Provide parameters to Audit or Disable the scan of Microsoft Defender options

Details of the scenario you tried and the problem that is occurring

Depending on the client context some Microsoft Defender features need to be disabled through the portail or as-code but we would like to stop auditing those ones via Policy to have a relevant KPI.

It could be disabled for POC subscription or because the client is not ready to subscribe to one Defender feature.

Verbose logs showing the problem

The "Microsoft Cloud Secruity Benchmark" KPI need then to be in ad equation with the client choice.

Suggested solution to the issue

Add parameters on the policy set "Microsoft Cloud Secruity Benchmark" like the following ones:

  "assignment": {
      "name": "Deploy-ASC-Monitoring",
      "displayName": "Microsoft Cloud Security Benchmark",
      "description": "Microsoft Cloud Security Benchmark policy initiative"
  },
  "definitionEntry": {
      "policySetId": "/providers/Microsoft.Authorization/policySetDefinitions/1f3afdf9-d0c9-4c3d-847f-89da613e70a8",
      "displayName": "Microsoft Cloud Security Benchmark"
  },
  "parameters": {
      "enableDefenderForApis": "Disabled",
      "defenderForStorageShouldBeEnabledMonitoring": "Disabled",
      "virtualMachinesAdvancedThreatProtectionMonitoringEffect": "Disabled",
      "keyVaultsAdvancedDataSecurityMonitoringEffect": "Disabled",
      "AzureDefenderForOpenSourceRelationalDatabasesShouldBeEnabledMonitoringEffect": "Disabled",
      "MicrosoftDefenderCSPMShouldBeEnabledMonitoringEffect": "Disabled",
      "appServicesAdvancedThreatProtectionMonitoringEffect": "Disabled",
      "containersAdvancedThreatProtectionMonitoringEffect": "Disabled",
      "AzureDefenderForResourceManagerShouldBeEnabledMonitoringEffect": "Disabled",
      "sqlServersAdvancedDataSecurityMonitoringEffect": "Disabled",
      "sqlServersVirtualMachinesAdvancedDataSecurityMonitoringEffect": "Disabled",
      "storageAccountsAdvancedDataSecurityMonitoringEffect": "Disabled"
  },

Azure / azure-policy