expected](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsLogAnalyticsAgentConnection_AINE.json)           |                            |       |           |             |                     |                      | ID : 1217.09ab3System.3 - 09.ab        |                   |
-| Guest Configuration | [Audit Windows machines that allow re-use of the previous 24 passwords](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordEnforce_AINE.json)                                      |                            |       |           |             |                     |                      |                                        |                   |
-| Guest Configuration | [Audit Windows machines that allow re-use of the previous 24 passwords](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordEnforce_AINE.json)                                      |                            |       |           |             |                     | 3.5.8                |                                        |                   |
-| Guest Configuration | [Audit Windows machines that allow re-use of the previous 24 passwords](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordEnforce_AINE.json)                                      |                            |       |           |             | IA-5 (1)            |                      |                                        |                   |
-| Guest Configuration | [Audit Windows machines that allow re-use of the previous 24 passwords](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordEnforce_AINE.json)                                      |                            |       |           | A.9.4.3     |                     |                      |                                        |                   |
-| Guest Configuration | [Audit Windows machines that do not contain the specified certificates in Trusted Root](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsCertificateInTrustedRoot_AINE.json)             |                            |       |           |             |                     |                      | ID : 0945.09y1Organizational.3 - 09.y  |                   |
-| Guest Configuration | [Audit Windows machines that do not have a maximum password age of 70 days](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsMaximumPassword_AINE.json)                                  |                            |       |           |             | IA-5 (1)            |                      |                                        |                   |
-| Guest Configuration | [Audit Windows machines that do not have a maximum password age of 70 days](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsMaximumPassword_AINE.json)                                  |                            |       |           | A.9.4.3     |                     |                      |                                        |                   |
-| Guest Configuration | [Audit Windows machines that do not have a minimum password age of 1 day](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsMinimumPassword_AINE.json)                                    |                            |       |           |             | IA-5 (1)            |                      |                                        |                   |
-| Guest Configuration | [Audit Windows machines that do not have a minimum password age of 1 day](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsMinimumPassword_AINE.json)                                    |                            |       |           | A.9.4.3     |                     |                      |                                        |                   |
-| Guest Configuration | [Audit Windows machines that do not have the password complexity setting enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordComplexity_AINE.json)                         |                            |       |           |             |                     |                      |                                        |                   |
-| Guest Configuration | [Audit Windows machines that do not have the password complexity setting enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordComplexity_AINE.json)                         |                            |       |           |             |                     | 3.5.7                |                                        |                   |
-| Guest Configuration | [Audit Windows machines that do not have the password complexity setting enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordComplexity_AINE.json)                         |                            |       |           |             | IA-5 (1)            |                      |                                        |                   |
-| Guest Configuration | [Audit Windows machines that do not have the password complexity setting enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordComplexity_AINE.json)                         |                            |       |           | A.9.4.3     |                     |                      |                                        |                   |
-| Guest Configuration | [Audit Windows machines that do not restrict the minimum password length to 14 characters](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordLength_AINE.json)                    |                            |       |           |             |                     |                      |                                        |                   |
-| Guest Configuration | [Audit Windows machines that do not restrict the minimum password length to 14 characters](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordLength_AINE.json)                    |                            |       |           |             |                     | 3.5.7                |                                        |                   |
-| Guest Configuration | [Audit Windows machines that do not restrict the minimum password length to 14 characters](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordLength_AINE.json)                    |                            |       |           |             | IA-5 (1)            |                      |                                        |                   |
-| Guest Configuration | [Audit Windows machines that do not restrict the minimum password length to 14 characters](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordLength_AINE.json)                    |                            |       |           | A.9.4.3     |                     |                      |                                        |                   |
-| Guest Configuration | [Audit Windows machines that do not store passwords using reversible encryption](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordEncryption_AINE.json)                          |                            |       |           |             |                     |                      |                                        |                   |
-| Guest Configuration | [Audit Windows machines that do not store passwords using reversible encryption](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordEncryption_AINE.json)                          |                            |       |           |             |                     | 3.5.10               |                                        |                   |
-| Guest Configuration | [Audit Windows machines that do not store passwords using reversible encryption](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordEncryption_AINE.json)                          |                            |       |           |             | IA-5 (1)            |                      |                                        |                   |
-| Guest Configuration | [Audit Windows machines that do not store passwords using reversible encryption](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordEncryption_AINE.json)                          |                            |       |           | A.10.1.1    |                     |                      |                                        |                   |
-| Guest Configuration | [Audit Windows machines that have extra accounts in the Administrators group](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembers_AINE.json)                            |                            |       |           |             |                     |                      |                                        | AC-9              |
-| Guest Configuration | [Audit Windows machines that have extra accounts in the Administrators group](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembers_AINE.json)                            |                            |       |           |             |                     |                      | ID : 1123.01q1System.2 - 01.q          |                   |
-| Guest Configuration | [Audit Windows machines that have the specified members in the Administrators group](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToExclude_AINE.json)            |                            |       |           |             |                     |                      |                                        |                   |
-| Guest Configuration | [Audit Windows machines that have the specified members in the Administrators group](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToExclude_AINE.json)            |                            |       |           |             |                     |                      |                                        | AC-9              |
-| Guest Configuration | [Audit Windows machines that have the specified members in the Administrators group](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToExclude_AINE.json)            |                            |       |           |             |                     |                      | ID : 1125.01q2System.1 - 01.q          |                   |
-| Guest Configuration | [Audit Windows machines that have the specified members in the Administrators group](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToExclude_AINE.json)            |                            |       |           |             |                     | 3.1.4                |                                        |                   |
-| Guest Configuration | [Audit Windows machines that have the specified members in the Administrators group](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToExclude_AINE.json)            |                            |       |           |             | AC-6 (7)            |                      |                                        |                   |
-| Guest Configuration | [Windows Defender Exploit Guard should be enabled on your machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsDefenderExploitGuard_AINE.json)                                     |                            |       |           |             |                     |                      |                                        | DM-4              |
-| Guest Configuration | [Windows Defender Exploit Guard should be enabled on your machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsDefenderExploitGuard_AINE.json)                                     | ES-2                       |       |           |             |                     |                      |                                        |                   |
-| Guest Configuration | [Windows machines should meet requirements for 'Security Options - Accounts'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsAccounts_AINE.json)                               |                            |       |           |             |                     |                      | ID : 1148.01c2System.78 - 01.c         |                   |
-| Guest Configuration | [Windows machines should meet requirements for 'Security Options - Audit'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsAudit_AINE.json)                                     |                            |       |           |             |                     |                      | ID : 0605.10h1System.12 - 10.h         |                   |
-| Guest Configuration | [Windows machines should meet requirements for 'Security Options - Microsoft Network Server'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsMicrosoftNetworkServer_AINE.json) |                            |       |           |             |                     |                      | ID : 0709.10m1Organizational.1 - 10.m  |                   |
-| Guest Configuration | [Windows machines should meet requirements for 'Security Options - Network Access'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsNetworkAccess_AINE.json)                    |                            |       |           |             |                     |                      |                                        |                   |
-| Guest Configuration | [Windows machines should meet requirements for 'Security Options - Network Access'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsNetworkAccess_AINE.json)                    |                            |       |           |             |                     |                      | ID : 0861.09m2Organizational.67 - 09.m |                   |
-| Guest Configuration | [Windows machines should meet requirements for 'Security Options - Network Security'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsNetworkSecurity_AINE.json)                |                            |       |           |             |                     |                      |                                        |                   |
-| Guest Configuration | [Windows machines should meet requirements for 'Security Options - Network Security'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsNetworkSecurity_AINE.json)                |                            |       |           |             |                     | 3.5.10               |                                        |                   |
-| Guest Configuration | [Windows machines should meet requirements for 'Security Options - Recovery console'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsRecoveryconsole_AINE.json)                |                            |       |           |             |                     |                      | ID : 1637.12b2Organizational.2 - 12.b  |                   |
-| Guest Configuration | [Windows machines should meet requirements for 'Security Options - User Account Control'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsUserAccountControl_AINE.json)         |                            |       |           |             |                     |                      |                                        |                   |
-| Guest Configuration | [Windows machines should meet requirements for 'Security Options - User Account Control'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsUserAccountControl_AINE.json)         |                            |       |           |             |                     |                      | ID : 1277.09c2Organizational.4 - 09.c  |                   |
-| Guest Configuration | [Windows machines should meet requirements for 'Security Settings - Account Policies'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecuritySettingsAccountPolicies_AINE.json)              |                            |       |           |             |                     |                      |                                        | AC-4              |
-| Guest Configuration | [Windows machines should meet requirements for 'System Audit Policies - Account Management'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SystemAuditPoliciesAccountManagement_AINE.json)   |                            |       |           |             |                     |                      | ID : 0605.10h1System.12 - 10.h         |                   |
-| Guest Configuration | [Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SystemAuditPoliciesDetailedTracking_AINE.json)     |                            |       |           |             |                     |                      | ID : 0644.10k3Organizational.4 - 10.k  |                   |
-| Guest Configuration | [Windows machines should meet requirements for 'System Audit Policies - Policy Change'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SystemAuditPoliciesPolicyChange_AINE.json)             |                            |       |           |             |                     |                      |                                        |                   |
-| Guest Configuration | [Windows machines should meet requirements for 'System Audit Policies - Privilege Use'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SystemAuditPoliciesPrivilegeUse_AINE.json)             |                            |       |           |             |                     |                      |                                        |                   |
-| Guest Configuration | [Windows machines should meet requirements for 'User Rights Assignment'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_UserRightsAssignment_AINE.json)                                       |                            |       |           |             |                     |                      |                                        |                   |
-| Guest Configuration | [Windows machines should meet requirements for 'User Rights Assignment'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_UserRightsAssignment_AINE.json)                                       |                            |       |           |             |                     |                      | ID : 1232.09c3Organizational.12 - 09.c |                   |
-| Guest Configuration | [Windows machines should meet requirements for 'Windows Firewall Properties'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsFirewallProperties_AINE.json)                             |                            |       |           |             |                     |                      | ID : 0858.09m1Organizational.4 - 09.m  |                   |
-| Guest Configuration | [Windows web servers should be configured to use secure communication protocols](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecureWebProtocol_AINE.json)                                  |                            |       |           |             |                     |                      |                                        |                   |
-| Guest Configuration | [Windows web servers should be configured to use secure communication protocols](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecureWebProtocol_AINE.json)                                  |                            |       |           |             |                     |                      |                                        | DM-6              |
-| Guest Configuration | [Windows web servers should be configured to use secure communication protocols](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecureWebProtocol_AINE.json)                                  |                            |       |           |             |                     | 3.13.8               |                                        |                   |
-| Guest Configuration | [Windows web servers should be configured to use secure communication protocols](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecureWebProtocol_AINE.json)                                  |                            |       |           |             | SC-8 (1)            |                      |                                        |                   |
-| Guest Configuration | [Windows web servers should be configured to use secure communication protocols](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecureWebProtocol_AINE.json)                                  | DP-4                       |       |           |             |                     |                      |                                        |                   |
-| Guest Configuration | [[Preview]: Linux machines should meet requirements for the Azure security baseline](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AzureLinuxBaseline_AINE.json)                             |                            |       |           |             |                     |                      |                                        |                   |
-| Internet of Things  | [Resource logs in IoT Hub should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Internet%20of%20Things/IoTHub_AuditDiagnosticLog_Audit.json)                                                                               |                            |       |           |             |                     |                      |                                        |                   |
-| Internet of Things  | [Resource logs in IoT Hub should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Internet%20of%20Things/IoTHub_AuditDiagnosticLog_Audit.json)                                                                               |                            |       |           |             |                     |                      | ID : 1204.09aa1System.3 - 09.aa        |                   |
-| Internet of Things  | [Resource logs in IoT Hub should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Internet%20of%20Things/IoTHub_AuditDiagnosticLog_Audit.json)                                                                               |                            | 5.3   |           |             |                     |                      |                                        |                   |
-| Internet of Things  | [Resource logs in IoT Hub should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Internet%20of%20Things/IoTHub_AuditDiagnosticLog_Audit.json)                                                                               | LT-4                       |       |           |             |                     |                      |                                        |                   |
-| Key Vault           | [Resource logs in Azure Key Vault Managed HSM should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/ManagedHsm_AuditDiagnosticLog_Audit.json)                                                                  |                            |       |           |             |                     |                      | ID : 1211.09aa3System.4 - 09.aa        |                   |
-| Key Vault           | [Resource logs in Key Vault should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/KeyVault_AuditDiagnosticLog_Audit.json)                                                                                      |                            |       |           |             |                     |                      | ID : 1211.09aa3System.4 - 09.aa        |                   |
-| Key Vault           | [Resource logs in Key Vault should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/KeyVault_AuditDiagnosticLog_Audit.json)                                                                                      |                            | 5.3   |           |             |                     |                      |                                        |                   |
-| Key Vault           | [Resource logs in Key Vault should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/KeyVault_AuditDiagnosticLog_Audit.json)                                                                                      | LT-4                       |       |           |             |                     |                      |                                        |                   |
-| Key Vault           | [[Preview]: Certificates using RSA cryptography should have the specified minimum key size](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/Certificates_RSA_MinimumKeySize.json)                                           |                            |       |           |             |                     |                      |                                        |                   |
-| Key Vault           | [[Preview]: Keys should be the specified cryptographic type RSA or EC](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/Keys_AllowedKeyTypes.json)                                                                           |                            |       |           |             |                     |                      |                                        |                   |
-| Key Vault           | [[Preview]: Keys using RSA cryptography should have a specified minimum key size](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/Keys_RSA_MinimumKeySize.json)                                                             |                            |       |           |             |                     |                      |                                        |                   |
-| Key Vault           | [[Preview]: Keys using elliptic curve cryptography should have the specified curve names](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/Keys_EC_AllowedCurveNames.json)                                                   |                            |       |           |             |                     |                      |                                        |                   |
-| Kubernetes          | [Do not allow privileged containers in Kubernetes cluster](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ContainerNoPrivilege.json)                                                                                        | PV-2                       |       |           |             |                     |                      |                                        |                   |
-| Kubernetes          | [Ensure container CPU and memory resource limits do not exceed the specified limits in Kubernetes cluster](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ContainerResourceLimits.json)                                     | PV-2                       |       |           |             |                     |                      |                                        |                   |
-| Kubernetes          | [Ensure containers listen only on allowed ports in Kubernetes cluster](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ContainerAllowedPorts.json)                                                                           | PV-2                       |       |           |             |                     |                      |                                        |                   |
-| Kubernetes          | [Ensure only allowed container images in Kubernetes cluster](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ContainerAllowedImages.json)                                                                                    | PV-2                       |       |           |             |                     |                      |                                        |                   |
-| Kubernetes          | [Ensure services listen only on allowed ports in Kubernetes cluster](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ServiceAllowedPorts.json)                                                                               | PV-2                       |       |           |             |                     |                      |                                        |                   |
-| Kubernetes          | [Kubernetes cluster containers should not share host process ID or host IPC namespace](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/BlockHostNamespace.json)                                                              | PV-2                       |       |           |             |                     |                      |                                        |                   |
-| Kubernetes          | [Kubernetes cluster containers should only use allowed AppArmor profiles](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/EnforceAppArmorProfile.json)                                                                       | PV-2                       |       |           |             |                     |                      |                                        |                   |
-| Kubernetes          | [Kubernetes cluster containers should only use allowed capabilities](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ContainerAllowedCapabilities.json)                                                                      | PV-2                       |       |           |             |                     |                      |                                        |                   |
-| Kubernetes          | [Kubernetes cluster containers should run with a read only root file system](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ReadOnlyRootFileSystem.json)                                                                    | PV-2                       |       |           |             |                     |                      |                                        |                   |
-| Kubernetes          | [Kubernetes cluster pod hostPath volumes should only use allowed host paths](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/AllowedHostPaths.json)                                                                          | PV-2                       |       |           |             |                     |                      |                                        |                   |
-| Kubernetes          | [Kubernetes cluster pods and containers should only run with approved user and group IDs](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/AllowedUsersGroups.json)                                                           | PV-2                       |       |           |             |                     |                      |                                        |                   |
-| Kubernetes          | [Kubernetes cluster pods should only use approved host network and port range](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/HostNetworkPorts.json)                                                                        |                            |       |           |             |                     |                      |                                        |                   |
-| Kubernetes          | [Kubernetes cluster pods should only use approved host network and port range](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/HostNetworkPorts.json)                                                                        | PV-2                       |       |           |             |                     |                      |                                        |                   |
-| Kubernetes          | [Kubernetes clusters should be accessible only over HTTPS](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/IngressHttpsOnly.json)                                                                                            | DP-4                       |       |           |             |                     |                      |                                        |                   |
-| Kubernetes          | [Kubernetes clusters should not allow container privilege escalation](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ContainerNoPrivilegeEscalation.json)                                                                   | PV-2                       |       |           |             |                     |                      |                                        |                   |
-| Logic Apps          | [Resource logs in Logic Apps should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Logic%20Apps/LogicApps_AuditDiagnosticLog_Audit.json)                                                                                   |                            |       |           |             |                     |                      | ID : 1203.09aa1System.2 - 09.aa        |                   |
-| Logic Apps          | [Resource logs in Logic Apps should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Logic%20Apps/LogicApps_AuditDiagnosticLog_Audit.json)                                                                                   |                            | 5.3   |           |             |                     |                      |                                        |                   |
-| Logic Apps          | [Resource logs in Logic Apps should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Logic%20Apps/LogicApps_AuditDiagnosticLog_Audit.json)                                                                                   | LT-4                       |       |           |             |                     |                      |                                        |                   |
