cds-snc
diff --git a/‎policy/custom/definitions/policyset/DefenderForCloud.bicep‎
Lines changed: 19 additions & 24 deletions b/‎policy/custom/definitions/policyset/DefenderForCloud.bicep‎
Lines changed: 19 additions & 24 deletions
diff --git a/‎policy/custom/definitions/policyset/DefenderForCloud.parameters.json‎
Lines changed: 1 addition & 3 deletions b/‎policy/custom/definitions/policyset/DefenderForCloud.parameters.json‎
Lines changed: 1 addition & 3 deletions
@@ -9,11 +9,6 @@
 
 targetScope = 'managementGroup'
 
-@description('Management Group scope for the policy definition.')
-param policyDefinitionManagementGroupId string
-
-var customPolicyDefinitionMgScope = tenantResourceId('Microsoft.Management/managementGroups', policyDefinitionManagementGroupId)
-
 resource ascAzureDefender 'Microsoft.Authorization/policySetDefinitions@2020-03-01' = {
   name: 'custom-enable-azure-defender'
   properties: {
@@ -29,151 +24,151 @@ resource ascAzureDefender 'Microsoft.Authorization/policySetDefinitions@2020-03-
         groupNames: [
           'EXTRA'
         ]
-        policyDefinitionId: extensionResourceId(customPolicyDefinitionMgScope, 'Microsoft.Authorization/policyDefinitions', '361c2074-3595-4e5d-8cab-4f21dffc835c')
+        policyDefinitionId: tenantResourceId('Microsoft.Authorization/policyDefinitions', '361c2074-3595-4e5d-8cab-4f21dffc835c')
         policyDefinitionReferenceId: toLower(replace('Deploy Advanced Threat Protection on Storage Accounts', ' ', '-'))
         parameters: {}
       }
       {
         groupNames: [
           'EXTRA'
         ]
-        policyDefinitionId: extensionResourceId(customPolicyDefinitionMgScope, 'Microsoft.Authorization/policyDefinitions', '36d49e87-48c4-4f2e-beed-ba4ed02b71f5')
+        policyDefinitionId: tenantResourceId('Microsoft.Authorization/policyDefinitions', '36d49e87-48c4-4f2e-beed-ba4ed02b71f5')
         policyDefinitionReferenceId: toLower(replace('Deploy Threat Detection on SQL servers', ' ', '-'))
         parameters: {}
       }
       {
         groupNames: [
           'EXTRA'
         ]
-        policyDefinitionId: extensionResourceId(customPolicyDefinitionMgScope, 'Microsoft.Authorization/policyDefinitions', 'feedbf84-6b99-488c-acc2-71c829aa5ffc')
+        policyDefinitionId: tenantResourceId('Microsoft.Authorization/policyDefinitions', 'feedbf84-6b99-488c-acc2-71c829aa5ffc')
         policyDefinitionReferenceId: toLower(replace('Vulnerabilities on your SQL databases should be remediated', ' ', '-'))
         parameters: {}
       }
       {
         groupNames: [
           'EXTRA'
         ]
-        policyDefinitionId: extensionResourceId(customPolicyDefinitionMgScope, 'Microsoft.Authorization/policyDefinitions', '6134c3db-786f-471e-87bc-8f479dc890f6')
+        policyDefinitionId: tenantResourceId('Microsoft.Authorization/policyDefinitions', '6134c3db-786f-471e-87bc-8f479dc890f6')
         policyDefinitionReferenceId: toLower(replace('Deploy Advanced Data Security on SQL servers', ' ', '-'))
         parameters: {}
       }
       {
         groupNames: [
           'EXTRA'
         ]
-        policyDefinitionId: extensionResourceId(customPolicyDefinitionMgScope, 'Microsoft.Authorization/policyDefinitions', '3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4')
+        policyDefinitionId: tenantResourceId('Microsoft.Authorization/policyDefinitions', '3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4')
         policyDefinitionReferenceId: toLower(replace('Vulnerabilities in security configuration on your virtual machine scale sets should be remediated', ' ', '-'))
