This is a duplicate of #1312 but since it is closed without a proper resolution I am opening a new issue.
Details of the scenario you tried and the problem that is occurring
The rule Email notification for high severity alerts should be enabled in CIS 1.1.0 is broken. We have configured 100+ subscriptions correctly and since a few weeks back every subscription is listed as non-compliant with this policy.
This is a duplicate of #1312 but since it is closed without a proper resolution I am opening a new issue.
Details of the scenario you tried and the problem that is occurring
The rule Email notification for high severity alerts should be enabled in CIS 1.1.0 is broken. We have configured 100+ subscriptions correctly and since a few weeks back every subscription is listed as non-compliant with this policy.
Verbose logs showing the problem
N/A
Suggested solution to the issue
The suggested solution in #1312 is to replace the
anyOf
withallOf
here https://github.com/Azure/azure-policy/blob/fb3a632a61e36f32a79875c50d75f3f72d8a6c36/built-in-policies/policyDefinitions/Security%20Center/ASC_Email_notification.json#L37If policy is Guest Configuration - details about target node
N/A