-| Monitoring          | [An activity log alert should exist for specific Administrative operations](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_AdministrativeOperations_Audit.json)                                                 |                            |       |           |             |                     |                      |                                        |                   |
-| Monitoring          | [An activity log alert should exist for specific Administrative operations](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_AdministrativeOperations_Audit.json)                                                 |                            |       |           |             |                     |                      | ID : 1271.09ad1System.1 - 09.ad        |                   |
-| Monitoring          | [An activity log alert should exist for specific Administrative operations](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_AdministrativeOperations_Audit.json)                                                 |                            | 5.2.9 |           |             |                     |                      |                                        |                   |
-| Monitoring          | [An activity log alert should exist for specific Policy operations](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_PolicyOperations_Audit.json)                                                                 |                            |       |           |             |                     |                      |                                        |                   |
-| Monitoring          | [An activity log alert should exist for specific Policy operations](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_PolicyOperations_Audit.json)                                                                 |                            | 5.2.2 |           |             |                     |                      |                                        |                   |
-| Monitoring          | [An activity log alert should exist for specific Security operations](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_SecurityOperations_Audit.json)                                                             |                            |       |           |             |                     |                      |                                        |                   |
-| Monitoring          | [An activity log alert should exist for specific Security operations](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_SecurityOperations_Audit.json)                                                             |                            | 5.2.8 |           |             |                     |                      |                                        |                   |
-| Monitoring          | [Audit Dependency agent deployment - VM Image (OS) unlisted](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DependencyAgent_OSImage_Audit.json)                                                                             |                            |       |           | A.12.4.4    |                     |                      |                                        |                   |
-| Monitoring          | [Audit Dependency agent deployment in virtual machine scale sets - VM Image (OS) unlisted](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DependencyAgent_OSImage_VMSS_Audit.json)                                          |                            |       |           | A.12.4.4    |                     |                      |                                        |                   |
-| Monitoring          | [Audit Log Analytics agent deployment in virtual machine scale sets - VM Image (OS) unlisted](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/LogAnalytics_OSImage_VMSS_Audit.json)                                          |                            |       |           |             |                     |                      |                                        |                   |
-| Monitoring          | [Audit Log Analytics agent deployment in virtual machine scale sets - VM Image (OS) unlisted](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/LogAnalytics_OSImage_VMSS_Audit.json)                                          |                            |       |           |             |                     |                      |                                        | AC-14             |
-| Monitoring          | [Audit Log Analytics agent deployment in virtual machine scale sets - VM Image (OS) unlisted](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/LogAnalytics_OSImage_VMSS_Audit.json)                                          |                            |       |           |             |                     | 3.3.2                |                                        |                   |
-| Monitoring          | [Audit Log Analytics agent deployment in virtual machine scale sets - VM Image (OS) unlisted](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/LogAnalytics_OSImage_VMSS_Audit.json)                                          |                            |       |           |             | SI-4                |                      |                                        |                   |
-| Monitoring          | [Audit Log Analytics agent deployment in virtual machine scale sets - VM Image (OS) unlisted](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/LogAnalytics_OSImage_VMSS_Audit.json)                                          |                            |       |           | A.12.4.4    |                     |                      |                                        |                   |
-| Monitoring          | [Audit Log Analytics workspace for VM - Report Mismatch](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/LogAnalytics_WorkspaceMismatch_VM_Audit.json)                                                                       |                            |       |           |             |                     |                      |                                        |                   |
-| Monitoring          | [Audit Log Analytics workspace for VM - Report Mismatch](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/LogAnalytics_WorkspaceMismatch_VM_Audit.json)                                                                       |                            |       |           |             |                     |                      |                                        | AC-14             |
-| Monitoring          | [Audit Log Analytics workspace for VM - Report Mismatch](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/LogAnalytics_WorkspaceMismatch_VM_Audit.json)                                                                       |                            |       |           |             |                     | 3.3.2                |                                        |                   |
-| Monitoring          | [Audit Log Analytics workspace for VM - Report Mismatch](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/LogAnalytics_WorkspaceMismatch_VM_Audit.json)                                                                       |                            |       |           |             | SI-4                |                      |                                        |                   |
-| Monitoring          | [Audit diagnostic setting](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DiagnosticSettingsForTypes_Audit.json)                                                                                                            |                            |       |           |             |                     |                      |                                        |                   |
-| Monitoring          | [Audit diagnostic setting](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DiagnosticSettingsForTypes_Audit.json)                                                                                                            |                            |       |           |             |                     |                      |                                        | DM-6              |
-| Monitoring          | [Audit diagnostic setting](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DiagnosticSettingsForTypes_Audit.json)                                                                                                            |                            |       |           |             |                     |                      | ID : 1210.09aa3System.3 - 09.aa        |                   |
-| Monitoring          | [Audit diagnostic setting](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DiagnosticSettingsForTypes_Audit.json)                                                                                                            |                            |       |           |             |                     | 3.3.4                |                                        |                   |
-| Monitoring          | [Audit diagnostic setting](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DiagnosticSettingsForTypes_Audit.json)                                                                                                            |                            |       |           |             | AU-12               |                      |                                        |                   |
-| Monitoring          | [Audit diagnostic setting](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DiagnosticSettingsForTypes_Audit.json)                                                                                                            |                            |       |           | A.12.4.4    |                     |                      |                                        |                   |
-| Network             | [Network Watcher should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkWatcher_Enabled_Audit.json)                                                                                                          |                            |       |           |             |                     |                      |                                        |                   |
-| Network             | [Network Watcher should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkWatcher_Enabled_Audit.json)                                                                                                          |                            |       |           |             |                     |                      | ID : 0888.09n2Organizational.6 - 09.n  |                   |
-| Network             | [Network Watcher should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkWatcher_Enabled_Audit.json)                                                                                                          |                            |       |           |             |                     | 3.14.6               |                                        |                   |
-| Network             | [Network Watcher should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkWatcher_Enabled_Audit.json)                                                                                                          |                            | 6.5   |           |             |                     |                      |                                        |                   |
-| Network             | [Network Watcher should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkWatcher_Enabled_Audit.json)                                                                                                          | LT-3                       |       |           |             |                     |                      |                                        |                   |
-| Network             | [Virtual machines should be connected to an approved virtual network](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/ApprovedVirtualNetwork_Audit.json)                                                                        |                            |       |           |             |                     |                      | ID : 0814.01n1Organizational.12 - 01.n |                   |
-| Network             | [Web Application Firewall (WAF) should use the specified mode for Application Gateway](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/WAF_AppGatewayMode_Audit.json)                                                           |                            |       |           |             |                     |                      |                                        |                   |
-| Network             | [Web Application Firewall (WAF) should use the specified mode for Application Gateway](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/WAF_AppGatewayMode_Audit.json)                                                           |                            |       |           |             |                     |                      |                                        | NS-7              |
-| Network             | [Web Application Firewall (WAF) should use the specified mode for Azure Front Door Service](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/WAF_AFD_Mode_Audit.json)                                                            |                            |       |           |             |                     |                      |                                        |                   |
-| Network             | [Web Application Firewall (WAF) should use the specified mode for Azure Front Door Service](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/WAF_AFD_Mode_Audit.json)                                                            |                            |       |           |             |                     |                      |                                        | NS-7              |
-| SQL                 | [Auditing on SQL server should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServerAuditing_Audit.json)                                                                                                            |                            |       |           |             |                     |                      |                                        |                   |
-| SQL                 | [Auditing on SQL server should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServerAuditing_Audit.json)                                                                                                            |                            |       |           |             |                     |                      | ID : 1211.09aa3System.4 - 09.aa        |                   |
-| SQL                 | [Auditing on SQL server should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServerAuditing_Audit.json)                                                                                                            |                            |       |           |             |                     | 3.3.4                |                                        |                   |
-| SQL                 | [Auditing on SQL server should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServerAuditing_Audit.json)                                                                                                            |                            |       |           |             | AU-12               |                      |                                        |                   |
-| SQL                 | [Auditing on SQL server should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServerAuditing_Audit.json)                                                                                                            |                            |       |           | A.12.4.4    |                     |                      |                                        |                   |
-| SQL                 | [Auditing on SQL server should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServerAuditing_Audit.json)                                                                                                            |                            | 4.1.1 |           |             |                     |                      |                                        |                   |
-| SQL                 | [Auditing on SQL server should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServerAuditing_Audit.json)                                                                                                            | LT-4                       |       |           |             |                     |                      |                                        |                   |
-| Search              | [Resource logs in Search services should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Search/Search_AuditDiagnosticLog_Audit.json)                                                                                       |                            |       |           |             |                     |                      | ID : 1208.09aa3System.1 - 09.aa        |                   |
-| Search              | [Resource logs in Search services should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Search/Search_AuditDiagnosticLog_Audit.json)                                                                                       |                            | 5.3   |           |             |                     |                      |                                        |                   |
-| Search              | [Resource logs in Search services should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Search/Search_AuditDiagnosticLog_Audit.json)                                                                                       | LT-4                       |       |           |             |                     |                      |                                        |                   |
-| Service Bus         | [Resource logs in Service Bus should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Service%20Bus/ServiceBus_AuditDiagnosticLog_Audit.json)                                                                                |                            |       |           |             |                     |                      | ID : 1208.09aa3System.1 - 09.aa        |                   |
-| Service Bus         | [Resource logs in Service Bus should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Service%20Bus/ServiceBus_AuditDiagnosticLog_Audit.json)                                                                                |                            | 5.3   |           |             |                     |                      |                                        |                   |
-| Service Bus         | [Resource logs in Service Bus should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Service%20Bus/ServiceBus_AuditDiagnosticLog_Audit.json)                                                                                | LT-4                       |       |           |             |                     |                      |                                        |                   |
-| Stream Analytics    | [Resource logs in Azure Stream Analytics should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Stream%20Analytics/StreamAnalytics_AuditDiagnosticLog_Audit.json)                                                           |                            |       |           |             |                     |                      | ID : 1207.09aa2System.4 - 09.aa        |                   |
-| Stream Analytics    | [Resource logs in Azure Stream Analytics should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Stream%20Analytics/StreamAnalytics_AuditDiagnosticLog_Audit.json)                                                           |                            | 5.3   |           |             |                     |                      |                                        |                   |
-| Stream Analytics    | [Resource logs in Azure Stream Analytics should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Stream%20Analytics/StreamAnalytics_AuditDiagnosticLog_Audit.json)                                                           | LT-4                       |       |           |             |                     |                      |                                        |                   |
\ No newline at end of file
+| Service             | Policy Definition                                                                                                                                                                                                                                                             | Azure Security Benchmark   | CIS   | CCMC L3   | ISO 27001   | NIST SP 800-171 R2   | NIST SP 800-53 R4   | HIPAA HITRUST 9.2                 | New Zealand ISM   | Link                                                                                                                                                                           |
+|---------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------|-------|-----------|-------------|----------------------|---------------------|-----------------------------------|-------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| API Management      | [API Management services should use a virtual network](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/API%20Management/ApiManagement_VNETEnabled_Audit.json)                                                                           | NS-1                       |       |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/API%20Management/ApiManagement_VNETEnabled_Audit.json                                    |
+| App Platform        | [Azure Spring Cloud should use network injection](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Platform/Spring_VNETEnabled_Audit.json)                                                                                         | NS-2                       |       |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Platform/Spring_VNETEnabled_Audit.json                                             |
+| App Service         | [Ensure that 'Java version' is the latest, if used as a part of the API app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_java_Latest.json)                                                    | PV-7                       | 9.8   |           |             | 3.14.1               |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_java_Latest.json                                   |
+| App Service         | [Ensure that 'Java version' is the latest, if used as a part of the Function app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_java_Latest.json)                                          | PV-7                       | 9.8   |           |             | 3.14.1               |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_java_Latest.json                              |
+| App Service         | [Ensure that 'Java version' is the latest, if used as a part of the Web app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_java_Latest.json)                                                    | PV-7                       | 9.8   |           |             | 3.14.1               |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_java_Latest.json                                   |
+| App Service         | [Ensure that 'PHP version' is the latest, if used as a part of the API app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_PHP_Latest.json)                                                      | PV-7                       | 9.6   |           |             | 3.14.1               |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_PHP_Latest.json                                    |
+| App Service         | [Ensure that 'PHP version' is the latest, if used as a part of the WEB app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_Webapp_Audit_PHP_Latest.json)                                                      | PV-7                       | 9.6   |           |             | 3.14.1               |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_Webapp_Audit_PHP_Latest.json                                    |
+| App Service         | [Ensure that 'Python version' is the latest, if used as a part of the API app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_python_Latest.json)                                                | PV-7                       | 9.7   |           |             | 3.14.1               |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_python_Latest.json                                 |
+| App Service         | [Ensure that 'Python version' is the latest, if used as a part of the Function app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_python_Latest.json)                                      | PV-7                       | 9.7   |           |             | 3.14.1               |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_python_Latest.json                            |
+| App Service         | [Ensure that 'Python version' is the latest, if used as a part of the Web app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_python_Latest.json)                                                | PV-7                       | 9.7   |           |             | 3.14.1               |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_python_Latest.json                                 |
+| Batch               | [Resource logs in Batch accounts should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Batch/Batch_AuditDiagnosticLog_Audit.json)                                                                                          | LT-4                       | 5.3   |           |             |                      |                     | 1205.09aa2System.1 - 09.aa        |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Batch/Batch_AuditDiagnosticLog_Audit.json                                                |
+| Compute             | [Only approved VM extensions should be installed](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/VirtualMachines_ApprovedExtensions_Audit.json)                                                                                |                            | 7.4   |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/VirtualMachines_ApprovedExtensions_Audit.json                                    |
+| Compute             | [Resource logs in Virtual Machine Scale Sets should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/ServiceFabric_and_VMSS_AuditVMSSDiagnostics.json)                                                               | LT-4                       | 5.3   |           |             |                      |                     | 1206.09aa2System.23 - 09.aa       |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/ServiceFabric_and_VMSS_AuditVMSSDiagnostics.json                                 |
+| Data Box            | [Azure Data Box jobs should enable double encryption for data at rest on the device](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Box/DataBox_DoubleEncryption_Audit.json)                                                    |                            |       |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Box/DataBox_DoubleEncryption_Audit.json                                           |
+| Data Lake           | [Resource logs in Azure Data Lake Store should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Lake/DataLakeStore_AuditDiagnosticLog_Audit.json)                                                                     | LT-4                       | 5.3   |           |             |                      |                     | 1202.09aa1System.1 - 09.aa        |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Lake/DataLakeStore_AuditDiagnosticLog_Audit.json                                  |
+| Data Lake           | [Resource logs in Data Lake Analytics should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Lake/DataLakeAnalytics_AuditDiagnosticLog_Audit.json)                                                                   | LT-4                       | 5.3   |           |             |                      |                     | 1210.09aa3System.3 - 09.aa        |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Lake/DataLakeAnalytics_AuditDiagnosticLog_Audit.json                              |
+| Event Hub           | [Resource logs in Event Hub should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Event%20Hub/EventHub_AuditDiagnosticLog_Audit.json)                                                                                      | LT-4                       | 5.3   |           |             |                      |                     | 1207.09aa2System.4 - 09.aa        |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Event%20Hub/EventHub_AuditDiagnosticLog_Audit.json                                       |
+| General             | [Allowed locations for resource groups](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/General/ResourceGroupAllowedLocations_Deny.json)                                                                                                |                            |       |           |             |                      |                     |                                   | ESS-2             | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/General/ResourceGroupAllowedLocations_Deny.json                                          |
+| General             | [Allowed locations](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/General/AllowedLocations_Deny.json)                                                                                                                                 |                            |       |           |             |                      |                     |                                   | ESS-2             | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/General/AllowedLocations_Deny.json                                                       |
+| Guest Configuration | [Audit Linux machines that allow remote connections from accounts without passwords](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword110_AINE.json)                               |                            |       |           | A.9.1.2     | 3.1.12               | AC-17 (1)           |                                   | AC-2              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword110_AINE.json                      |
+| Guest Configuration | [Audit Linux machines that do not have the passwd file permissions set to 0644](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword121_AINE.json)                                    |                            |       |           | A.9.2.4     | 3.5.10               | IA-5                |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword121_AINE.json                      |
+| Guest Configuration | [Audit Linux machines that have accounts without passwords](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword232_AINE.json)                                                        |                            |       |           | A.9.1.2     | 3.5.7                | IA-5                |                                   | AC-2              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword232_AINE.json                      |
+| Guest Configuration | [Audit Windows machines missing any of specified members in the Administrators group](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToInclude_AINE.json)           |                            |       |           |             | 3.1.4                | AC-6 (7)            | 1127.01q2System.3 - 01.q          | AC-9              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToInclude_AINE.json   |
+| Guest Configuration | [Audit Windows machines on which the Log Analytics agent is not connected as expected](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsLogAnalyticsAgentConnection_AINE.json)           |                            |       |           |             |                      |                     | 1217.09ab3System.3 - 09.ab        |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsLogAnalyticsAgentConnection_AINE.json    |
+| Guest Configuration | [Audit Windows machines that allow re-use of the previous 24 passwords](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordEnforce_AINE.json)                                      |                            |       |           | A.9.4.3     | 3.5.8                | IA-5 (1)            |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordEnforce_AINE.json                |