         parameters: {}
       }
       {
         groupNames: [
           'EXTRA'
         ]
-        policyDefinitionId: extensionResourceId(customPolicyDefinitionMgScope, 'Microsoft.Authorization/policyDefinitions', 'e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15')
+        policyDefinitionId: tenantResourceId('Microsoft.Authorization/policyDefinitions', 'e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15')
         policyDefinitionReferenceId: toLower(replace('Vulnerabilities in security configuration on your machines should be remediated', ' ', '-'))
         parameters: {}
       }
       {
         groupNames: [
           'EXTRA'
         ]
-        policyDefinitionId: extensionResourceId(customPolicyDefinitionMgScope, 'Microsoft.Authorization/policyDefinitions', '501541f7-f7e7-4cd6-868c-4190fdad3ac9')
+        policyDefinitionId: tenantResourceId('Microsoft.Authorization/policyDefinitions', '501541f7-f7e7-4cd6-868c-4190fdad3ac9')
         policyDefinitionReferenceId: toLower(replace('vulnerability assessment solution should be enabled on your virtual machines', ' ', '-'))
         parameters: {}
       }
       {
         groupNames: [
           'EXTRA'
         ]
-        policyDefinitionId: extensionResourceId(customPolicyDefinitionMgScope, 'Microsoft.Authorization/policyDefinitions', '13ce0167-8ca6-4048-8e6b-f996402e3c1b')
+        policyDefinitionId: tenantResourceId('Microsoft.Authorization/policyDefinitions', '13ce0167-8ca6-4048-8e6b-f996402e3c1b')
         policyDefinitionReferenceId: toLower(replace('Configure machines to receive the Qualys vulnerability assessment agent', ' ', '-'))
         parameters: {}
       }
       {
         groupNames: [
           'EXTRA'
         ]
-        policyDefinitionId: extensionResourceId(customPolicyDefinitionMgScope, 'Microsoft.Authorization/policyDefinitions', '1f725891-01c0-420a-9059-4fa46cb770b7')
+        policyDefinitionId: tenantResourceId('Microsoft.Authorization/policyDefinitions', '1f725891-01c0-420a-9059-4fa46cb770b7')
         policyDefinitionReferenceId: toLower(replace('Configure Azure Defender for Key Vaults to be enabled', ' ', '-'))
         parameters: {}
       }
       {
         groupNames: [
           'EXTRA'
         ]
-        policyDefinitionId: extensionResourceId(customPolicyDefinitionMgScope, 'Microsoft.Authorization/policyDefinitions', 'b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d')
+        policyDefinitionId: tenantResourceId('Microsoft.Authorization/policyDefinitions', 'b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d')
         policyDefinitionReferenceId: toLower(replace('Configure Azure Defender for App Service to be enabled', ' ', '-'))
         parameters: {}
       }
       {
         groupNames: [
           'EXTRA'
         ]
-        policyDefinitionId: extensionResourceId(customPolicyDefinitionMgScope, 'Microsoft.Authorization/policyDefinitions', 'b7021b2b-08fd-4dc0-9de7-3c6ece09faf9')
+        policyDefinitionId: tenantResourceId('Microsoft.Authorization/policyDefinitions', 'b7021b2b-08fd-4dc0-9de7-3c6ece09faf9')
         policyDefinitionReferenceId: toLower(replace('Configure Azure Defender for Resource Manager to be enabled', ' ', '-'))
         parameters: {}
       }
       {
         groupNames: [
           'EXTRA'
         ]
-        policyDefinitionId: extensionResourceId(customPolicyDefinitionMgScope, 'Microsoft.Authorization/policyDefinitions', '2370a3c1-4a25-4283-a91a-c9c1a145fb2f')
