Open AZMadeEZ opened 11 months ago
+1, I am trying to find the policy rules used by this Assessment and it is not clear where those policy rules can be found.
For example, does the Assessment used by this Policy Definition mirror the ALZ policy definition convention which excludes Subnets named ["GatewaySubnet","AzureFirewallSubnet","AzureFirewallManagementSubnet"]?
Details of the scenario you tried and the problem that is occurring
The policy used in the HIPAA HiTrust policy set references a security assessment that is no longer used, and will always show false instead of looking at the configuration of the resource. Line 8056 of https://github.com/Azure/azure-policy/blob/master/built-in-policies/policySetDefinitions/Regulatory%20Compliance/HIPAA_HITRUST_audit.json references the policy /providers/Microsoft.Authorization/policyDefinitions/e71308d3-144b-4262-b144-efdc3cc90517 which no longer works.
Verbose logs showing the problem
Suggested solution to the issue
replace this with a policy that references the configuration of the subnet having a network security group rather than a security assessment.
If policy is Guest Configuration - details about target node