+| Guest Configuration | [Audit Windows machines that do not contain the specified certificates in Trusted Root](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsCertificateInTrustedRoot_AINE.json)             |                            |       |           |             |                      |                     | 0945.09y1Organizational.3 - 09.y  |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsCertificateInTrustedRoot_AINE.json       |
+| Guest Configuration | [Audit Windows machines that do not have a maximum password age of 70 days](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsMaximumPassword_AINE.json)                                  |                            |       |           | A.9.4.3     |                      | IA-5 (1)            |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsMaximumPassword_AINE.json                |
+| Guest Configuration | [Audit Windows machines that do not have a minimum password age of 1 day](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsMinimumPassword_AINE.json)                                    |                            |       |           | A.9.4.3     |                      | IA-5 (1)            |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsMinimumPassword_AINE.json                |
+| Guest Configuration | [Audit Windows machines that do not have the password complexity setting enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordComplexity_AINE.json)                         |                            |       |           | A.9.4.3     | 3.5.7                | IA-5 (1)            |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordComplexity_AINE.json             |
+| Guest Configuration | [Audit Windows machines that do not restrict the minimum password length to 14 characters](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordLength_AINE.json)                    |                            |       |           | A.9.4.3     | 3.5.7                | IA-5 (1)            |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordLength_AINE.json                 |
+| Guest Configuration | [Audit Windows machines that do not store passwords using reversible encryption](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordEncryption_AINE.json)                          |                            |       |           | A.10.1.1    | 3.5.10               | IA-5 (1)            |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordEncryption_AINE.json             |
+| Guest Configuration | [Audit Windows machines that have extra accounts in the Administrators group](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembers_AINE.json)                            |                            |       |           |             |                      |                     | 1123.01q1System.2 - 01.q          | AC-9              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembers_AINE.json            |
+| Guest Configuration | [Audit Windows machines that have the specified members in the Administrators group](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToExclude_AINE.json)            |                            |       |           |             | 3.1.4                | AC-6 (7)            | 1125.01q2System.1 - 01.q          | AC-9              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToExclude_AINE.json   |
+| Guest Configuration | [Windows Defender Exploit Guard should be enabled on your machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsDefenderExploitGuard_AINE.json)                                     | ES-2                       |       |           |             |                      |                     |                                   | DM-4              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsDefenderExploitGuard_AINE.json           |
+| Guest Configuration | [Windows machines should meet requirements for 'Security Options - Accounts'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsAccounts_AINE.json)                               |                            |       |           |             |                      |                     | 1148.01c2System.78 - 01.c         |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsAccounts_AINE.json               |
+| Guest Configuration | [Windows machines should meet requirements for 'Security Options - Audit'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsAudit_AINE.json)                                     |                            |       |           |             |                      |                     | 0605.10h1System.12 - 10.h         |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsAudit_AINE.json                  |
+| Guest Configuration | [Windows machines should meet requirements for 'Security Options - Microsoft Network Server'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsMicrosoftNetworkServer_AINE.json) |                            |       |           |             |                      |                     | 0709.10m1Organizational.1 - 10.m  |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsMicrosoftNetworkServer_AINE.json |
+| Guest Configuration | [Windows machines should meet requirements for 'Security Options - Network Access'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsNetworkAccess_AINE.json)                    |                            |       |           |             |                      |                     | 0861.09m2Organizational.67 - 09.m |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsNetworkAccess_AINE.json          |
+| Guest Configuration | [Windows machines should meet requirements for 'Security Options - Network Security'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsNetworkSecurity_AINE.json)                |                            |       |           |             | 3.5.10               |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsNetworkSecurity_AINE.json        |
+| Guest Configuration | [Windows machines should meet requirements for 'Security Options - Recovery console'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsRecoveryconsole_AINE.json)                |                            |       |           |             |                      |                     | 1637.12b2Organizational.2 - 12.b  |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsRecoveryconsole_AINE.json        |
+| Guest Configuration | [Windows machines should meet requirements for 'Security Options - User Account Control'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsUserAccountControl_AINE.json)         |                            |       |           |             |                      |                     | 1277.09c2Organizational.4 - 09.c  |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsUserAccountControl_AINE.json     |
+| Guest Configuration | [Windows machines should meet requirements for 'Security Settings - Account Policies'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecuritySettingsAccountPolicies_AINE.json)              |                            |       |           |             |                      |                     |                                   | AC-4              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecuritySettingsAccountPolicies_AINE.json       |
+| Guest Configuration | [Windows machines should meet requirements for 'System Audit Policies - Account Management'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SystemAuditPoliciesAccountManagement_AINE.json)   |                            |       |           |             |                      |                     | 0605.10h1System.12 - 10.h         |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SystemAuditPoliciesAccountManagement_AINE.json  |
+| Guest Configuration | [Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SystemAuditPoliciesDetailedTracking_AINE.json)     |                            |       |           |             |                      |                     | 0644.10k3Organizational.4 - 10.k  |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SystemAuditPoliciesDetailedTracking_AINE.json   |
+| Guest Configuration | [Windows machines should meet requirements for 'System Audit Policies - Policy Change'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SystemAuditPoliciesPolicyChange_AINE.json)             |                            |       |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SystemAuditPoliciesPolicyChange_AINE.json       |
+| Guest Configuration | [Windows machines should meet requirements for 'System Audit Policies - Privilege Use'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SystemAuditPoliciesPrivilegeUse_AINE.json)             |                            |       |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SystemAuditPoliciesPrivilegeUse_AINE.json       |
+| Guest Configuration | [Windows machines should meet requirements for 'User Rights Assignment'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_UserRightsAssignment_AINE.json)                                       |                            |       |           |             |                      |                     | 1232.09c3Organizational.12 - 09.c |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_UserRightsAssignment_AINE.json                  |
+| Guest Configuration | [Windows machines should meet requirements for 'Windows Firewall Properties'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsFirewallProperties_AINE.json)                             |                            |       |           |             |                      |                     | 0858.09m1Organizational.4 - 09.m  |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsFirewallProperties_AINE.json             |
+| Guest Configuration | [Windows web servers should be configured to use secure communication protocols](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecureWebProtocol_AINE.json)                                  | DP-4                       |       |           |             | 3.13.8               | SC-8 (1)            |                                   | DM-6              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecureWebProtocol_AINE.json                     |
+| Guest Configuration | [[Preview]: Linux machines should meet requirements for the Azure security baseline](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AzureLinuxBaseline_AINE.json)                             |                            |       |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AzureLinuxBaseline_AINE.json                    |
+| Internet of Things  | [Resource logs in IoT Hub should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Internet%20of%20Things/IoTHub_AuditDiagnosticLog_Audit.json)                                                                               | LT-4                       | 5.3   |           |             |                      |                     | 1204.09aa1System.3 - 09.aa        |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Internet%20of%20Things/IoTHub_AuditDiagnosticLog_Audit.json                              |
+| Key Vault           | [Resource logs in Azure Key Vault Managed HSM should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/ManagedHsm_AuditDiagnosticLog_Audit.json)                                                                  |                            |       |           |             |                      |                     | 1211.09aa3System.4 - 09.aa        |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/ManagedHsm_AuditDiagnosticLog_Audit.json                                     |
+| Key Vault           | [Resource logs in Key Vault should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/KeyVault_AuditDiagnosticLog_Audit.json)                                                                                      | LT-4                       | 5.3   |           |             |                      |                     | 1211.09aa3System.4 - 09.aa        |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/KeyVault_AuditDiagnosticLog_Audit.json                                       |
+| Key Vault           | [[Preview]: Certificates using RSA cryptography should have the specified minimum key size](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/Certificates_RSA_MinimumKeySize.json)                                           |                            |       |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/Certificates_RSA_MinimumKeySize.json                                         |
+| Key Vault           | [[Preview]: Keys should be the specified cryptographic type RSA or EC](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/Keys_AllowedKeyTypes.json)                                                                           |                            |       |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/Keys_AllowedKeyTypes.json                                                    |
+| Key Vault           | [[Preview]: Keys using RSA cryptography should have a specified minimum key size](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/Keys_RSA_MinimumKeySize.json)                                                             |                            |       |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/Keys_RSA_MinimumKeySize.json                                                 |
+| Key Vault           | [[Preview]: Keys using elliptic curve cryptography should have the specified curve names](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/Keys_EC_AllowedCurveNames.json)                                                   |                            |       |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/Keys_EC_AllowedCurveNames.json                                               |
+| Kubernetes          | [Do not allow privileged containers in Kubernetes cluster](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ContainerNoPrivilege.json)                                                                                        | PV-2                       |       |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ContainerNoPrivilege.json                                                     |
+| Kubernetes          | [Ensure container CPU and memory resource limits do not exceed the specified limits in Kubernetes cluster](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ContainerResourceLimits.json)                                     | PV-2                       |       |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ContainerResourceLimits.json                                                  |
+| Kubernetes          | [Ensure containers listen only on allowed ports in Kubernetes cluster](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ContainerAllowedPorts.json)                                                                           | PV-2                       |       |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ContainerAllowedPorts.json                                                    |
+| Kubernetes          | [Ensure only allowed container images in Kubernetes cluster](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ContainerAllowedImages.json)                                                                                    | PV-2                       |       |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ContainerAllowedImages.json                                                   |
+| Kubernetes          | [Ensure services listen only on allowed ports in Kubernetes cluster](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ServiceAllowedPorts.json)                                                                               | PV-2                       |       |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ServiceAllowedPorts.json                                                      |
+| Kubernetes          | [Kubernetes cluster containers should not share host process ID or host IPC namespace](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/BlockHostNamespace.json)                                                              | PV-2                       |       |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/BlockHostNamespace.json                                                       |
+| Kubernetes          | [Kubernetes cluster containers should only use allowed AppArmor profiles](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/EnforceAppArmorProfile.json)                                                                       | PV-2                       |       |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/EnforceAppArmorProfile.json                                                   |
+| Kubernetes          | [Kubernetes cluster containers should only use allowed capabilities](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ContainerAllowedCapabilities.json)                                                                      | PV-2                       |       |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ContainerAllowedCapabilities.json                                             |
+| Kubernetes          | [Kubernetes cluster containers should run with a read only root file system](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ReadOnlyRootFileSystem.json)                                                                    | PV-2                       |       |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ReadOnlyRootFileSystem.json                                                   |
+| Kubernetes          | [Kubernetes cluster pod hostPath volumes should only use allowed host paths](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/AllowedHostPaths.json)                                                                          | PV-2                       |       |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/AllowedHostPaths.json                                                         |
+| Kubernetes          | [Kubernetes cluster pods and containers should only run with approved user and group IDs](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/AllowedUsersGroups.json)                                                           | PV-2                       |       |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/AllowedUsersGroups.json                                                       |
+| Kubernetes          | [Kubernetes cluster pods should only use approved host network and port range](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/HostNetworkPorts.json)                                                                        | PV-2                       |       |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/HostNetworkPorts.json                                                         |
+| Kubernetes          | [Kubernetes clusters should be accessible only over HTTPS](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/IngressHttpsOnly.json)                                                                                            | DP-4                       |       |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/IngressHttpsOnly.json                                                         |
+| Kubernetes          | [Kubernetes clusters should not allow container privilege escalation](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ContainerNoPrivilegeEscalation.json)                                                                   | PV-2                       |       |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ContainerNoPrivilegeEscalation.json                                           |
+| Logic Apps          | [Resource logs in Logic Apps should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Logic%20Apps/LogicApps_AuditDiagnosticLog_Audit.json)                                                                                   | LT-4                       | 5.3   |           |             |                      |                     | 1203.09aa1System.2 - 09.aa        |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Logic%20Apps/LogicApps_AuditDiagnosticLog_Audit.json                                     |
+| Monitoring          | [An activity log alert should exist for specific Administrative operations](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_AdministrativeOperations_Audit.json)                                                 |                            | 5.2.9 |           |             |                      |                     | 1271.09ad1System.1 - 09.ad        |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_AdministrativeOperations_Audit.json                               |
+| Monitoring          | [An activity log alert should exist for specific Policy operations](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_PolicyOperations_Audit.json)                                                                 |                            | 5.2.2 |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_PolicyOperations_Audit.json                                       |
+| Monitoring          | [An activity log alert should exist for specific Security operations](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_SecurityOperations_Audit.json)                                                             |                            | 5.2.8 |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_SecurityOperations_Audit.json                                     |
+| Monitoring          | [Audit Dependency agent deployment - VM Image (OS) unlisted](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DependencyAgent_OSImage_Audit.json)                                                                             |                            |       |           | A.12.4.4    |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DependencyAgent_OSImage_Audit.json                                            |
+| Monitoring          | [Audit Dependency agent deployment in virtual machine scale sets - VM Image (OS) unlisted](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DependencyAgent_OSImage_VMSS_Audit.json)                                          |                            |       |           | A.12.4.4    |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DependencyAgent_OSImage_VMSS_Audit.json                                       |
+| Monitoring          | [Audit Log Analytics agent deployment in virtual machine scale sets - VM Image (OS) unlisted](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/LogAnalytics_OSImage_VMSS_Audit.json)                                          |                            |       |           | A.12.4.4    | 3.3.2                | SI-4                |                                   | AC-14             | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/LogAnalytics_OSImage_VMSS_Audit.json                                          |
+| Monitoring          | [Audit Log Analytics workspace for VM - Report Mismatch](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/LogAnalytics_WorkspaceMismatch_VM_Audit.json)                                                                       |                            |       |           |             | 3.3.2                | SI-4                |                                   | AC-14             | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/LogAnalytics_WorkspaceMismatch_VM_Audit.json                                  |
+| Monitoring          | [Audit diagnostic setting](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DiagnosticSettingsForTypes_Audit.json)                                                                                                            |                            |       |           | A.12.4.4    | 3.3.4                | AU-12               | 1210.09aa3System.3 - 09.aa        | DM-6              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DiagnosticSettingsForTypes_Audit.json                                         |
+| Network             | [Network Watcher should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkWatcher_Enabled_Audit.json)                                                                                                          | LT-3                       | 6.5   |           |             | 3.14.6               |                     | 0888.09n2Organizational.6 - 09.n  |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkWatcher_Enabled_Audit.json                                                |
+| Network             | [Virtual machines should be connected to an approved virtual network](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/ApprovedVirtualNetwork_Audit.json)                                                                        |                            |       |           |             |                      |                     | 0814.01n1Organizational.12 - 01.n |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/ApprovedVirtualNetwork_Audit.json                                                |
+| Network             | [Web Application Firewall (WAF) should use the specified mode for Application Gateway](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/WAF_AppGatewayMode_Audit.json)                                                           |                            |       |           |             |                      |                     |                                   | NS-7              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/WAF_AppGatewayMode_Audit.json                                                    |
+| Network             | [Web Application Firewall (WAF) should use the specified mode for Azure Front Door Service](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/WAF_AFD_Mode_Audit.json)                                                            |                            |       |           |             |                      |                     |                                   | NS-7              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/WAF_AFD_Mode_Audit.json                                                          |
+| SQL                 | [Auditing on SQL server should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServerAuditing_Audit.json)                                                                                                            | LT-4                       | 4.1.1 |           | A.12.4.4    | 3.3.4                | AU-12               | 1211.09aa3System.4 - 09.aa        |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServerAuditing_Audit.json                                                         |
+| Search              | [Resource logs in Search services should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Search/Search_AuditDiagnosticLog_Audit.json)                                                                                       | LT-4                       | 5.3   |           |             |                      |                     | 1208.09aa3System.1 - 09.aa        |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Search/Search_AuditDiagnosticLog_Audit.json                                              |
+| Service Bus         | [Resource logs in Service Bus should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Service%20Bus/ServiceBus_AuditDiagnosticLog_Audit.json)                                                                                | LT-4                       | 5.3   |           |             |                      |                     | 1208.09aa3System.1 - 09.aa        |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Service%20Bus/ServiceBus_AuditDiagnosticLog_Audit.json                                   |
+| Stream Analytics    | [Resource logs in Azure Stream Analytics should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Stream%20Analytics/StreamAnalytics_AuditDiagnosticLog_Audit.json)                                                           | LT-4                       | 5.3   |           |             |                      |                     | 1207.09aa2System.4 - 09.aa        |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Stream%20Analytics/StreamAnalytics_AuditDiagnosticLog_Audit.json                         |
\ No newline at end of file
diff --git a/docs/params-required.csv b/docs/params-required.csv
index 0b5cd70..caf743a 100644
--- a/docs/params-required.csv
+++ b/docs/params-required.csv
@@ -1,139 +1,57 @@
-Service,Policy Definition,Azure Security Benchmark,CIS,CCMC L3,ISO 27001,NIST SP 800-53 R4,NIST SP 800-171 R2,HIPAA HITRUST 9.2,New Zealand ISM,Policy Link
+Service,Policy Definition,Azure Security Benchmark,CIS,CCMC L3,ISO 27001,NIST SP 800-53 R4,NIST SP 800-171 R2,HIPAA HITRUST 9.2,New Zealand ISM,Link
 API Management,API Management services should use a virtual network,NS-1,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/API%20Management/ApiManagement_VNETEnabled_Audit.json
 App Platform,Azure Spring Cloud should use network injection,NS-2,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Platform/Spring_VNETEnabled_Audit.json
-App Service,"Ensure that 'Java version' is the latest, if used as a part of the API app",,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_java_Latest.json
-App Service,"Ensure that 'Java version' is the latest, if used as a part of the API app",,,,,,3.14.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_java_Latest.json
-App Service,"Ensure that 'Java version' is the latest, if used as a part of the API app",,9.8,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_java_Latest.json
-App Service,"Ensure that 'Java version' is the latest, if used as a part of the API app",PV-7,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_java_Latest.json
-App Service,"Ensure that 'Java version' is the latest, if used as a part of the Function app",,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_java_Latest.json
-App Service,"Ensure that 'Java version' is the latest, if used as a part of the Function app",,,,,,3.14.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_java_Latest.json
-App Service,"Ensure that 'Java version' is the latest, if used as a part of the Function app",,9.8,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_java_Latest.json
-App Service,"Ensure that 'Java version' is the latest, if used as a part of the Function app",PV-7,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_java_Latest.json
-App Service,"Ensure that 'Java version' is the latest, if used as a part of the Web app",,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_java_Latest.json
-App Service,"Ensure that 'Java version' is the latest, if used as a part of the Web app",,,,,,3.14.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_java_Latest.json
-App Service,"Ensure that 'Java version' is the latest, if used as a part of the Web app",,9.8,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_java_Latest.json
-App Service,"Ensure that 'Java version' is the latest, if used as a part of the Web app",PV-7,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_java_Latest.json
-App Service,"Ensure that 'PHP version' is the latest, if used as a part of the API app",,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_PHP_Latest.json
-App Service,"Ensure that 'PHP version' is the latest, if used as a part of the API app",,,,,,3.14.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_PHP_Latest.json
-App Service,"Ensure that 'PHP version' is the latest, if used as a part of the API app",,9.6,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_PHP_Latest.json
-App Service,"Ensure that 'PHP version' is the latest, if used as a part of the API app",PV-7,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_PHP_Latest.json
-App Service,"Ensure that 'PHP version' is the latest, if used as a part of the WEB app",,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_Webapp_Audit_PHP_Latest.json
-App Service,"Ensure that 'PHP version' is the latest, if used as a part of the WEB app",,,,,,3.14.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_Webapp_Audit_PHP_Latest.json
-App Service,"Ensure that 'PHP version' is the latest, if used as a part of the WEB app",,9.6,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_Webapp_Audit_PHP_Latest.json
-App Service,"Ensure that 'PHP version' is the latest, if used as a part of the WEB app",PV-7,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_Webapp_Audit_PHP_Latest.json
-App Service,"Ensure that 'Python version' is the latest, if used as a part of the API app",,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_python_Latest.json
-App Service,"Ensure that 'Python version' is the latest, if used as a part of the API app",,,,,,3.14.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_python_Latest.json
-App Service,"Ensure that 'Python version' is the latest, if used as a part of the API app",,9.7,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_python_Latest.json
-App Service,"Ensure that 'Python version' is the latest, if used as a part of the API app",PV-7,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_python_Latest.json
