Open skeeler opened 2 years ago
From the Azure Policy docs:
Azure Policy evaluates resources in Azure by comparing the properties of those resources to business rules.
This presents a challenge for evaluating things that aren't Azure resources.
There are, despite the quote above, checks within Azure Policy that don't pertain to resources e.g., MFA should be enabled accounts with write permissions on your subscription. This is accomplished by the use of the Microsoft.Security/assessments resource type. These are very customizable, and can be referenced in Azure Policy.
To create an assessment, we first create an assessment metadata resource which defines the assessment criteria, remediation description, etc. Then, we create an assessment using the name/uuid of our assessment metadata, specifying the assessed resource and the status of the assessment.
This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 7 days.
Removed stale tag. Marking as blocked until upstream work is completed.
Dependent on https://github.com/Azure/GuardrailsSolutionAccelerator publishing custom assessment to Microsoft Defender for Cloud.