Support for managing Regulatory Compliance in Microsoft Defender for Cloud

[jsun9406]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

While working on using Terraform to manage Microsoft Defender for Cloud.

I am trying to find a way to enable/disable Regulatory Compliance in Security Policy via Terraform (see below screenshot). Is there a such resource type in Terraform can achieve this?

New or Affected Resource(s)/Data Source(s)

azurerm_security_center

Potential Terraform Configuration

No response

References

No response

[nickel-tyler]

I think you would just use azurerm_policy_assignment's for built-in policies under the category 'Regulatory Compliance', and once you do this Azure will 'detect' this under the Security Policy blade. You can do something similar to enable the Defender plan features, as some/most of the features are backed by Azure Policy.

Regulatory Compliance built-in policies

Evidence that policy assignments can be used enable some defender plan settings