-App Service,"Ensure that 'Python version' is the latest, if used as a part of the Function app",,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_python_Latest.json
-App Service,"Ensure that 'Python version' is the latest, if used as a part of the Function app",,,,,,3.14.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_python_Latest.json
-App Service,"Ensure that 'Python version' is the latest, if used as a part of the Function app",,9.7,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_python_Latest.json
-App Service,"Ensure that 'Python version' is the latest, if used as a part of the Function app",PV-7,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_python_Latest.json
-App Service,"Ensure that 'Python version' is the latest, if used as a part of the Web app",,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_python_Latest.json
-App Service,"Ensure that 'Python version' is the latest, if used as a part of the Web app",,,,,,3.14.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_python_Latest.json
-App Service,"Ensure that 'Python version' is the latest, if used as a part of the Web app",,9.7,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_python_Latest.json
-App Service,"Ensure that 'Python version' is the latest, if used as a part of the Web app",PV-7,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_python_Latest.json
-Batch,Resource logs in Batch accounts should be enabled,,,,,,,ID : 1205.09aa2System.1 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Batch/Batch_AuditDiagnosticLog_Audit.json
-Batch,Resource logs in Batch accounts should be enabled,,5.3,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Batch/Batch_AuditDiagnosticLog_Audit.json
-Batch,Resource logs in Batch accounts should be enabled,LT-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Batch/Batch_AuditDiagnosticLog_Audit.json
+App Service,"Ensure that 'Java version' is the latest, if used as a part of the API app",PV-7,9.8,,,,3.14.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_java_Latest.json
+App Service,"Ensure that 'Java version' is the latest, if used as a part of the Function app",PV-7,9.8,,,,3.14.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_java_Latest.json
+App Service,"Ensure that 'Java version' is the latest, if used as a part of the Web app",PV-7,9.8,,,,3.14.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_java_Latest.json
+App Service,"Ensure that 'PHP version' is the latest, if used as a part of the API app",PV-7,9.6,,,,3.14.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_PHP_Latest.json
+App Service,"Ensure that 'PHP version' is the latest, if used as a part of the WEB app",PV-7,9.6,,,,3.14.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_Webapp_Audit_PHP_Latest.json
+App Service,"Ensure that 'Python version' is the latest, if used as a part of the API app",PV-7,9.7,,,,3.14.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_python_Latest.json
+App Service,"Ensure that 'Python version' is the latest, if used as a part of the Function app",PV-7,9.7,,,,3.14.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_python_Latest.json
+App Service,"Ensure that 'Python version' is the latest, if used as a part of the Web app",PV-7,9.7,,,,3.14.1,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_python_Latest.json
+Batch,Resource logs in Batch accounts should be enabled,LT-4,5.3,,,,,1205.09aa2System.1 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Batch/Batch_AuditDiagnosticLog_Audit.json
 Compute,Only approved VM extensions should be installed,,7.4,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/VirtualMachines_ApprovedExtensions_Audit.json
-Compute,Resource logs in Virtual Machine Scale Sets should be enabled,,,,,,,ID : 1206.09aa2System.23 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/ServiceFabric_and_VMSS_AuditVMSSDiagnostics.json
-Compute,Resource logs in Virtual Machine Scale Sets should be enabled,,5.3,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/ServiceFabric_and_VMSS_AuditVMSSDiagnostics.json
-Compute,Resource logs in Virtual Machine Scale Sets should be enabled,LT-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/ServiceFabric_and_VMSS_AuditVMSSDiagnostics.json
+Compute,Resource logs in Virtual Machine Scale Sets should be enabled,LT-4,5.3,,,,,1206.09aa2System.23 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/ServiceFabric_and_VMSS_AuditVMSSDiagnostics.json
 Data Box,Azure Data Box jobs should enable double encryption for data at rest on the device,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Box/DataBox_DoubleEncryption_Audit.json
-Data Lake,Resource logs in Azure Data Lake Store should be enabled,,,,,,,ID : 1202.09aa1System.1 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Lake/DataLakeStore_AuditDiagnosticLog_Audit.json
-Data Lake,Resource logs in Azure Data Lake Store should be enabled,,5.3,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Lake/DataLakeStore_AuditDiagnosticLog_Audit.json
-Data Lake,Resource logs in Azure Data Lake Store should be enabled,LT-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Lake/DataLakeStore_AuditDiagnosticLog_Audit.json
-Data Lake,Resource logs in Data Lake Analytics should be enabled,,,,,,,ID : 1210.09aa3System.3 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Lake/DataLakeAnalytics_AuditDiagnosticLog_Audit.json
-Data Lake,Resource logs in Data Lake Analytics should be enabled,,5.3,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Lake/DataLakeAnalytics_AuditDiagnosticLog_Audit.json
-Data Lake,Resource logs in Data Lake Analytics should be enabled,LT-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Lake/DataLakeAnalytics_AuditDiagnosticLog_Audit.json
-Event Hub,Resource logs in Event Hub should be enabled,,,,,,,ID : 1207.09aa2System.4 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Event%20Hub/EventHub_AuditDiagnosticLog_Audit.json
-Event Hub,Resource logs in Event Hub should be enabled,,5.3,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Event%20Hub/EventHub_AuditDiagnosticLog_Audit.json
-Event Hub,Resource logs in Event Hub should be enabled,LT-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Event%20Hub/EventHub_AuditDiagnosticLog_Audit.json
+Data Lake,Resource logs in Azure Data Lake Store should be enabled,LT-4,5.3,,,,,1202.09aa1System.1 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Lake/DataLakeStore_AuditDiagnosticLog_Audit.json
+Data Lake,Resource logs in Data Lake Analytics should be enabled,LT-4,5.3,,,,,1210.09aa3System.3 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Lake/DataLakeAnalytics_AuditDiagnosticLog_Audit.json
+Event Hub,Resource logs in Event Hub should be enabled,LT-4,5.3,,,,,1207.09aa2System.4 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Event%20Hub/EventHub_AuditDiagnosticLog_Audit.json
 General,Allowed locations,,,,,,,,ESS-2,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/General/AllowedLocations_Deny.json
 General,Allowed locations for resource groups,,,,,,,,ESS-2,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/General/ResourceGroupAllowedLocations_Deny.json
-Guest Configuration,Audit Linux machines that allow remote connections from accounts without passwords,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword110_AINE.json
-Guest Configuration,Audit Linux machines that allow remote connections from accounts without passwords,,,,,,,,AC-2,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword110_AINE.json
-Guest Configuration,Audit Linux machines that allow remote connections from accounts without passwords,,,,,,3.1.12,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword110_AINE.json
-Guest Configuration,Audit Linux machines that allow remote connections from accounts without passwords,,,,,AC-17 (1),,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword110_AINE.json
-Guest Configuration,Audit Linux machines that allow remote connections from accounts without passwords,,,,A.9.1.2,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword110_AINE.json
-Guest Configuration,Audit Linux machines that do not have the passwd file permissions set to 0644,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword121_AINE.json
-Guest Configuration,Audit Linux machines that do not have the passwd file permissions set to 0644,,,,,,3.5.10,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword121_AINE.json
-Guest Configuration,Audit Linux machines that do not have the passwd file permissions set to 0644,,,,,IA-5,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword121_AINE.json
-Guest Configuration,Audit Linux machines that do not have the passwd file permissions set to 0644,,,,A.9.2.4,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword121_AINE.json
-Guest Configuration,Audit Linux machines that have accounts without passwords,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword232_AINE.json
-Guest Configuration,Audit Linux machines that have accounts without passwords,,,,,,,,AC-2,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword232_AINE.json
-Guest Configuration,Audit Linux machines that have accounts without passwords,,,,,,3.5.7,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword232_AINE.json
-Guest Configuration,Audit Linux machines that have accounts without passwords,,,,,IA-5,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword232_AINE.json
-Guest Configuration,Audit Linux machines that have accounts without passwords,,,,A.9.1.2,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword232_AINE.json
-Guest Configuration,Audit Windows machines missing any of specified members in the Administrators group,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToInclude_AINE.json
-Guest Configuration,Audit Windows machines missing any of specified members in the Administrators group,,,,,,,,AC-9,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToInclude_AINE.json
-Guest Configuration,Audit Windows machines missing any of specified members in the Administrators group,,,,,,,ID : 1127.01q2System.3 - 01.q,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToInclude_AINE.json
-Guest Configuration,Audit Windows machines missing any of specified members in the Administrators group,,,,,,3.1.4,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToInclude_AINE.json
-Guest Configuration,Audit Windows machines missing any of specified members in the Administrators group,,,,,AC-6 (7),,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToInclude_AINE.json
-Guest Configuration,Audit Windows machines on which the Log Analytics agent is not connected as expected,,,,,,,ID : 1217.09ab3System.3 - 09.ab,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsLogAnalyticsAgentConnection_AINE.json
-Guest Configuration,Audit Windows machines that allow re-use of the previous 24 passwords,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordEnforce_AINE.json
-Guest Configuration,Audit Windows machines that allow re-use of the previous 24 passwords,,,,,,3.5.8,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordEnforce_AINE.json
-Guest Configuration,Audit Windows machines that allow re-use of the previous 24 passwords,,,,,IA-5 (1),,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordEnforce_AINE.json
-Guest Configuration,Audit Windows machines that allow re-use of the previous 24 passwords,,,,A.9.4.3,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordEnforce_AINE.json
-Guest Configuration,Audit Windows machines that do not contain the specified certificates in Trusted Root,,,,,,,ID : 0945.09y1Organizational.3 - 09.y,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsCertificateInTrustedRoot_AINE.json
-Guest Configuration,Audit Windows machines that do not have a maximum password age of 70 days,,,,,IA-5 (1),,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsMaximumPassword_AINE.json
-Guest Configuration,Audit Windows machines that do not have a maximum password age of 70 days,,,,A.9.4.3,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsMaximumPassword_AINE.json
-Guest Configuration,Audit Windows machines that do not have a minimum password age of 1 day,,,,,IA-5 (1),,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsMinimumPassword_AINE.json
-Guest Configuration,Audit Windows machines that do not have a minimum password age of 1 day,,,,A.9.4.3,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsMinimumPassword_AINE.json
-Guest Configuration,Audit Windows machines that do not have the password complexity setting enabled,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordComplexity_AINE.json
-Guest Configuration,Audit Windows machines that do not have the password complexity setting enabled,,,,,,3.5.7,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordComplexity_AINE.json
-Guest Configuration,Audit Windows machines that do not have the password complexity setting enabled,,,,,IA-5 (1),,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordComplexity_AINE.json
-Guest Configuration,Audit Windows machines that do not have the password complexity setting enabled,,,,A.9.4.3,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordComplexity_AINE.json
-Guest Configuration,Audit Windows machines that do not restrict the minimum password length to 14 characters,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordLength_AINE.json
-Guest Configuration,Audit Windows machines that do not restrict the minimum password length to 14 characters,,,,,,3.5.7,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordLength_AINE.json
-Guest Configuration,Audit Windows machines that do not restrict the minimum password length to 14 characters,,,,,IA-5 (1),,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordLength_AINE.json
-Guest Configuration,Audit Windows machines that do not restrict the minimum password length to 14 characters,,,,A.9.4.3,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordLength_AINE.json
-Guest Configuration,Audit Windows machines that do not store passwords using reversible encryption,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordEncryption_AINE.json
-Guest Configuration,Audit Windows machines that do not store passwords using reversible encryption,,,,,,3.5.10,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordEncryption_AINE.json
-Guest Configuration,Audit Windows machines that do not store passwords using reversible encryption,,,,,IA-5 (1),,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordEncryption_AINE.json
-Guest Configuration,Audit Windows machines that do not store passwords using reversible encryption,,,,A.10.1.1,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordEncryption_AINE.json
-Guest Configuration,Audit Windows machines that have extra accounts in the Administrators group,,,,,,,,AC-9,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembers_AINE.json
-Guest Configuration,Audit Windows machines that have extra accounts in the Administrators group,,,,,,,ID : 1123.01q1System.2 - 01.q,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembers_AINE.json
-Guest Configuration,Audit Windows machines that have the specified members in the Administrators group,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToExclude_AINE.json
-Guest Configuration,Audit Windows machines that have the specified members in the Administrators group,,,,,,,,AC-9,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToExclude_AINE.json
-Guest Configuration,Audit Windows machines that have the specified members in the Administrators group,,,,,,,ID : 1125.01q2System.1 - 01.q,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToExclude_AINE.json
-Guest Configuration,Audit Windows machines that have the specified members in the Administrators group,,,,,,3.1.4,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToExclude_AINE.json
-Guest Configuration,Audit Windows machines that have the specified members in the Administrators group,,,,,AC-6 (7),,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToExclude_AINE.json
-Guest Configuration,Windows Defender Exploit Guard should be enabled on your machines,,,,,,,,DM-4,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsDefenderExploitGuard_AINE.json
-Guest Configuration,Windows Defender Exploit Guard should be enabled on your machines,ES-2,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsDefenderExploitGuard_AINE.json
-Guest Configuration,Windows machines should meet requirements for 'Security Options - Accounts',,,,,,,ID : 1148.01c2System.78 - 01.c,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsAccounts_AINE.json
-Guest Configuration,Windows machines should meet requirements for 'Security Options - Audit',,,,,,,ID : 0605.10h1System.12 - 10.h,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsAudit_AINE.json
-Guest Configuration,Windows machines should meet requirements for 'Security Options - Microsoft Network Server',,,,,,,ID : 0709.10m1Organizational.1 - 10.m,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsMicrosoftNetworkServer_AINE.json
-Guest Configuration,Windows machines should meet requirements for 'Security Options - Network Access',,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsNetworkAccess_AINE.json
-Guest Configuration,Windows machines should meet requirements for 'Security Options - Network Access',,,,,,,ID : 0861.09m2Organizational.67 - 09.m,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsNetworkAccess_AINE.json
-Guest Configuration,Windows machines should meet requirements for 'Security Options - Network Security',,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsNetworkSecurity_AINE.json
+Guest Configuration,Audit Linux machines that allow remote connections from accounts without passwords,,,,A.9.1.2,AC-17 (1),3.1.12,,AC-2,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword110_AINE.json
+Guest Configuration,Audit Linux machines that do not have the passwd file permissions set to 0644,,,,A.9.2.4,IA-5,3.5.10,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword121_AINE.json
+Guest Configuration,Audit Linux machines that have accounts without passwords,,,,A.9.1.2,IA-5,3.5.7,,AC-2,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword232_AINE.json
+Guest Configuration,Audit Windows machines missing any of specified members in the Administrators group,,,,,AC-6 (7),3.1.4,1127.01q2System.3 - 01.q,AC-9,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToInclude_AINE.json
+Guest Configuration,Audit Windows machines on which the Log Analytics agent is not connected as expected,,,,,,,1217.09ab3System.3 - 09.ab,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsLogAnalyticsAgentConnection_AINE.json
+Guest Configuration,Audit Windows machines that allow re-use of the previous 24 passwords,,,,A.9.4.3,IA-5 (1),3.5.8,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordEnforce_AINE.json
+Guest Configuration,Audit Windows machines that do not contain the specified certificates in Trusted Root,,,,,,,0945.09y1Organizational.3 - 09.y,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsCertificateInTrustedRoot_AINE.json
+Guest Configuration,Audit Windows machines that do not have a maximum password age of 70 days,,,,A.9.4.3,IA-5 (1),,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsMaximumPassword_AINE.json
+Guest Configuration,Audit Windows machines that do not have a minimum password age of 1 day,,,,A.9.4.3,IA-5 (1),,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsMinimumPassword_AINE.json
+Guest Configuration,Audit Windows machines that do not have the password complexity setting enabled,,,,A.9.4.3,IA-5 (1),3.5.7,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordComplexity_AINE.json
+Guest Configuration,Audit Windows machines that do not restrict the minimum password length to 14 characters,,,,A.9.4.3,IA-5 (1),3.5.7,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordLength_AINE.json
+Guest Configuration,Audit Windows machines that do not store passwords using reversible encryption,,,,A.10.1.1,IA-5 (1),3.5.10,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordEncryption_AINE.json
+Guest Configuration,Audit Windows machines that have extra accounts in the Administrators group,,,,,,,1123.01q1System.2 - 01.q,AC-9,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembers_AINE.json
+Guest Configuration,Audit Windows machines that have the specified members in the Administrators group,,,,,AC-6 (7),3.1.4,1125.01q2System.1 - 01.q,AC-9,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToExclude_AINE.json
+Guest Configuration,Windows Defender Exploit Guard should be enabled on your machines,ES-2,,,,,,,DM-4,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsDefenderExploitGuard_AINE.json
+Guest Configuration,Windows machines should meet requirements for 'Security Options - Accounts',,,,,,,1148.01c2System.78 - 01.c,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsAccounts_AINE.json
+Guest Configuration,Windows machines should meet requirements for 'Security Options - Audit',,,,,,,0605.10h1System.12 - 10.h,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsAudit_AINE.json
+Guest Configuration,Windows machines should meet requirements for 'Security Options - Microsoft Network Server',,,,,,,0709.10m1Organizational.1 - 10.m,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsMicrosoftNetworkServer_AINE.json
+Guest Configuration,Windows machines should meet requirements for 'Security Options - Network Access',,,,,,,0861.09m2Organizational.67 - 09.m,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsNetworkAccess_AINE.json
 Guest Configuration,Windows machines should meet requirements for 'Security Options - Network Security',,,,,,3.5.10,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsNetworkSecurity_AINE.json
-Guest Configuration,Windows machines should meet requirements for 'Security Options - Recovery console',,,,,,,ID : 1637.12b2Organizational.2 - 12.b,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsRecoveryconsole_AINE.json
-Guest Configuration,Windows machines should meet requirements for 'Security Options - User Account Control',,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsUserAccountControl_AINE.json
-Guest Configuration,Windows machines should meet requirements for 'Security Options - User Account Control',,,,,,,ID : 1277.09c2Organizational.4 - 09.c,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsUserAccountControl_AINE.json
+Guest Configuration,Windows machines should meet requirements for 'Security Options - Recovery console',,,,,,,1637.12b2Organizational.2 - 12.b,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsRecoveryconsole_AINE.json
+Guest Configuration,Windows machines should meet requirements for 'Security Options - User Account Control',,,,,,,1277.09c2Organizational.4 - 09.c,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsUserAccountControl_AINE.json
 Guest Configuration,Windows machines should meet requirements for 'Security Settings - Account Policies',,,,,,,,AC-4,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecuritySettingsAccountPolicies_AINE.json
-Guest Configuration,Windows machines should meet requirements for 'System Audit Policies - Account Management',,,,,,,ID : 0605.10h1System.12 - 10.h,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SystemAuditPoliciesAccountManagement_AINE.json
-Guest Configuration,Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking',,,,,,,ID : 0644.10k3Organizational.4 - 10.k,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SystemAuditPoliciesDetailedTracking_AINE.json
+Guest Configuration,Windows machines should meet requirements for 'System Audit Policies - Account Management',,,,,,,0605.10h1System.12 - 10.h,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SystemAuditPoliciesAccountManagement_AINE.json
+Guest Configuration,Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking',,,,,,,0644.10k3Organizational.4 - 10.k,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SystemAuditPoliciesDetailedTracking_AINE.json
 Guest Configuration,Windows machines should meet requirements for 'System Audit Policies - Policy Change',,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SystemAuditPoliciesPolicyChange_AINE.json
 Guest Configuration,Windows machines should meet requirements for 'System Audit Policies - Privilege Use',,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SystemAuditPoliciesPrivilegeUse_AINE.json
-Guest Configuration,Windows machines should meet requirements for 'User Rights Assignment',,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_UserRightsAssignment_AINE.json
-Guest Configuration,Windows machines should meet requirements for 'User Rights Assignment',,,,,,,ID : 1232.09c3Organizational.12 - 09.c,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_UserRightsAssignment_AINE.json
-Guest Configuration,Windows machines should meet requirements for 'Windows Firewall Properties',,,,,,,ID : 0858.09m1Organizational.4 - 09.m,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsFirewallProperties_AINE.json
-Guest Configuration,Windows web servers should be configured to use secure communication protocols,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecureWebProtocol_AINE.json
-Guest Configuration,Windows web servers should be configured to use secure communication protocols,,,,,,,,DM-6,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecureWebProtocol_AINE.json
-Guest Configuration,Windows web servers should be configured to use secure communication protocols,,,,,,3.13.8,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecureWebProtocol_AINE.json
-Guest Configuration,Windows web servers should be configured to use secure communication protocols,,,,,SC-8 (1),,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecureWebProtocol_AINE.json
-Guest Configuration,Windows web servers should be configured to use secure communication protocols,DP-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecureWebProtocol_AINE.json
+Guest Configuration,Windows machines should meet requirements for 'User Rights Assignment',,,,,,,1232.09c3Organizational.12 - 09.c,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_UserRightsAssignment_AINE.json
+Guest Configuration,Windows machines should meet requirements for 'Windows Firewall Properties',,,,,,,0858.09m1Organizational.4 - 09.m,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsFirewallProperties_AINE.json
+Guest Configuration,Windows web servers should be configured to use secure communication protocols,DP-4,,,,SC-8 (1),3.13.8,,DM-6,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecureWebProtocol_AINE.json
 Guest Configuration,[Preview]: Linux machines should meet requirements for the Azure security baseline,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AzureLinuxBaseline_AINE.json
-Internet of Things,Resource logs in IoT Hub should be enabled,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Internet%20of%20Things/IoTHub_AuditDiagnosticLog_Audit.json
-Internet of Things,Resource logs in IoT Hub should be enabled,,,,,,,ID : 1204.09aa1System.3 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Internet%20of%20Things/IoTHub_AuditDiagnosticLog_Audit.json
-Internet of Things,Resource logs in IoT Hub should be enabled,,5.3,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Internet%20of%20Things/IoTHub_AuditDiagnosticLog_Audit.json
-Internet of Things,Resource logs in IoT Hub should be enabled,LT-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Internet%20of%20Things/IoTHub_AuditDiagnosticLog_Audit.json
-Key Vault,Resource logs in Azure Key Vault Managed HSM should be enabled,,,,,,,ID : 1211.09aa3System.4 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/ManagedHsm_AuditDiagnosticLog_Audit.json
-Key Vault,Resource logs in Key Vault should be enabled,,,,,,,ID : 1211.09aa3System.4 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/KeyVault_AuditDiagnosticLog_Audit.json
-Key Vault,Resource logs in Key Vault should be enabled,,5.3,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/KeyVault_AuditDiagnosticLog_Audit.json
-Key Vault,Resource logs in Key Vault should be enabled,LT-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/KeyVault_AuditDiagnosticLog_Audit.json
+Internet of Things,Resource logs in IoT Hub should be enabled,LT-4,5.3,,,,,1204.09aa1System.3 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Internet%20of%20Things/IoTHub_AuditDiagnosticLog_Audit.json
+Key Vault,Resource logs in Azure Key Vault Managed HSM should be enabled,,,,,,,1211.09aa3System.4 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/ManagedHsm_AuditDiagnosticLog_Audit.json
+Key Vault,Resource logs in Key Vault should be enabled,LT-4,5.3,,,,,1211.09aa3System.4 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/KeyVault_AuditDiagnosticLog_Audit.json
 Key Vault,[Preview]: Certificates using RSA cryptography should have the specified minimum key size,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/Certificates_RSA_MinimumKeySize.json
 Key Vault,[Preview]: Keys should be the specified cryptographic type RSA or EC,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/Keys_AllowedKeyTypes.json
 Key Vault,[Preview]: Keys using RSA cryptography should have a specified minimum key size,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/Keys_RSA_MinimumKeySize.json
@@ -149,60 +67,23 @@ Kubernetes,Kubernetes cluster containers should only use allowed capabilities,PV
 Kubernetes,Kubernetes cluster containers should run with a read only root file system,PV-2,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ReadOnlyRootFileSystem.json
 Kubernetes,Kubernetes cluster pod hostPath volumes should only use allowed host paths,PV-2,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/AllowedHostPaths.json
 Kubernetes,Kubernetes cluster pods and containers should only run with approved user and group IDs,PV-2,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/AllowedUsersGroups.json
-Kubernetes,Kubernetes cluster pods should only use approved host network and port range,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/HostNetworkPorts.json
 Kubernetes,Kubernetes cluster pods should only use approved host network and port range,PV-2,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/HostNetworkPorts.json
 Kubernetes,Kubernetes clusters should be accessible only over HTTPS,DP-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/IngressHttpsOnly.json
 Kubernetes,Kubernetes clusters should not allow container privilege escalation,PV-2,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ContainerNoPrivilegeEscalation.json
-Logic Apps,Resource logs in Logic Apps should be enabled,,,,,,,ID : 1203.09aa1System.2 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Logic%20Apps/LogicApps_AuditDiagnosticLog_Audit.json
-Logic Apps,Resource logs in Logic Apps should be enabled,,5.3,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Logic%20Apps/LogicApps_AuditDiagnosticLog_Audit.json
-Logic Apps,Resource logs in Logic Apps should be enabled,LT-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Logic%20Apps/LogicApps_AuditDiagnosticLog_Audit.json
-Monitoring,An activity log alert should exist for specific Administrative operations,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_AdministrativeOperations_Audit.json
-Monitoring,An activity log alert should exist for specific Administrative operations,,,,,,,ID : 1271.09ad1System.1 - 09.ad,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_AdministrativeOperations_Audit.json
-Monitoring,An activity log alert should exist for specific Administrative operations,,5.2.9,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_AdministrativeOperations_Audit.json
-Monitoring,An activity log alert should exist for specific Policy operations,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_PolicyOperations_Audit.json
+Logic Apps,Resource logs in Logic Apps should be enabled,LT-4,5.3,,,,,1203.09aa1System.2 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Logic%20Apps/LogicApps_AuditDiagnosticLog_Audit.json
+Monitoring,An activity log alert should exist for specific Administrative operations,,5.2.9,,,,,1271.09ad1System.1 - 09.ad,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_AdministrativeOperations_Audit.json
 Monitoring,An activity log alert should exist for specific Policy operations,,5.2.2,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_PolicyOperations_Audit.json
-Monitoring,An activity log alert should exist for specific Security operations,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_SecurityOperations_Audit.json
 Monitoring,An activity log alert should exist for specific Security operations,,5.2.8,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_SecurityOperations_Audit.json
 Monitoring,Audit Dependency agent deployment - VM Image (OS) unlisted,,,,A.12.4.4,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DependencyAgent_OSImage_Audit.json
 Monitoring,Audit Dependency agent deployment in virtual machine scale sets - VM Image (OS) unlisted,,,,A.12.4.4,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DependencyAgent_OSImage_VMSS_Audit.json
-Monitoring,Audit Log Analytics agent deployment in virtual machine scale sets - VM Image (OS) unlisted,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/LogAnalytics_OSImage_VMSS_Audit.json