+        policyDefinitionId: tenantResourceId('Microsoft.Authorization/policyDefinitions', '2370a3c1-4a25-4283-a91a-c9c1a145fb2f')
         policyDefinitionReferenceId: toLower(replace('Configure Azure Defender for DNS to be enabled', ' ', '-'))
         parameters: {}
       }
       {
         groupNames: [
           'EXTRA'
         ]
-        policyDefinitionId: extensionResourceId(customPolicyDefinitionMgScope, 'Microsoft.Authorization/policyDefinitions', '44433aa3-7ec2-4002-93ea-65c65ff0310a')
+        policyDefinitionId: tenantResourceId('Microsoft.Authorization/policyDefinitions', '44433aa3-7ec2-4002-93ea-65c65ff0310a')
         policyDefinitionReferenceId: toLower(replace('Configure Azure Defender for open-source relational databases to be enabled', ' ', '-'))
         parameters: {}
       }
       {
         groupNames: [
           'EXTRA'
         ]
-        policyDefinitionId: extensionResourceId(customPolicyDefinitionMgScope, 'Microsoft.Authorization/policyDefinitions', 'b99b73e7-074b-4089-9395-b7236f094491')
+        policyDefinitionId: tenantResourceId('Microsoft.Authorization/policyDefinitions', 'b99b73e7-074b-4089-9395-b7236f094491')
         policyDefinitionReferenceId: toLower(replace('Configure Azure Defender for Azure SQL database to be enabled', ' ', '-'))
         parameters: {}
       }
       {
         groupNames: [
           'EXTRA'
         ]
-        policyDefinitionId: extensionResourceId(customPolicyDefinitionMgScope, 'Microsoft.Authorization/policyDefinitions', '50ea7265-7d8c-429e-9a7d-ca1f410191c3')
+        policyDefinitionId: tenantResourceId('Microsoft.Authorization/policyDefinitions', '50ea7265-7d8c-429e-9a7d-ca1f410191c3')
         policyDefinitionReferenceId: toLower(replace('Configure Azure Defender for SQL servers on machines to be enabled', ' ', '-'))
         parameters: {}
       }
       {
         groupNames: [
           'EXTRA'
         ]
-        policyDefinitionId: extensionResourceId(customPolicyDefinitionMgScope, 'Microsoft.Authorization/policyDefinitions', '74c30959-af11-47b3-9ed2-a26e03f427a3')
+        policyDefinitionId: tenantResourceId('Microsoft.Authorization/policyDefinitions', '74c30959-af11-47b3-9ed2-a26e03f427a3')
         policyDefinitionReferenceId: toLower(replace('Configure Azure Defender for Storage to be enabled', ' ', '-'))
         parameters: {}
       }
       {
         groupNames: [
           'EXTRA'
         ]
-        policyDefinitionId: extensionResourceId(customPolicyDefinitionMgScope, 'Microsoft.Authorization/policyDefinitions', '8e86a5b6-b9bd-49d1-8e21-4bb8a0862222')
+        policyDefinitionId: tenantResourceId('Microsoft.Authorization/policyDefinitions', '8e86a5b6-b9bd-49d1-8e21-4bb8a0862222')
         policyDefinitionReferenceId: toLower(replace('Configure Azure Defender for servers to be enabled', ' ', '-'))
         parameters: {}
       }
       {
         groupNames: [
           'EXTRA'
         ]
-        policyDefinitionId: extensionResourceId(customPolicyDefinitionMgScope, 'Microsoft.Authorization/policyDefinitions', 'c9ddb292-b203-4738-aead-18e2716e858f')
+        policyDefinitionId: tenantResourceId('Microsoft.Authorization/policyDefinitions', 'c9ddb292-b203-4738-aead-18e2716e858f')
         policyDefinitionReferenceId: toLower(replace('Configure Microsoft Defender for Containers to be enabled', ' ', '-'))
         parameters: {}
       }
       {
         groupNames: [
           'EXTRA'
         ]
-        policyDefinitionId: extensionResourceId(customPolicyDefinitionMgScope, 'Microsoft.Authorization/policyDefinitions', '82bf5b87-728b-4a74-ba4d-6123845cf542')
