Closed leslieRD closed 9 months ago
Policy Id: /providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517
Definition
"policyRule": {
"if": {
"field": "type",
"equals": "Microsoft.Network/virtualNetworks/subnets"
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.Security/assessments",
"name": "eade5b56-eefd-444f-95c8-23f29e5d93cb",
"existenceCondition": {
"field": "Microsoft.Security/assessments/status.code",
"in": [
"NotApplicable",
"Healthy"
]
}
}
}
}
This policy definition depends on Defender for Cloud (DfC) to evaluate each subnet to make sure they are associated with a Network Security Group (NSG). Based on the evaluation, DfC will annotate the status as:
The policy definition will mark the subnet as compliant if the status is either Healthy
or NotApplicable
. In your case, can you check:
NotFound
, then it implies DfC has not run on your subscription and therefore policy can not verify compliance. If this is the case, can you open a support case for an engineer to review?This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 7 days.
after deploying the Canadian Pub Sector Landing Zone, State of a lot of resources has been labeled as non-compliant.
most of these Subnet has been already associated with a NSG
Any help please.