-Monitoring,Audit Log Analytics agent deployment in virtual machine scale sets - VM Image (OS) unlisted,,,,,,,,AC-14,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/LogAnalytics_OSImage_VMSS_Audit.json
-Monitoring,Audit Log Analytics agent deployment in virtual machine scale sets - VM Image (OS) unlisted,,,,,,3.3.2,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/LogAnalytics_OSImage_VMSS_Audit.json
-Monitoring,Audit Log Analytics agent deployment in virtual machine scale sets - VM Image (OS) unlisted,,,,,SI-4,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/LogAnalytics_OSImage_VMSS_Audit.json
-Monitoring,Audit Log Analytics agent deployment in virtual machine scale sets - VM Image (OS) unlisted,,,,A.12.4.4,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/LogAnalytics_OSImage_VMSS_Audit.json
-Monitoring,Audit Log Analytics workspace for VM - Report Mismatch,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/LogAnalytics_WorkspaceMismatch_VM_Audit.json
-Monitoring,Audit Log Analytics workspace for VM - Report Mismatch,,,,,,,,AC-14,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/LogAnalytics_WorkspaceMismatch_VM_Audit.json
-Monitoring,Audit Log Analytics workspace for VM - Report Mismatch,,,,,,3.3.2,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/LogAnalytics_WorkspaceMismatch_VM_Audit.json
-Monitoring,Audit Log Analytics workspace for VM - Report Mismatch,,,,,SI-4,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/LogAnalytics_WorkspaceMismatch_VM_Audit.json
-Monitoring,Audit diagnostic setting,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DiagnosticSettingsForTypes_Audit.json
-Monitoring,Audit diagnostic setting,,,,,,,,DM-6,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DiagnosticSettingsForTypes_Audit.json
-Monitoring,Audit diagnostic setting,,,,,,,ID : 1210.09aa3System.3 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DiagnosticSettingsForTypes_Audit.json
-Monitoring,Audit diagnostic setting,,,,,,3.3.4,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DiagnosticSettingsForTypes_Audit.json
-Monitoring,Audit diagnostic setting,,,,,AU-12,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DiagnosticSettingsForTypes_Audit.json
-Monitoring,Audit diagnostic setting,,,,A.12.4.4,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DiagnosticSettingsForTypes_Audit.json
-Network,Network Watcher should be enabled,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkWatcher_Enabled_Audit.json
-Network,Network Watcher should be enabled,,,,,,,ID : 0888.09n2Organizational.6 - 09.n,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkWatcher_Enabled_Audit.json
-Network,Network Watcher should be enabled,,,,,,3.14.6,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkWatcher_Enabled_Audit.json
-Network,Network Watcher should be enabled,,6.5,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkWatcher_Enabled_Audit.json
-Network,Network Watcher should be enabled,LT-3,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkWatcher_Enabled_Audit.json
-Network,Virtual machines should be connected to an approved virtual network,,,,,,,ID : 0814.01n1Organizational.12 - 01.n,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/ApprovedVirtualNetwork_Audit.json
-Network,Web Application Firewall (WAF) should use the specified mode for Application Gateway,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/WAF_AppGatewayMode_Audit.json
+Monitoring,Audit Log Analytics agent deployment in virtual machine scale sets - VM Image (OS) unlisted,,,,A.12.4.4,SI-4,3.3.2,,AC-14,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/LogAnalytics_OSImage_VMSS_Audit.json
+Monitoring,Audit Log Analytics workspace for VM - Report Mismatch,,,,,SI-4,3.3.2,,AC-14,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/LogAnalytics_WorkspaceMismatch_VM_Audit.json
+Monitoring,Audit diagnostic setting,,,,A.12.4.4,AU-12,3.3.4,1210.09aa3System.3 - 09.aa,DM-6,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DiagnosticSettingsForTypes_Audit.json
+Network,Network Watcher should be enabled,LT-3,6.5,,,,3.14.6,0888.09n2Organizational.6 - 09.n,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkWatcher_Enabled_Audit.json
+Network,Virtual machines should be connected to an approved virtual network,,,,,,,0814.01n1Organizational.12 - 01.n,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/ApprovedVirtualNetwork_Audit.json
 Network,Web Application Firewall (WAF) should use the specified mode for Application Gateway,,,,,,,,NS-7,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/WAF_AppGatewayMode_Audit.json
-Network,Web Application Firewall (WAF) should use the specified mode for Azure Front Door Service,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/WAF_AFD_Mode_Audit.json
 Network,Web Application Firewall (WAF) should use the specified mode for Azure Front Door Service,,,,,,,,NS-7,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/WAF_AFD_Mode_Audit.json
-SQL,Auditing on SQL server should be enabled,,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServerAuditing_Audit.json
-SQL,Auditing on SQL server should be enabled,,,,,,,ID : 1211.09aa3System.4 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServerAuditing_Audit.json
-SQL,Auditing on SQL server should be enabled,,,,,,3.3.4,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServerAuditing_Audit.json
-SQL,Auditing on SQL server should be enabled,,,,,AU-12,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServerAuditing_Audit.json
-SQL,Auditing on SQL server should be enabled,,,,A.12.4.4,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServerAuditing_Audit.json
-SQL,Auditing on SQL server should be enabled,,4.1.1,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServerAuditing_Audit.json
-SQL,Auditing on SQL server should be enabled,LT-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServerAuditing_Audit.json
-Search,Resource logs in Search services should be enabled,,,,,,,ID : 1208.09aa3System.1 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Search/Search_AuditDiagnosticLog_Audit.json
-Search,Resource logs in Search services should be enabled,,5.3,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Search/Search_AuditDiagnosticLog_Audit.json
-Search,Resource logs in Search services should be enabled,LT-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Search/Search_AuditDiagnosticLog_Audit.json
-Service Bus,Resource logs in Service Bus should be enabled,,,,,,,ID : 1208.09aa3System.1 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Service%20Bus/ServiceBus_AuditDiagnosticLog_Audit.json
-Service Bus,Resource logs in Service Bus should be enabled,,5.3,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Service%20Bus/ServiceBus_AuditDiagnosticLog_Audit.json
-Service Bus,Resource logs in Service Bus should be enabled,LT-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Service%20Bus/ServiceBus_AuditDiagnosticLog_Audit.json
-Stream Analytics,Resource logs in Azure Stream Analytics should be enabled,,,,,,,ID : 1207.09aa2System.4 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Stream%20Analytics/StreamAnalytics_AuditDiagnosticLog_Audit.json
-Stream Analytics,Resource logs in Azure Stream Analytics should be enabled,,5.3,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Stream%20Analytics/StreamAnalytics_AuditDiagnosticLog_Audit.json
-Stream Analytics,Resource logs in Azure Stream Analytics should be enabled,LT-4,,,,,,,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Stream%20Analytics/StreamAnalytics_AuditDiagnosticLog_Audit.json
+SQL,Auditing on SQL server should be enabled,LT-4,4.1.1,,A.12.4.4,AU-12,3.3.4,1211.09aa3System.4 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServerAuditing_Audit.json
+Search,Resource logs in Search services should be enabled,LT-4,5.3,,,,,1208.09aa3System.1 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Search/Search_AuditDiagnosticLog_Audit.json
+Service Bus,Resource logs in Service Bus should be enabled,LT-4,5.3,,,,,1208.09aa3System.1 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Service%20Bus/ServiceBus_AuditDiagnosticLog_Audit.json
+Stream Analytics,Resource logs in Azure Stream Analytics should be enabled,LT-4,5.3,,,,,1207.09aa2System.4 - 09.aa,,https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Stream%20Analytics/StreamAnalytics_AuditDiagnosticLog_Audit.json
diff --git a/docs/params-required.md b/docs/params-required.md
index ab3db50..cdb4cc5 100644
--- a/docs/params-required.md
+++ b/docs/params-required.md
@@ -1,209 +1,90 @@
-| Service             | Policy Definition                                                                                                                                                                                                                                                             | Azure Security Benchmark   | CIS   | CCMC L3   | ISO 27001   | NIST SP 800-53 R4   | NIST SP 800-171 R2   | HIPAA HITRUST 9.2                      | New Zealand ISM   |
-|---------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------|-------|-----------|-------------|---------------------|----------------------|----------------------------------------|-------------------|
-| API Management      | [API Management services should use a virtual network](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/API%20Management/ApiManagement_VNETEnabled_Audit.json)                                                                           | NS-1                       |       |           |             |                     |                      |                                        |                   |
-| App Platform        | [Azure Spring Cloud should use network injection](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Platform/Spring_VNETEnabled_Audit.json)                                                                                         | NS-2                       |       |           |             |                     |                      |                                        |                   |
-| App Service         | [Ensure that 'Java version' is the latest, if used as a part of the API app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_java_Latest.json)                                                    |                            |       |           |             |                     |                      |                                        |                   |
-| App Service         | [Ensure that 'Java version' is the latest, if used as a part of the API app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_java_Latest.json)                                                    |                            |       |           |             |                     | 3.14.1               |                                        |                   |
-| App Service         | [Ensure that 'Java version' is the latest, if used as a part of the API app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_java_Latest.json)                                                    |                            | 9.8   |           |             |                     |                      |                                        |                   |
-| App Service         | [Ensure that 'Java version' is the latest, if used as a part of the API app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_java_Latest.json)                                                    | PV-7                       |       |           |             |                     |                      |                                        |                   |
-| App Service         | [Ensure that 'Java version' is the latest, if used as a part of the Function app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_java_Latest.json)                                          |                            |       |           |             |                     |                      |                                        |                   |
-| App Service         | [Ensure that 'Java version' is the latest, if used as a part of the Function app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_java_Latest.json)                                          |                            |       |           |             |                     | 3.14.1               |                                        |                   |
-| App Service         | [Ensure that 'Java version' is the latest, if used as a part of the Function app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_java_Latest.json)                                          |                            | 9.8   |           |             |                     |                      |                                        |                   |
-| App Service         | [Ensure that 'Java version' is the latest, if used as a part of the Function app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_java_Latest.json)                                          | PV-7                       |       |           |             |                     |                      |                                        |                   |
-| App Service         | [Ensure that 'Java version' is the latest, if used as a part of the Web app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_java_Latest.json)                                                    |                            |       |           |             |                     |                      |                                        |                   |
-| App Service         | [Ensure that 'Java version' is the latest, if used as a part of the Web app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_java_Latest.json)                                                    |                            |       |           |             |                     | 3.14.1               |                                        |                   |
-| App Service         | [Ensure that 'Java version' is the latest, if used as a part of the Web app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_java_Latest.json)                                                    |                            | 9.8   |           |             |                     |                      |                                        |                   |
-| App Service         | [Ensure that 'Java version' is the latest, if used as a part of the Web app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_java_Latest.json)                                                    | PV-7                       |       |           |             |                     |                      |                                        |                   |
-| App Service         | [Ensure that 'PHP version' is the latest, if used as a part of the API app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_PHP_Latest.json)                                                      |                            |       |           |             |                     |                      |                                        |                   |
-| App Service         | [Ensure that 'PHP version' is the latest, if used as a part of the API app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_PHP_Latest.json)                                                      |                            |       |           |             |                     | 3.14.1               |                                        |                   |
-| App Service         | [Ensure that 'PHP version' is the latest, if used as a part of the API app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_PHP_Latest.json)                                                      |                            | 9.6   |           |             |                     |                      |                                        |                   |
-| App Service         | [Ensure that 'PHP version' is the latest, if used as a part of the API app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_PHP_Latest.json)                                                      | PV-7                       |       |           |             |                     |                      |                                        |                   |
-| App Service         | [Ensure that 'PHP version' is the latest, if used as a part of the WEB app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_Webapp_Audit_PHP_Latest.json)                                                      |                            |       |           |             |                     |                      |                                        |                   |
-| App Service         | [Ensure that 'PHP version' is the latest, if used as a part of the WEB app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_Webapp_Audit_PHP_Latest.json)                                                      |                            |       |           |             |                     | 3.14.1               |                                        |                   |
-| App Service         | [Ensure that 'PHP version' is the latest, if used as a part of the WEB app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_Webapp_Audit_PHP_Latest.json)                                                      |                            | 9.6   |           |             |                     |                      |                                        |                   |
-| App Service         | [Ensure that 'PHP version' is the latest, if used as a part of the WEB app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_Webapp_Audit_PHP_Latest.json)                                                      | PV-7                       |       |           |             |                     |                      |                                        |                   |
-| App Service         | [Ensure that 'Python version' is the latest, if used as a part of the API app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_python_Latest.json)                                                |                            |       |           |             |                     |                      |                                        |                   |
-| App Service         | [Ensure that 'Python version' is the latest, if used as a part of the API app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_python_Latest.json)                                                |                            |       |           |             |                     | 3.14.1               |                                        |                   |
-| App Service         | [Ensure that 'Python version' is the latest, if used as a part of the API app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_python_Latest.json)                                                |                            | 9.7   |           |             |                     |                      |                                        |                   |
-| App Service         | [Ensure that 'Python version' is the latest, if used as a part of the API app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_python_Latest.json)                                                | PV-7                       |       |           |             |                     |                      |                                        |                   |
-| App Service         | [Ensure that 'Python version' is the latest, if used as a part of the Function app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_python_Latest.json)                                      |                            |       |           |             |                     |                      |                                        |                   |
-| App Service         | [Ensure that 'Python version' is the latest, if used as a part of the Function app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_python_Latest.json)                                      |                            |       |           |             |                     | 3.14.1               |                                        |                   |
-| App Service         | [Ensure that 'Python version' is the latest, if used as a part of the Function app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_python_Latest.json)                                      |                            | 9.7   |           |             |                     |                      |                                        |                   |
-| App Service         | [Ensure that 'Python version' is the latest, if used as a part of the Function app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_python_Latest.json)                                      | PV-7                       |       |           |             |                     |                      |                                        |                   |
-| App Service         | [Ensure that 'Python version' is the latest, if used as a part of the Web app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_python_Latest.json)                                                |                            |       |           |             |                     |                      |                                        |                   |
-| App Service         | [Ensure that 'Python version' is the latest, if used as a part of the Web app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_python_Latest.json)                                                |                            |       |           |             |                     | 3.14.1               |                                        |                   |
-| App Service         | [Ensure that 'Python version' is the latest, if used as a part of the Web app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_python_Latest.json)                                                |                            | 9.7   |           |             |                     |                      |                                        |                   |
-| App Service         | [Ensure that 'Python version' is the latest, if used as a part of the Web app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_python_Latest.json)                                                | PV-7                       |       |           |             |                     |                      |                                        |                   |
-| Batch               | [Resource logs in Batch accounts should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Batch/Batch_AuditDiagnosticLog_Audit.json)                                                                                          |                            |       |           |             |                     |                      | ID : 1205.09aa2System.1 - 09.aa        |                   |
-| Batch               | [Resource logs in Batch accounts should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Batch/Batch_AuditDiagnosticLog_Audit.json)                                                                                          |                            | 5.3   |           |             |                     |                      |                                        |                   |
-| Batch               | [Resource logs in Batch accounts should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Batch/Batch_AuditDiagnosticLog_Audit.json)                                                                                          | LT-4                       |       |           |             |                     |                      |                                        |                   |
-| Compute             | [Only approved VM extensions should be installed](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/VirtualMachines_ApprovedExtensions_Audit.json)                                                                                |                            | 7.4   |           |             |                     |                      |                                        |                   |
-| Compute             | [Resource logs in Virtual Machine Scale Sets should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/ServiceFabric_and_VMSS_AuditVMSSDiagnostics.json)                                                               |                            |       |           |             |                     |                      | ID : 1206.09aa2System.23 - 09.aa       |                   |
-| Compute             | [Resource logs in Virtual Machine Scale Sets should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/ServiceFabric_and_VMSS_AuditVMSSDiagnostics.json)                                                               |                            | 5.3   |           |             |                     |                      |                                        |                   |
-| Compute             | [Resource logs in Virtual Machine Scale Sets should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/ServiceFabric_and_VMSS_AuditVMSSDiagnostics.json)                                                               | LT-4                       |       |           |             |                     |                      |                                        |                   |
-| Data Box            | [Azure Data Box jobs should enable double encryption for data at rest on the device](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Box/DataBox_DoubleEncryption_Audit.json)                                                    |                            |       |           |             |                     |                      |                                        |                   |
-| Data Lake           | [Resource logs in Azure Data Lake Store should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Lake/DataLakeStore_AuditDiagnosticLog_Audit.json)                                                                     |                            |       |           |             |                     |                      | ID : 1202.09aa1System.1 - 09.aa        |                   |
-| Data Lake           | [Resource logs in Azure Data Lake Store should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Lake/DataLakeStore_AuditDiagnosticLog_Audit.json)                                                                     |                            | 5.3   |           |             |                     |                      |                                        |                   |
-| Data Lake           | [Resource logs in Azure Data Lake Store should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Lake/DataLakeStore_AuditDiagnosticLog_Audit.json)                                                                     | LT-4                       |       |           |             |                     |                      |                                        |                   |
-| Data Lake           | [Resource logs in Data Lake Analytics should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Lake/DataLakeAnalytics_AuditDiagnosticLog_Audit.json)                                                                   |                            |       |           |             |                     |                      | ID : 1210.09aa3System.3 - 09.aa        |                   |
-| Data Lake           | [Resource logs in Data Lake Analytics should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Lake/DataLakeAnalytics_AuditDiagnosticLog_Audit.json)                                                                   |                            | 5.3   |           |             |                     |                      |                                        |                   |
-| Data Lake           | [Resource logs in Data Lake Analytics should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Lake/DataLakeAnalytics_AuditDiagnosticLog_Audit.json)                                                                   | LT-4                       |       |           |             |                     |                      |                                        |                   |
-| Event Hub           | [Resource logs in Event Hub should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Event%20Hub/EventHub_AuditDiagnosticLog_Audit.json)                                                                                      |                            |       |           |             |                     |                      | ID : 1207.09aa2System.4 - 09.aa        |                   |
-| Event Hub           | [Resource logs in Event Hub should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Event%20Hub/EventHub_AuditDiagnosticLog_Audit.json)                                                                                      |                            | 5.3   |           |             |                     |                      |                                        |                   |
-| Event Hub           | [Resource logs in Event Hub should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Event%20Hub/EventHub_AuditDiagnosticLog_Audit.json)                                                                                      | LT-4                       |       |           |             |                     |                      |                                        |                   |
-| General             | [Allowed locations for resource groups](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/General/ResourceGroupAllowedLocations_Deny.json)                                                                                                |                            |       |           |             |                     |                      |                                        | ESS-2             |
-| General             | [Allowed locations](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/General/AllowedLocations_Deny.json)                                                                                                                                 |                            |       |           |             |                     |                      |                                        | ESS-2             |
-| Guest Configuration | [Audit Linux machines that allow remote connections from accounts without passwords](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword110_AINE.json)                               |                            |       |           |             |                     |                      |                                        |                   |
-| Guest Configuration | [Audit Linux machines that allow remote connections from accounts without passwords](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword110_AINE.json)                               |                            |       |           |             |                     |                      |                                        | AC-2              |
-| Guest Configuration | [Audit Linux machines that allow remote connections from accounts without passwords](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword110_AINE.json)                               |                            |       |           |             |                     | 3.1.12               |                                        |                   |
-| Guest Configuration | [Audit Linux machines that allow remote connections from accounts without passwords](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword110_AINE.json)                               |                            |       |           |             | AC-17 (1)           |                      |                                        |                   |
-| Guest Configuration | [Audit Linux machines that allow remote connections from accounts without passwords](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword110_AINE.json)                               |                            |       |           | A.9.1.2     |                     |                      |                                        |                   |
-| Guest Configuration | [Audit Linux machines that do not have the passwd file permissions set to 0644](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword121_AINE.json)                                    |                            |       |           |             |                     |                      |                                        |                   |
-| Guest Configuration | [Audit Linux machines that do not have the passwd file permissions set to 0644](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword121_AINE.json)                                    |                            |       |           |             |                     | 3.5.10               |                                        |                   |
