Closed baartch closed 8 months ago
Hey @baartch,
Thanks for raising. This policy assignment is actually for the initiative (1f3afdf9-d0c9-4c3d-847f-89da613e70a8
) which is the "Microsoft cloud security benchmark" initiative.
This initiative doesn't use an effect that requires an identity, so remediation tasks are not possible for this one.
Unfortunately it's assignment name is some legacy technical debt we have that we are aware of, but it would be a breaking change to change it's name, but it's not deploying anything, just a bad name 😟
Hope that helps
Let us know the feedback or general question
Hi everyone I'm a little confused about this.
We have many Non-compliant resources in the Policy Assignment named Enable Monitoring in Microsoft Defender for Cloud.
When I click on Create remediation task I get a 404.
And when I check the template, it is the only deploy template (
policy_assignment_es_deploy_***
) where identity is set tonone
. All the other deploy templates have aSystemAssigned
identity. https://github.com/Azure/ALZ-Bicep/blob/17edce484a4eef9d0d82951677bf927128efc4c2/infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_asc_monitoring.tmpl.json#L16Could it be that
./infra-as-code/bicep/modules/policy/assignments/lib/policy_assignments/policy_assignment_es_deploy_asc_monitoring.tmpl.json
needs aSystemAssigned
identity too?Code of Conduct