-| Guest Configuration | [Audit Linux machines that do not have the passwd file permissions set to 0644](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword121_AINE.json)                                    |                            |       |           |             | IA-5                |                      |                                        |                   |
-| Guest Configuration | [Audit Linux machines that do not have the passwd file permissions set to 0644](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword121_AINE.json)                                    |                            |       |           | A.9.2.4     |                     |                      |                                        |                   |
-| Guest Configuration | [Audit Linux machines that have accounts without passwords](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword232_AINE.json)                                                        |                            |       |           |             |                     |                      |                                        |                   |
-| Guest Configuration | [Audit Linux machines that have accounts without passwords](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword232_AINE.json)                                                        |                            |       |           |             |                     |                      |                                        | AC-2              |
-| Guest Configuration | [Audit Linux machines that have accounts without passwords](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword232_AINE.json)                                                        |                            |       |           |             |                     | 3.5.7                |                                        |                   |
-| Guest Configuration | [Audit Linux machines that have accounts without passwords](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword232_AINE.json)                                                        |                            |       |           |             | IA-5                |                      |                                        |                   |
-| Guest Configuration | [Audit Linux machines that have accounts without passwords](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword232_AINE.json)                                                        |                            |       |           | A.9.1.2     |                     |                      |                                        |                   |
-| Guest Configuration | [Audit Windows machines missing any of specified members in the Administrators group](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToInclude_AINE.json)           |                            |       |           |             |                     |                      |                                        |                   |
-| Guest Configuration | [Audit Windows machines missing any of specified members in the Administrators group](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToInclude_AINE.json)           |                            |       |           |             |                     |                      |                                        | AC-9              |
-| Guest Configuration | [Audit Windows machines missing any of specified members in the Administrators group](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToInclude_AINE.json)           |                            |       |           |             |                     |                      | ID : 1127.01q2System.3 - 01.q          |                   |
-| Guest Configuration | [Audit Windows machines missing any of specified members in the Administrators group](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToInclude_AINE.json)           |                            |       |           |             |                     | 3.1.4                |                                        |                   |
-| Guest Configuration | [Audit Windows machines missing any of specified members in the Administrators group](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToInclude_AINE.json)           |                            |       |           |             | AC-6 (7)            |                      |                                        |                   |
-| Guest Configuration | [Audit Windows machines on which the Log Analytics agent is not connected as expected](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsLogAnalyticsAgentConnection_AINE.json)           |                            |       |           |             |                     |                      | ID : 1217.09ab3System.3 - 09.ab        |                   |
-| Guest Configuration | [Audit Windows machines that allow re-use of the previous 24 passwords](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordEnforce_AINE.json)                                      |                            |       |           |             |                     |                      |                                        |                   |
-| Guest Configuration | [Audit Windows machines that allow re-use of the previous 24 passwords](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordEnforce_AINE.json)                                      |                            |       |           |             |                     | 3.5.8                |                                        |                   |
-| Guest Configuration | [Audit Windows machines that allow re-use of the previous 24 passwords](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordEnforce_AINE.json)                                      |                            |       |           |             | IA-5 (1)            |                      |                                        |                   |
-| Guest Configuration | [Audit Windows machines that allow re-use of the previous 24 passwords](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordEnforce_AINE.json)                                      |                            |       |           | A.9.4.3     |                     |                      |                                        |                   |
-| Guest Configuration | [Audit Windows machines that do not contain the specified certificates in Trusted Root](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsCertificateInTrustedRoot_AINE.json)             |                            |       |           |             |                     |                      | ID : 0945.09y1Organizational.3 - 09.y  |                   |
-| Guest Configuration | [Audit Windows machines that do not have a maximum password age of 70 days](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsMaximumPassword_AINE.json)                                  |                            |       |           |             | IA-5 (1)            |                      |                                        |                   |
-| Guest Configuration | [Audit Windows machines that do not have a maximum password age of 70 days](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsMaximumPassword_AINE.json)                                  |                            |       |           | A.9.4.3     |                     |                      |                                        |                   |
-| Guest Configuration | [Audit Windows machines that do not have a minimum password age of 1 day](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsMinimumPassword_AINE.json)                                    |                            |       |           |             | IA-5 (1)            |                      |                                        |                   |
-| Guest Configuration | [Audit Windows machines that do not have a minimum password age of 1 day](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsMinimumPassword_AINE.json)                                    |                            |       |           | A.9.4.3     |                     |                      |                                        |                   |
-| Guest Configuration | [Audit Windows machines that do not have the password complexity setting enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordComplexity_AINE.json)                         |                            |       |           |             |                     |                      |                                        |                   |
-| Guest Configuration | [Audit Windows machines that do not have the password complexity setting enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordComplexity_AINE.json)                         |                            |       |           |             |                     | 3.5.7                |                                        |                   |
-| Guest Configuration | [Audit Windows machines that do not have the password complexity setting enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordComplexity_AINE.json)                         |                            |       |           |             | IA-5 (1)            |                      |                                        |                   |
-| Guest Configuration | [Audit Windows machines that do not have the password complexity setting enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordComplexity_AINE.json)                         |                            |       |           | A.9.4.3     |                     |                      |                                        |                   |
-| Guest Configuration | [Audit Windows machines that do not restrict the minimum password length to 14 characters](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordLength_AINE.json)                    |                            |       |           |             |                     |                      |                                        |                   |
-| Guest Configuration | [Audit Windows machines that do not restrict the minimum password length to 14 characters](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordLength_AINE.json)                    |                            |       |           |             |                     | 3.5.7                |                                        |                   |
-| Guest Configuration | [Audit Windows machines that do not restrict the minimum password length to 14 characters](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordLength_AINE.json)                    |                            |       |           |             | IA-5 (1)            |                      |                                        |                   |
-| Guest Configuration | [Audit Windows machines that do not restrict the minimum password length to 14 characters](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordLength_AINE.json)                    |                            |       |           | A.9.4.3     |                     |                      |                                        |                   |
-| Guest Configuration | [Audit Windows machines that do not store passwords using reversible encryption](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordEncryption_AINE.json)                          |                            |       |           |             |                     |                      |                                        |                   |
-| Guest Configuration | [Audit Windows machines that do not store passwords using reversible encryption](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordEncryption_AINE.json)                          |                            |       |           |             |                     | 3.5.10               |                                        |                   |
-| Guest Configuration | [Audit Windows machines that do not store passwords using reversible encryption](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordEncryption_AINE.json)                          |                            |       |           |             | IA-5 (1)            |                      |                                        |                   |
-| Guest Configuration | [Audit Windows machines that do not store passwords using reversible encryption](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordEncryption_AINE.json)                          |                            |       |           | A.10.1.1    |                     |                      |                                        |                   |
-| Guest Configuration | [Audit Windows machines that have extra accounts in the Administrators group](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembers_AINE.json)                            |                            |       |           |             |                     |                      |                                        | AC-9              |
-| Guest Configuration | [Audit Windows machines that have extra accounts in the Administrators group](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembers_AINE.json)                            |                            |       |           |             |                     |                      | ID : 1123.01q1System.2 - 01.q          |                   |
-| Guest Configuration | [Audit Windows machines that have the specified members in the Administrators group](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToExclude_AINE.json)            |                            |       |           |             |                     |                      |                                        |                   |
-| Guest Configuration | [Audit Windows machines that have the specified members in the Administrators group](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToExclude_AINE.json)            |                            |       |           |             |                     |                      |                                        | AC-9              |
-| Guest Configuration | [Audit Windows machines that have the specified members in the Administrators group](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToExclude_AINE.json)            |                            |       |           |             |                     |                      | ID : 1125.01q2System.1 - 01.q          |                   |
-| Guest Configuration | [Audit Windows machines that have the specified members in the Administrators group](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToExclude_AINE.json)            |                            |       |           |             |                     | 3.1.4                |                                        |                   |
-| Guest Configuration | [Audit Windows machines that have the specified members in the Administrators group](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToExclude_AINE.json)            |                            |       |           |             | AC-6 (7)            |                      |                                        |                   |
-| Guest Configuration | [Windows Defender Exploit Guard should be enabled on your machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsDefenderExploitGuard_AINE.json)                                     |                            |       |           |             |                     |                      |                                        | DM-4              |
-| Guest Configuration | [Windows Defender Exploit Guard should be enabled on your machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsDefenderExploitGuard_AINE.json)                                     | ES-2                       |       |           |             |                     |                      |                                        |                   |
-| Guest Configuration | [Windows machines should meet requirements for 'Security Options - Accounts'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsAccounts_AINE.json)                               |                            |       |           |             |                     |                      | ID : 1148.01c2System.78 - 01.c         |                   |
-| Guest Configuration | [Windows machines should meet requirements for 'Security Options - Audit'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsAudit_AINE.json)                                     |                            |       |           |             |                     |                      | ID : 0605.10h1System.12 - 10.h         |                   |
-| Guest Configuration | [Windows machines should meet requirements for 'Security Options - Microsoft Network Server'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsMicrosoftNetworkServer_AINE.json) |                            |       |           |             |                     |                      | ID : 0709.10m1Organizational.1 - 10.m  |                   |
-| Guest Configuration | [Windows machines should meet requirements for 'Security Options - Network Access'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsNetworkAccess_AINE.json)                    |                            |       |           |             |                     |                      |                                        |                   |
-| Guest Configuration | [Windows machines should meet requirements for 'Security Options - Network Access'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsNetworkAccess_AINE.json)                    |                            |       |           |             |                     |                      | ID : 0861.09m2Organizational.67 - 09.m |                   |
-| Guest Configuration | [Windows machines should meet requirements for 'Security Options - Network Security'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsNetworkSecurity_AINE.json)                |                            |       |           |             |                     |                      |                                        |                   |
-| Guest Configuration | [Windows machines should meet requirements for 'Security Options - Network Security'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsNetworkSecurity_AINE.json)                |                            |       |           |             |                     | 3.5.10               |                                        |                   |
-| Guest Configuration | [Windows machines should meet requirements for 'Security Options - Recovery console'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsRecoveryconsole_AINE.json)                |                            |       |           |             |                     |                      | ID : 1637.12b2Organizational.2 - 12.b  |                   |
-| Guest Configuration | [Windows machines should meet requirements for 'Security Options - User Account Control'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsUserAccountControl_AINE.json)         |                            |       |           |             |                     |                      |                                        |                   |
-| Guest Configuration | [Windows machines should meet requirements for 'Security Options - User Account Control'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsUserAccountControl_AINE.json)         |                            |       |           |             |                     |                      | ID : 1277.09c2Organizational.4 - 09.c  |                   |
-| Guest Configuration | [Windows machines should meet requirements for 'Security Settings - Account Policies'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecuritySettingsAccountPolicies_AINE.json)              |                            |       |           |             |                     |                      |                                        | AC-4              |
-| Guest Configuration | [Windows machines should meet requirements for 'System Audit Policies - Account Management'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SystemAuditPoliciesAccountManagement_AINE.json)   |                            |       |           |             |                     |                      | ID : 0605.10h1System.12 - 10.h         |                   |
-| Guest Configuration | [Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SystemAuditPoliciesDetailedTracking_AINE.json)     |                            |       |           |             |                     |                      | ID : 0644.10k3Organizational.4 - 10.k  |                   |
-| Guest Configuration | [Windows machines should meet requirements for 'System Audit Policies - Policy Change'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SystemAuditPoliciesPolicyChange_AINE.json)             |                            |       |           |             |                     |                      |                                        |                   |
-| Guest Configuration | [Windows machines should meet requirements for 'System Audit Policies - Privilege Use'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SystemAuditPoliciesPrivilegeUse_AINE.json)             |                            |       |           |             |                     |                      |                                        |                   |
-| Guest Configuration | [Windows machines should meet requirements for 'User Rights Assignment'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_UserRightsAssignment_AINE.json)                                       |                            |       |           |             |                     |                      |                                        |                   |
-| Guest Configuration | [Windows machines should meet requirements for 'User Rights Assignment'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_UserRightsAssignment_AINE.json)                                       |                            |       |           |             |                     |                      | ID : 1232.09c3Organizational.12 - 09.c |                   |
-| Guest Configuration | [Windows machines should meet requirements for 'Windows Firewall Properties'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsFirewallProperties_AINE.json)                             |                            |       |           |             |                     |                      | ID : 0858.09m1Organizational.4 - 09.m  |                   |
-| Guest Configuration | [Windows web servers should be configured to use secure communication protocols](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecureWebProtocol_AINE.json)                                  |                            |       |           |             |                     |                      |                                        |                   |
-| Guest Configuration | [Windows web servers should be configured to use secure communication protocols](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecureWebProtocol_AINE.json)                                  |                            |       |           |             |                     |                      |                                        | DM-6              |
-| Guest Configuration | [Windows web servers should be configured to use secure communication protocols](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecureWebProtocol_AINE.json)                                  |                            |       |           |             |                     | 3.13.8               |                                        |                   |
-| Guest Configuration | [Windows web servers should be configured to use secure communication protocols](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecureWebProtocol_AINE.json)                                  |                            |       |           |             | SC-8 (1)            |                      |                                        |                   |
-| Guest Configuration | [Windows web servers should be configured to use secure communication protocols](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecureWebProtocol_AINE.json)                                  | DP-4                       |       |           |             |                     |                      |                                        |                   |
-| Guest Configuration | [[Preview]: Linux machines should meet requirements for the Azure security baseline](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AzureLinuxBaseline_AINE.json)                             |                            |       |           |             |                     |                      |                                        |                   |
-| Internet of Things  | [Resource logs in IoT Hub should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Internet%20of%20Things/IoTHub_AuditDiagnosticLog_Audit.json)                                                                               |                            |       |           |             |                     |                      |                                        |                   |
-| Internet of Things  | [Resource logs in IoT Hub should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Internet%20of%20Things/IoTHub_AuditDiagnosticLog_Audit.json)                                                                               |                            |       |           |             |                     |                      | ID : 1204.09aa1System.3 - 09.aa        |                   |
-| Internet of Things  | [Resource logs in IoT Hub should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Internet%20of%20Things/IoTHub_AuditDiagnosticLog_Audit.json)                                                                               |                            | 5.3   |           |             |                     |                      |                                        |                   |
-| Internet of Things  | [Resource logs in IoT Hub should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Internet%20of%20Things/IoTHub_AuditDiagnosticLog_Audit.json)                                                                               | LT-4                       |       |           |             |                     |                      |                                        |                   |
-| Key Vault           | [Resource logs in Azure Key Vault Managed HSM should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/ManagedHsm_AuditDiagnosticLog_Audit.json)                                                                  |                            |       |           |             |                     |                      | ID : 1211.09aa3System.4 - 09.aa        |                   |
-| Key Vault           | [Resource logs in Key Vault should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/KeyVault_AuditDiagnosticLog_Audit.json)                                                                                      |                            |       |           |             |                     |                      | ID : 1211.09aa3System.4 - 09.aa        |                   |
-| Key Vault           | [Resource logs in Key Vault should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/KeyVault_AuditDiagnosticLog_Audit.json)                                                                                      |                            | 5.3   |           |             |                     |                      |                                        |                   |
-| Key Vault           | [Resource logs in Key Vault should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/KeyVault_AuditDiagnosticLog_Audit.json)                                                                                      | LT-4                       |       |           |             |                     |                      |                                        |                   |
-| Key Vault           | [[Preview]: Certificates using RSA cryptography should have the specified minimum key size](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/Certificates_RSA_MinimumKeySize.json)                                           |                            |       |           |             |                     |                      |                                        |                   |
-| Key Vault           | [[Preview]: Keys should be the specified cryptographic type RSA or EC](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/Keys_AllowedKeyTypes.json)                                                                           |                            |       |           |             |                     |                      |                                        |                   |
-| Key Vault           | [[Preview]: Keys using RSA cryptography should have a specified minimum key size](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/Keys_RSA_MinimumKeySize.json)                                                             |                            |       |           |             |                     |                      |                                        |                   |
-| Key Vault           | [[Preview]: Keys using elliptic curve cryptography should have the specified curve names](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/Keys_EC_AllowedCurveNames.json)                                                   |                            |       |           |             |                     |                      |                                        |                   |
-| Kubernetes          | [Do not allow privileged containers in Kubernetes cluster](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ContainerNoPrivilege.json)                                                                                        | PV-2                       |       |           |             |                     |                      |                                        |                   |
-| Kubernetes          | [Ensure container CPU and memory resource limits do not exceed the specified limits in Kubernetes cluster](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ContainerResourceLimits.json)                                     | PV-2                       |       |           |             |                     |                      |                                        |                   |
-| Kubernetes          | [Ensure containers listen only on allowed ports in Kubernetes cluster](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ContainerAllowedPorts.json)                                                                           | PV-2                       |       |           |             |                     |                      |                                        |                   |
-| Kubernetes          | [Ensure only allowed container images in Kubernetes cluster](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ContainerAllowedImages.json)                                                                                    | PV-2                       |       |           |             |                     |                      |                                        |                   |
-| Kubernetes          | [Ensure services listen only on allowed ports in Kubernetes cluster](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ServiceAllowedPorts.json)                                                                               | PV-2                       |       |           |             |                     |                      |                                        |                   |
-| Kubernetes          | [Kubernetes cluster containers should not share host process ID or host IPC namespace](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/BlockHostNamespace.json)                                                              | PV-2                       |       |           |             |                     |                      |                                        |                   |
-| Kubernetes          | [Kubernetes cluster containers should only use allowed AppArmor profiles](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/EnforceAppArmorProfile.json)                                                                       | PV-2                       |       |           |             |                     |                      |                                        |                   |
-| Kubernetes          | [Kubernetes cluster containers should only use allowed capabilities](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ContainerAllowedCapabilities.json)                                                                      | PV-2                       |       |           |             |                     |                      |                                        |                   |
-| Kubernetes          | [Kubernetes cluster containers should run with a read only root file system](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ReadOnlyRootFileSystem.json)                                                                    | PV-2                       |       |           |             |                     |                      |                                        |                   |
-| Kubernetes          | [Kubernetes cluster pod hostPath volumes should only use allowed host paths](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/AllowedHostPaths.json)                                                                          | PV-2                       |       |           |             |                     |                      |                                        |                   |
-| Kubernetes          | [Kubernetes cluster pods and containers should only run with approved user and group IDs](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/AllowedUsersGroups.json)                                                           | PV-2                       |       |           |             |                     |                      |                                        |                   |
-| Kubernetes          | [Kubernetes cluster pods should only use approved host network and port range](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/HostNetworkPorts.json)                                                                        |                            |       |           |             |                     |                      |                                        |                   |
-| Kubernetes          | [Kubernetes cluster pods should only use approved host network and port range](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/HostNetworkPorts.json)                                                                        | PV-2                       |       |           |             |                     |                      |                                        |                   |
-| Kubernetes          | [Kubernetes clusters should be accessible only over HTTPS](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/IngressHttpsOnly.json)                                                                                            | DP-4                       |       |           |             |                     |                      |                                        |                   |
-| Kubernetes          | [Kubernetes clusters should not allow container privilege escalation](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ContainerNoPrivilegeEscalation.json)                                                                   | PV-2                       |       |           |             |                     |                      |                                        |                   |
-| Logic Apps          | [Resource logs in Logic Apps should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Logic%20Apps/LogicApps_AuditDiagnosticLog_Audit.json)                                                                                   |                            |       |           |             |                     |                      | ID : 1203.09aa1System.2 - 09.aa        |                   |
-| Logic Apps          | [Resource logs in Logic Apps should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Logic%20Apps/LogicApps_AuditDiagnosticLog_Audit.json)                                                                                   |                            | 5.3   |           |             |                     |                      |                                        |                   |
-| Logic Apps          | [Resource logs in Logic Apps should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Logic%20Apps/LogicApps_AuditDiagnosticLog_Audit.json)                                                                                   | LT-4                       |       |           |             |                     |                      |                                        |                   |
-| Monitoring          | [An activity log alert should exist for specific Administrative operations](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_AdministrativeOperations_Audit.json)                                                 |                            |       |           |             |                     |                      |                                        |                   |
-| Monitoring          | [An activity log alert should exist for specific Administrative operations](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_AdministrativeOperations_Audit.json)                                                 |                            |       |           |             |                     |                      | ID : 1271.09ad1System.1 - 09.ad        |                   |
-| Monitoring          | [An activity log alert should exist for specific Administrative operations](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_AdministrativeOperations_Audit.json)                                                 |                            | 5.2.9 |           |             |                     |                      |                                        |                   |
-| Monitoring          | [An activity log alert should exist for specific Policy operations](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_PolicyOperations_Audit.json)                                                                 |                            |       |           |             |                     |                      |                                        |                   |
-| Monitoring          | [An activity log alert should exist for specific Policy operations](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_PolicyOperations_Audit.json)                                                                 |                            | 5.2.2 |           |             |                     |                      |                                        |                   |
-| Monitoring          | [An activity log alert should exist for specific Security operations](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_SecurityOperations_Audit.json)                                                             |                            |       |           |             |                     |                      |                                        |                   |
-| Monitoring          | [An activity log alert should exist for specific Security operations](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_SecurityOperations_Audit.json)                                                             |                            | 5.2.8 |           |             |                     |                      |                                        |                   |
-| Monitoring          | [Audit Dependency agent deployment - VM Image (OS) unlisted](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DependencyAgent_OSImage_Audit.json)                                                                             |                            |       |           | A.12.4.4    |                     |                      |                                        |                   |
-| Monitoring          | [Audit Dependency agent deployment in virtual machine scale sets - VM Image (OS) unlisted](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DependencyAgent_OSImage_VMSS_Audit.json)                                          |                            |       |           | A.12.4.4    |                     |                      |                                        |                   |
-| Monitoring          | [Audit Log Analytics agent deployment in virtual machine scale sets - VM Image (OS) unlisted](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/LogAnalytics_OSImage_VMSS_Audit.json)                                          |                            |       |           |             |                     |                      |                                        |                   |
-| Monitoring          | [Audit Log Analytics agent deployment in virtual machine scale sets - VM Image (OS) unlisted](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/LogAnalytics_OSImage_VMSS_Audit.json)                                          |                            |       |           |             |                     |                      |                                        | AC-14             |
-| Monitoring          | [Audit Log Analytics agent deployment in virtual machine scale sets - VM Image (OS) unlisted](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/LogAnalytics_OSImage_VMSS_Audit.json)                                          |                            |       |           |             |                     | 3.3.2                |                                        |                   |
-| Monitoring          | [Audit Log Analytics agent deployment in virtual machine scale sets - VM Image (OS) unlisted](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/LogAnalytics_OSImage_VMSS_Audit.json)                                          |                            |       |           |             | SI-4                |                      |                                        |                   |
-| Monitoring          | [Audit Log Analytics agent deployment in virtual machine scale sets - VM Image (OS) unlisted](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/LogAnalytics_OSImage_VMSS_Audit.json)                                          |                            |       |           | A.12.4.4    |                     |                      |                                        |                   |
-| Monitoring          | [Audit Log Analytics workspace for VM - Report Mismatch](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/LogAnalytics_WorkspaceMismatch_VM_Audit.json)                                                                       |                            |       |           |             |                     |                      |                                        |                   |
-| Monitoring          | [Audit Log Analytics workspace for VM - Report Mismatch](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/LogAnalytics_WorkspaceMismatch_VM_Audit.json)                                                                       |                            |       |           |             |                     |                      |                                        | AC-14             |
-| Monitoring          | [Audit Log Analytics workspace for VM - Report Mismatch](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/LogAnalytics_WorkspaceMismatch_VM_Audit.json)                                                                       |                            |       |           |             |                     | 3.3.2                |                                        |                   |
-| Monitoring          | [Audit Log Analytics workspace for VM - Report Mismatch](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/LogAnalytics_WorkspaceMismatch_VM_Audit.json)                                                                       |                            |       |           |             | SI-4                |                      |                                        |                   |
-| Monitoring          | [Audit diagnostic setting](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DiagnosticSettingsForTypes_Audit.json)                                                                                                            |                            |       |           |             |                     |                      |                                        |                   |
-| Monitoring          | [Audit diagnostic setting](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DiagnosticSettingsForTypes_Audit.json)                                                                                                            |                            |       |           |             |                     |                      |                                        | DM-6              |
-| Monitoring          | [Audit diagnostic setting](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DiagnosticSettingsForTypes_Audit.json)                                                                                                            |                            |       |           |             |                     |                      | ID : 1210.09aa3System.3 - 09.aa        |                   |
-| Monitoring          | [Audit diagnostic setting](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DiagnosticSettingsForTypes_Audit.json)                                                                                                            |                            |       |           |             |                     | 3.3.4                |                                        |                   |
-| Monitoring          | [Audit diagnostic setting](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DiagnosticSettingsForTypes_Audit.json)                                                                                                            |                            |       |           |             | AU-12               |                      |                                        |                   |
-| Monitoring          | [Audit diagnostic setting](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DiagnosticSettingsForTypes_Audit.json)                                                                                                            |                            |       |           | A.12.4.4    |                     |                      |                                        |                   |
-| Network             | [Network Watcher should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkWatcher_Enabled_Audit.json)                                                                                                          |                            |       |           |             |                     |                      |                                        |                   |
-| Network             | [Network Watcher should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkWatcher_Enabled_Audit.json)                                                                                                          |                            |       |           |             |                     |                      | ID : 0888.09n2Organizational.6 - 09.n  |                   |
-| Network             | [Network Watcher should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkWatcher_Enabled_Audit.json)                                                                                                          |                            |       |           |             |                     | 3.14.6               |                                        |                   |
-| Network             | [Network Watcher should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkWatcher_Enabled_Audit.json)                                                                                                          |                            | 6.5   |           |             |                     |                      |                                        |                   |
-| Network             | [Network Watcher should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkWatcher_Enabled_Audit.json)                                                                                                          | LT-3                       |       |           |             |                     |                      |                                        |                   |
-| Network             | [Virtual machines should be connected to an approved virtual network](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/ApprovedVirtualNetwork_Audit.json)                                                                        |                            |       |           |             |                     |                      | ID : 0814.01n1Organizational.12 - 01.n |                   |
-| Network             | [Web Application Firewall (WAF) should use the specified mode for Application Gateway](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/WAF_AppGatewayMode_Audit.json)                                                           |                            |       |           |             |                     |                      |                                        |                   |
-| Network             | [Web Application Firewall (WAF) should use the specified mode for Application Gateway](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/WAF_AppGatewayMode_Audit.json)                                                           |                            |       |           |             |                     |                      |                                        | NS-7              |
-| Network             | [Web Application Firewall (WAF) should use the specified mode for Azure Front Door Service](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/WAF_AFD_Mode_Audit.json)                                                            |                            |       |           |             |                     |                      |                                        |                   |
-| Network             | [Web Application Firewall (WAF) should use the specified mode for Azure Front Door Service](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/WAF_AFD_Mode_Audit.json)                                                            |                            |       |           |             |                     |                      |                                        | NS-7              |
-| SQL                 | [Auditing on SQL server should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServerAuditing_Audit.json)                                                                                                            |                            |       |           |             |                     |                      |                                        |                   |
-| SQL                 | [Auditing on SQL server should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServerAuditing_Audit.json)                                                                                                            |                            |       |           |             |                     |                      | ID : 1211.09aa3System.4 - 09.aa        |                   |
-| SQL                 | [Auditing on SQL server should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServerAuditing_Audit.json)                                                                                                            |                            |       |           |             |                     | 3.3.4                |                                        |                   |
-| SQL                 | [Auditing on SQL server should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServerAuditing_Audit.json)                                                                                                            |                            |       |           |             | AU-12               |                      |                                        |                   |
-| SQL                 | [Auditing on SQL server should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServerAuditing_Audit.json)                                                                                                            |                            |       |           | A.12.4.4    |                     |                      |                                        |                   |
-| SQL                 | [Auditing on SQL server should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServerAuditing_Audit.json)                                                                                                            |                            | 4.1.1 |           |             |                     |                      |                                        |                   |
-| SQL                 | [Auditing on SQL server should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServerAuditing_Audit.json)                                                                                                            | LT-4                       |       |           |             |                     |                      |                                        |                   |
-| Search              | [Resource logs in Search services should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Search/Search_AuditDiagnosticLog_Audit.json)                                                                                       |                            |       |           |             |                     |                      | ID : 1208.09aa3System.1 - 09.aa        |                   |
-| Search              | [Resource logs in Search services should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Search/Search_AuditDiagnosticLog_Audit.json)                                                                                       |                            | 5.3   |           |             |                     |                      |                                        |                   |
-| Search              | [Resource logs in Search services should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Search/Search_AuditDiagnosticLog_Audit.json)                                                                                       | LT-4                       |       |           |             |                     |                      |                                        |                   |
-| Service Bus         | [Resource logs in Service Bus should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Service%20Bus/ServiceBus_AuditDiagnosticLog_Audit.json)                                                                                |                            |       |           |             |                     |                      | ID : 1208.09aa3System.1 - 09.aa        |                   |
-| Service Bus         | [Resource logs in Service Bus should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Service%20Bus/ServiceBus_AuditDiagnosticLog_Audit.json)                                                                                |                            | 5.3   |           |             |                     |                      |                                        |                   |
-| Service Bus         | [Resource logs in Service Bus should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Service%20Bus/ServiceBus_AuditDiagnosticLog_Audit.json)                                                                                | LT-4                       |       |           |             |                     |                      |                                        |                   |
-| Stream Analytics    | [Resource logs in Azure Stream Analytics should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Stream%20Analytics/StreamAnalytics_AuditDiagnosticLog_Audit.json)                                                           |                            |       |           |             |                     |                      | ID : 1207.09aa2System.4 - 09.aa        |                   |
-| Stream Analytics    | [Resource logs in Azure Stream Analytics should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Stream%20Analytics/StreamAnalytics_AuditDiagnosticLog_Audit.json)                                                           |                            | 5.3   |           |             |                     |                      |                                        |                   |
-| Stream Analytics    | [Resource logs in Azure Stream Analytics should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Stream%20Analytics/StreamAnalytics_AuditDiagnosticLog_Audit.json)                                                           | LT-4                       |       |           |             |                     |                      |                                        |                   |
\ No newline at end of file
+| Service             | Policy Definition                                                                                                                                                                                                                                                             | Azure Security Benchmark   | CIS   | CCMC L3   | ISO 27001   | NIST SP 800-171 R2   | NIST SP 800-53 R4   | HIPAA HITRUST 9.2                 | New Zealand ISM   | Link                                                                                                                                                                           |
+|---------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------|-------|-----------|-------------|----------------------|---------------------|-----------------------------------|-------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| API Management      | [API Management services should use a virtual network](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/API%20Management/ApiManagement_VNETEnabled_Audit.json)                                                                           | NS-1                       |       |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/API%20Management/ApiManagement_VNETEnabled_Audit.json                                    |
+| App Platform        | [Azure Spring Cloud should use network injection](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Platform/Spring_VNETEnabled_Audit.json)                                                                                         | NS-2                       |       |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Platform/Spring_VNETEnabled_Audit.json                                             |
+| App Service         | [Ensure that 'Java version' is the latest, if used as a part of the API app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_java_Latest.json)                                                    | PV-7                       | 9.8   |           |             | 3.14.1               |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_java_Latest.json                                   |
+| App Service         | [Ensure that 'Java version' is the latest, if used as a part of the Function app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_java_Latest.json)                                          | PV-7                       | 9.8   |           |             | 3.14.1               |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_java_Latest.json                              |
+| App Service         | [Ensure that 'Java version' is the latest, if used as a part of the Web app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_java_Latest.json)                                                    | PV-7                       | 9.8   |           |             | 3.14.1               |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_java_Latest.json                                   |
+| App Service         | [Ensure that 'PHP version' is the latest, if used as a part of the API app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_PHP_Latest.json)                                                      | PV-7                       | 9.6   |           |             | 3.14.1               |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_PHP_Latest.json                                    |
+| App Service         | [Ensure that 'PHP version' is the latest, if used as a part of the WEB app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_Webapp_Audit_PHP_Latest.json)                                                      | PV-7                       | 9.6   |           |             | 3.14.1               |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_Webapp_Audit_PHP_Latest.json                                    |
+| App Service         | [Ensure that 'Python version' is the latest, if used as a part of the API app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_python_Latest.json)                                                | PV-7                       | 9.7   |           |             | 3.14.1               |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_ApiApp_Audit_python_Latest.json                                 |
+| App Service         | [Ensure that 'Python version' is the latest, if used as a part of the Function app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_python_Latest.json)                                      | PV-7                       | 9.7   |           |             | 3.14.1               |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_FunctionApp_Audit_python_Latest.json                            |
+| App Service         | [Ensure that 'Python version' is the latest, if used as a part of the Web app](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_python_Latest.json)                                                | PV-7                       | 9.7   |           |             | 3.14.1               |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/App%20Service/AppService_WebApp_Audit_python_Latest.json                                 |
+| Batch               | [Resource logs in Batch accounts should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Batch/Batch_AuditDiagnosticLog_Audit.json)                                                                                          | LT-4                       | 5.3   |           |             |                      |                     | 1205.09aa2System.1 - 09.aa        |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Batch/Batch_AuditDiagnosticLog_Audit.json                                                |
+| Compute             | [Only approved VM extensions should be installed](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/VirtualMachines_ApprovedExtensions_Audit.json)                                                                                |                            | 7.4   |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/VirtualMachines_ApprovedExtensions_Audit.json                                    |
+| Compute             | [Resource logs in Virtual Machine Scale Sets should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/ServiceFabric_and_VMSS_AuditVMSSDiagnostics.json)                                                               | LT-4                       | 5.3   |           |             |                      |                     | 1206.09aa2System.23 - 09.aa       |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Compute/ServiceFabric_and_VMSS_AuditVMSSDiagnostics.json                                 |
+| Data Box            | [Azure Data Box jobs should enable double encryption for data at rest on the device](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Box/DataBox_DoubleEncryption_Audit.json)                                                    |                            |       |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Box/DataBox_DoubleEncryption_Audit.json                                           |
+| Data Lake           | [Resource logs in Azure Data Lake Store should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Lake/DataLakeStore_AuditDiagnosticLog_Audit.json)                                                                     | LT-4                       | 5.3   |           |             |                      |                     | 1202.09aa1System.1 - 09.aa        |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Lake/DataLakeStore_AuditDiagnosticLog_Audit.json                                  |
+| Data Lake           | [Resource logs in Data Lake Analytics should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Lake/DataLakeAnalytics_AuditDiagnosticLog_Audit.json)                                                                   | LT-4                       | 5.3   |           |             |                      |                     | 1210.09aa3System.3 - 09.aa        |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Data%20Lake/DataLakeAnalytics_AuditDiagnosticLog_Audit.json                              |
+| Event Hub           | [Resource logs in Event Hub should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Event%20Hub/EventHub_AuditDiagnosticLog_Audit.json)                                                                                      | LT-4                       | 5.3   |           |             |                      |                     | 1207.09aa2System.4 - 09.aa        |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Event%20Hub/EventHub_AuditDiagnosticLog_Audit.json                                       |
+| General             | [Allowed locations for resource groups](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/General/ResourceGroupAllowedLocations_Deny.json)                                                                                                |                            |       |           |             |                      |                     |                                   | ESS-2             | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/General/ResourceGroupAllowedLocations_Deny.json                                          |
+| General             | [Allowed locations](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/General/AllowedLocations_Deny.json)                                                                                                                                 |                            |       |           |             |                      |                     |                                   | ESS-2             | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/General/AllowedLocations_Deny.json                                                       |
+| Guest Configuration | [Audit Linux machines that allow remote connections from accounts without passwords](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword110_AINE.json)                               |                            |       |           | A.9.1.2     | 3.1.12               | AC-17 (1)           |                                   | AC-2              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword110_AINE.json                      |
+| Guest Configuration | [Audit Linux machines that do not have the passwd file permissions set to 0644](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword121_AINE.json)                                    |                            |       |           | A.9.2.4     | 3.5.10               | IA-5                |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword121_AINE.json                      |
+| Guest Configuration | [Audit Linux machines that have accounts without passwords](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword232_AINE.json)                                                        |                            |       |           | A.9.1.2     | 3.5.7                | IA-5                |                                   | AC-2              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_LinuxPassword232_AINE.json                      |
+| Guest Configuration | [Audit Windows machines missing any of specified members in the Administrators group](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToInclude_AINE.json)           |                            |       |           |             | 3.1.4                | AC-6 (7)            | 1127.01q2System.3 - 01.q          | AC-9              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToInclude_AINE.json   |
+| Guest Configuration | [Audit Windows machines on which the Log Analytics agent is not connected as expected](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsLogAnalyticsAgentConnection_AINE.json)           |                            |       |           |             |                      |                     | 1217.09ab3System.3 - 09.ab        |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsLogAnalyticsAgentConnection_AINE.json    |
+| Guest Configuration | [Audit Windows machines that allow re-use of the previous 24 passwords](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordEnforce_AINE.json)                                      |                            |       |           | A.9.4.3     | 3.5.8                | IA-5 (1)            |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordEnforce_AINE.json                |
+| Guest Configuration | [Audit Windows machines that do not contain the specified certificates in Trusted Root](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsCertificateInTrustedRoot_AINE.json)             |                            |       |           |             |                      |                     | 0945.09y1Organizational.3 - 09.y  |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsCertificateInTrustedRoot_AINE.json       |
+| Guest Configuration | [Audit Windows machines that do not have a maximum password age of 70 days](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsMaximumPassword_AINE.json)                                  |                            |       |           | A.9.4.3     |                      | IA-5 (1)            |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsMaximumPassword_AINE.json                |
+| Guest Configuration | [Audit Windows machines that do not have a minimum password age of 1 day](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsMinimumPassword_AINE.json)                                    |                            |       |           | A.9.4.3     |                      | IA-5 (1)            |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsMinimumPassword_AINE.json                |
+| Guest Configuration | [Audit Windows machines that do not have the password complexity setting enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordComplexity_AINE.json)                         |                            |       |           | A.9.4.3     | 3.5.7                | IA-5 (1)            |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordComplexity_AINE.json             |
+| Guest Configuration | [Audit Windows machines that do not restrict the minimum password length to 14 characters](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordLength_AINE.json)                    |                            |       |           | A.9.4.3     | 3.5.7                | IA-5 (1)            |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordLength_AINE.json                 |
+| Guest Configuration | [Audit Windows machines that do not store passwords using reversible encryption](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordEncryption_AINE.json)                          |                            |       |           | A.10.1.1    | 3.5.10               | IA-5 (1)            |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsPasswordEncryption_AINE.json             |
+| Guest Configuration | [Audit Windows machines that have extra accounts in the Administrators group](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembers_AINE.json)                            |                            |       |           |             |                      |                     | 1123.01q1System.2 - 01.q          | AC-9              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembers_AINE.json            |
+| Guest Configuration | [Audit Windows machines that have the specified members in the Administrators group](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToExclude_AINE.json)            |                            |       |           |             | 3.1.4                | AC-6 (7)            | 1125.01q2System.1 - 01.q          | AC-9              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AdministratorsGroupMembersToExclude_AINE.json   |
+| Guest Configuration | [Windows Defender Exploit Guard should be enabled on your machines](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsDefenderExploitGuard_AINE.json)                                     | ES-2                       |       |           |             |                      |                     |                                   | DM-4              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsDefenderExploitGuard_AINE.json           |
+| Guest Configuration | [Windows machines should meet requirements for 'Security Options - Accounts'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsAccounts_AINE.json)                               |                            |       |           |             |                      |                     | 1148.01c2System.78 - 01.c         |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsAccounts_AINE.json               |
+| Guest Configuration | [Windows machines should meet requirements for 'Security Options - Audit'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsAudit_AINE.json)                                     |                            |       |           |             |                      |                     | 0605.10h1System.12 - 10.h         |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsAudit_AINE.json                  |
+| Guest Configuration | [Windows machines should meet requirements for 'Security Options - Microsoft Network Server'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsMicrosoftNetworkServer_AINE.json) |                            |       |           |             |                      |                     | 0709.10m1Organizational.1 - 10.m  |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsMicrosoftNetworkServer_AINE.json |
+| Guest Configuration | [Windows machines should meet requirements for 'Security Options - Network Access'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsNetworkAccess_AINE.json)                    |                            |       |           |             |                      |                     | 0861.09m2Organizational.67 - 09.m |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsNetworkAccess_AINE.json          |
+| Guest Configuration | [Windows machines should meet requirements for 'Security Options - Network Security'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsNetworkSecurity_AINE.json)                |                            |       |           |             | 3.5.10               |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsNetworkSecurity_AINE.json        |
+| Guest Configuration | [Windows machines should meet requirements for 'Security Options - Recovery console'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsRecoveryconsole_AINE.json)                |                            |       |           |             |                      |                     | 1637.12b2Organizational.2 - 12.b  |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsRecoveryconsole_AINE.json        |
+| Guest Configuration | [Windows machines should meet requirements for 'Security Options - User Account Control'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsUserAccountControl_AINE.json)         |                            |       |           |             |                      |                     | 1277.09c2Organizational.4 - 09.c  |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecurityOptionsUserAccountControl_AINE.json     |
+| Guest Configuration | [Windows machines should meet requirements for 'Security Settings - Account Policies'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecuritySettingsAccountPolicies_AINE.json)              |                            |       |           |             |                      |                     |                                   | AC-4              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecuritySettingsAccountPolicies_AINE.json       |
+| Guest Configuration | [Windows machines should meet requirements for 'System Audit Policies - Account Management'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SystemAuditPoliciesAccountManagement_AINE.json)   |                            |       |           |             |                      |                     | 0605.10h1System.12 - 10.h         |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SystemAuditPoliciesAccountManagement_AINE.json  |
+| Guest Configuration | [Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SystemAuditPoliciesDetailedTracking_AINE.json)     |                            |       |           |             |                      |                     | 0644.10k3Organizational.4 - 10.k  |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SystemAuditPoliciesDetailedTracking_AINE.json   |
+| Guest Configuration | [Windows machines should meet requirements for 'System Audit Policies - Policy Change'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SystemAuditPoliciesPolicyChange_AINE.json)             |                            |       |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SystemAuditPoliciesPolicyChange_AINE.json       |
+| Guest Configuration | [Windows machines should meet requirements for 'System Audit Policies - Privilege Use'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SystemAuditPoliciesPrivilegeUse_AINE.json)             |                            |       |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SystemAuditPoliciesPrivilegeUse_AINE.json       |
+| Guest Configuration | [Windows machines should meet requirements for 'User Rights Assignment'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_UserRightsAssignment_AINE.json)                                       |                            |       |           |             |                      |                     | 1232.09c3Organizational.12 - 09.c |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_UserRightsAssignment_AINE.json                  |
+| Guest Configuration | [Windows machines should meet requirements for 'Windows Firewall Properties'](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsFirewallProperties_AINE.json)                             |                            |       |           |             |                      |                     | 0858.09m1Organizational.4 - 09.m  |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_WindowsFirewallProperties_AINE.json             |
+| Guest Configuration | [Windows web servers should be configured to use secure communication protocols](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecureWebProtocol_AINE.json)                                  | DP-4                       |       |           |             | 3.13.8               | SC-8 (1)            |                                   | DM-6              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_SecureWebProtocol_AINE.json                     |
+| Guest Configuration | [[Preview]: Linux machines should meet requirements for the Azure security baseline](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AzureLinuxBaseline_AINE.json)                             |                            |       |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Guest%20Configuration/GuestConfiguration_AzureLinuxBaseline_AINE.json                    |
+| Internet of Things  | [Resource logs in IoT Hub should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Internet%20of%20Things/IoTHub_AuditDiagnosticLog_Audit.json)                                                                               | LT-4                       | 5.3   |           |             |                      |                     | 1204.09aa1System.3 - 09.aa        |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Internet%20of%20Things/IoTHub_AuditDiagnosticLog_Audit.json                              |
+| Key Vault           | [Resource logs in Azure Key Vault Managed HSM should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/ManagedHsm_AuditDiagnosticLog_Audit.json)                                                                  |                            |       |           |             |                      |                     | 1211.09aa3System.4 - 09.aa        |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/ManagedHsm_AuditDiagnosticLog_Audit.json                                     |
+| Key Vault           | [Resource logs in Key Vault should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/KeyVault_AuditDiagnosticLog_Audit.json)                                                                                      | LT-4                       | 5.3   |           |             |                      |                     | 1211.09aa3System.4 - 09.aa        |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/KeyVault_AuditDiagnosticLog_Audit.json                                       |
+| Key Vault           | [[Preview]: Certificates using RSA cryptography should have the specified minimum key size](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/Certificates_RSA_MinimumKeySize.json)                                           |                            |       |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/Certificates_RSA_MinimumKeySize.json                                         |
+| Key Vault           | [[Preview]: Keys should be the specified cryptographic type RSA or EC](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/Keys_AllowedKeyTypes.json)                                                                           |                            |       |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/Keys_AllowedKeyTypes.json                                                    |
+| Key Vault           | [[Preview]: Keys using RSA cryptography should have a specified minimum key size](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/Keys_RSA_MinimumKeySize.json)                                                             |                            |       |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/Keys_RSA_MinimumKeySize.json                                                 |
+| Key Vault           | [[Preview]: Keys using elliptic curve cryptography should have the specified curve names](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/Keys_EC_AllowedCurveNames.json)                                                   |                            |       |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Key%20Vault/Keys_EC_AllowedCurveNames.json                                               |
+| Kubernetes          | [Do not allow privileged containers in Kubernetes cluster](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ContainerNoPrivilege.json)                                                                                        | PV-2                       |       |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ContainerNoPrivilege.json                                                     |
+| Kubernetes          | [Ensure container CPU and memory resource limits do not exceed the specified limits in Kubernetes cluster](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ContainerResourceLimits.json)                                     | PV-2                       |       |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ContainerResourceLimits.json                                                  |
+| Kubernetes          | [Ensure containers listen only on allowed ports in Kubernetes cluster](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ContainerAllowedPorts.json)                                                                           | PV-2                       |       |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ContainerAllowedPorts.json                                                    |
+| Kubernetes          | [Ensure only allowed container images in Kubernetes cluster](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ContainerAllowedImages.json)                                                                                    | PV-2                       |       |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ContainerAllowedImages.json                                                   |
+| Kubernetes          | [Ensure services listen only on allowed ports in Kubernetes cluster](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ServiceAllowedPorts.json)                                                                               | PV-2                       |       |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ServiceAllowedPorts.json                                                      |
+| Kubernetes          | [Kubernetes cluster containers should not share host process ID or host IPC namespace](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/BlockHostNamespace.json)                                                              | PV-2                       |       |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/BlockHostNamespace.json                                                       |
+| Kubernetes          | [Kubernetes cluster containers should only use allowed AppArmor profiles](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/EnforceAppArmorProfile.json)                                                                       | PV-2                       |       |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/EnforceAppArmorProfile.json                                                   |
+| Kubernetes          | [Kubernetes cluster containers should only use allowed capabilities](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ContainerAllowedCapabilities.json)                                                                      | PV-2                       |       |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ContainerAllowedCapabilities.json                                             |
+| Kubernetes          | [Kubernetes cluster containers should run with a read only root file system](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ReadOnlyRootFileSystem.json)                                                                    | PV-2                       |       |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ReadOnlyRootFileSystem.json                                                   |
+| Kubernetes          | [Kubernetes cluster pod hostPath volumes should only use allowed host paths](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/AllowedHostPaths.json)                                                                          | PV-2                       |       |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/AllowedHostPaths.json                                                         |
+| Kubernetes          | [Kubernetes cluster pods and containers should only run with approved user and group IDs](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/AllowedUsersGroups.json)                                                           | PV-2                       |       |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/AllowedUsersGroups.json                                                       |
+| Kubernetes          | [Kubernetes cluster pods should only use approved host network and port range](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/HostNetworkPorts.json)                                                                        | PV-2                       |       |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/HostNetworkPorts.json                                                         |
+| Kubernetes          | [Kubernetes clusters should be accessible only over HTTPS](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/IngressHttpsOnly.json)                                                                                            | DP-4                       |       |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/IngressHttpsOnly.json                                                         |
+| Kubernetes          | [Kubernetes clusters should not allow container privilege escalation](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ContainerNoPrivilegeEscalation.json)                                                                   | PV-2                       |       |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Kubernetes/ContainerNoPrivilegeEscalation.json                                           |
+| Logic Apps          | [Resource logs in Logic Apps should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Logic%20Apps/LogicApps_AuditDiagnosticLog_Audit.json)                                                                                   | LT-4                       | 5.3   |           |             |                      |                     | 1203.09aa1System.2 - 09.aa        |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Logic%20Apps/LogicApps_AuditDiagnosticLog_Audit.json                                     |
+| Monitoring          | [An activity log alert should exist for specific Administrative operations](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_AdministrativeOperations_Audit.json)                                                 |                            | 5.2.9 |           |             |                      |                     | 1271.09ad1System.1 - 09.ad        |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_AdministrativeOperations_Audit.json                               |
+| Monitoring          | [An activity log alert should exist for specific Policy operations](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_PolicyOperations_Audit.json)                                                                 |                            | 5.2.2 |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_PolicyOperations_Audit.json                                       |
+| Monitoring          | [An activity log alert should exist for specific Security operations](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_SecurityOperations_Audit.json)                                                             |                            | 5.2.8 |           |             |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/ActivityLog_SecurityOperations_Audit.json                                     |
+| Monitoring          | [Audit Dependency agent deployment - VM Image (OS) unlisted](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DependencyAgent_OSImage_Audit.json)                                                                             |                            |       |           | A.12.4.4    |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DependencyAgent_OSImage_Audit.json                                            |
+| Monitoring          | [Audit Dependency agent deployment in virtual machine scale sets - VM Image (OS) unlisted](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DependencyAgent_OSImage_VMSS_Audit.json)                                          |                            |       |           | A.12.4.4    |                      |                     |                                   |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DependencyAgent_OSImage_VMSS_Audit.json                                       |
+| Monitoring          | [Audit Log Analytics agent deployment in virtual machine scale sets - VM Image (OS) unlisted](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/LogAnalytics_OSImage_VMSS_Audit.json)                                          |                            |       |           | A.12.4.4    | 3.3.2                | SI-4                |                                   | AC-14             | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/LogAnalytics_OSImage_VMSS_Audit.json                                          |
+| Monitoring          | [Audit Log Analytics workspace for VM - Report Mismatch](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/LogAnalytics_WorkspaceMismatch_VM_Audit.json)                                                                       |                            |       |           |             | 3.3.2                | SI-4                |                                   | AC-14             | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/LogAnalytics_WorkspaceMismatch_VM_Audit.json                                  |
+| Monitoring          | [Audit diagnostic setting](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DiagnosticSettingsForTypes_Audit.json)                                                                                                            |                            |       |           | A.12.4.4    | 3.3.4                | AU-12               | 1210.09aa3System.3 - 09.aa        | DM-6              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Monitoring/DiagnosticSettingsForTypes_Audit.json                                         |
+| Network             | [Network Watcher should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkWatcher_Enabled_Audit.json)                                                                                                          | LT-3                       | 6.5   |           |             | 3.14.6               |                     | 0888.09n2Organizational.6 - 09.n  |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/NetworkWatcher_Enabled_Audit.json                                                |
+| Network             | [Virtual machines should be connected to an approved virtual network](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/ApprovedVirtualNetwork_Audit.json)                                                                        |                            |       |           |             |                      |                     | 0814.01n1Organizational.12 - 01.n |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/ApprovedVirtualNetwork_Audit.json                                                |
+| Network             | [Web Application Firewall (WAF) should use the specified mode for Application Gateway](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/WAF_AppGatewayMode_Audit.json)                                                           |                            |       |           |             |                      |                     |                                   | NS-7              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/WAF_AppGatewayMode_Audit.json                                                    |
+| Network             | [Web Application Firewall (WAF) should use the specified mode for Azure Front Door Service](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/WAF_AFD_Mode_Audit.json)                                                            |                            |       |           |             |                      |                     |                                   | NS-7              | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Network/WAF_AFD_Mode_Audit.json                                                          |
+| SQL                 | [Auditing on SQL server should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServerAuditing_Audit.json)                                                                                                            | LT-4                       | 4.1.1 |           | A.12.4.4    | 3.3.4                | AU-12               | 1211.09aa3System.4 - 09.aa        |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/SQL/SqlServerAuditing_Audit.json                                                         |
+| Search              | [Resource logs in Search services should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Search/Search_AuditDiagnosticLog_Audit.json)                                                                                       | LT-4                       | 5.3   |           |             |                      |                     | 1208.09aa3System.1 - 09.aa        |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Search/Search_AuditDiagnosticLog_Audit.json                                              |
+| Service Bus         | [Resource logs in Service Bus should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Service%20Bus/ServiceBus_AuditDiagnosticLog_Audit.json)                                                                                | LT-4                       | 5.3   |           |             |                      |                     | 1208.09aa3System.1 - 09.aa        |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Service%20Bus/ServiceBus_AuditDiagnosticLog_Audit.json                                   |
+| Stream Analytics    | [Resource logs in Azure Stream Analytics should be enabled](https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Stream%20Analytics/StreamAnalytics_AuditDiagnosticLog_Audit.json)                                                           | LT-4                       | 5.3   |           |             |                      |                     | 1207.09aa2System.4 - 09.aa        |                   | https://github.com/Azure/azure-policy/blob/master/built-in-policies/policyDefinitions/Stream%20Analytics/StreamAnalytics_AuditDiagnosticLog_Audit.json                         |
\ No newline at end of file