+        policyDefinitionId: tenantResourceId('Microsoft.Authorization/policyDefinitions', '82bf5b87-728b-4a74-ba4d-6123845cf542')
         policyDefinitionReferenceId: toLower(replace('Configure Microsoft Defender for Azure Cosmos DB to be enabled', ' ', '-'))
         parameters: {}
       }
 
@@ -2,8 +2,6 @@
     "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
     "contentVersion": "1.0.0.0",
     "parameters": {
-        "policyDefinitionManagementGroupId": {
-            "value": "{{var-topLevelManagementGroupName}}"
-        }
+
     }
 }
Original file line number	Diff line number	Diff line change
`@@ -9,11 +9,6 @@`
`9`	`9`
`10`	`10`	`targetScope = 'managementGroup'`
`11`	`11`
`12`		`-@description('Management Group scope for the policy definition.')`
`13`		`-param policyDefinitionManagementGroupId string`
`14`		`-`
`15`		`-var customPolicyDefinitionMgScope = tenantResourceId('Microsoft.Management/managementGroups', policyDefinitionManagementGroupId)`
`16`		`-`
`17`	`12`	`resource ascAzureDefender 'Microsoft.Authorization/policySetDefinitions@2020-03-01' = {`
`18`	`13`	`name: 'custom-enable-azure-defender'`
`19`	`14`	`properties: {`
`@@ -29,151 +24,151 @@ resource ascAzureDefender 'Microsoft.Authorization/policySetDefinitions@2020-03-`
`29`	`24`	`groupNames: [`
`30`	`25`	`'EXTRA'`
`31`	`26`	`]`
`32`		`- policyDefinitionId: extensionResourceId(customPolicyDefinitionMgScope, 'Microsoft.Authorization/policyDefinitions', '361c2074-3595-4e5d-8cab-4f21dffc835c')`
	`27`	`+ policyDefinitionId: tenantResourceId('Microsoft.Authorization/policyDefinitions', '361c2074-3595-4e5d-8cab-4f21dffc835c')`
`33`	`28`	`policyDefinitionReferenceId: toLower(replace('Deploy Advanced Threat Protection on Storage Accounts', ' ', '-'))`
`34`	`29`	`parameters: {}`
`35`	`30`	`}`
`36`	`31`	`{`
`37`	`32`	`groupNames: [`
`38`	`33`	`'EXTRA'`
`39`	`34`	`]`
`40`		`- policyDefinitionId: extensionResourceId(customPolicyDefinitionMgScope, 'Microsoft.Authorization/policyDefinitions', '36d49e87-48c4-4f2e-beed-ba4ed02b71f5')`
	`35`	`+ policyDefinitionId: tenantResourceId('Microsoft.Authorization/policyDefinitions', '36d49e87-48c4-4f2e-beed-ba4ed02b71f5')`
`41`	`36`	`policyDefinitionReferenceId: toLower(replace('Deploy Threat Detection on SQL servers', ' ', '-'))`
`42`	`37`	`parameters: {}`
`43`	`38`	`}`
`44`	`39`	`{`
`45`	`40`	`groupNames: [`
`46`	`41`	`'EXTRA'`
`47`	`42`	`]`
`48`		`- policyDefinitionId: extensionResourceId(customPolicyDefinitionMgScope, 'Microsoft.Authorization/policyDefinitions', 'feedbf84-6b99-488c-acc2-71c829aa5ffc')`
	`43`	`+ policyDefinitionId: tenantResourceId('Microsoft.Authorization/policyDefinitions', 'feedbf84-6b99-488c-acc2-71c829aa5ffc')`
`49`	`44`	`policyDefinitionReferenceId: toLower(replace('Vulnerabilities on your SQL databases should be remediated', ' ', '-'))`
`50`	`45`	`parameters: {}`
`51`	`46`	`}`
`52`	`47`	`{`
`53`	`48`	`groupNames: [`
`54`	`49`	`'EXTRA'`
`55`	`50`	`]`
`56`		`- policyDefinitionId: extensionResourceId(customPolicyDefinitionMgScope, 'Microsoft.Authorization/policyDefinitions', '6134c3db-786f-471e-87bc-8f479dc890f6')`
	`51`	`+ policyDefinitionId: tenantResourceId('Microsoft.Authorization/policyDefinitions', '6134c3db-786f-471e-87bc-8f479dc890f6')`
`57`	`52`	`policyDefinitionReferenceId: toLower(replace('Deploy Advanced Data Security on SQL servers', ' ', '-'))`
`58`	`53`	`parameters: {}`
`59`	`54`	`}`
`60`	`55`	`{`
`61`	`56`	`groupNames: [`
`62`	`57`	`'EXTRA'`
`63`	`58`	`]`
`64`		`- policyDefinitionId: extensionResourceId(customPolicyDefinitionMgScope, 'Microsoft.Authorization/policyDefinitions', '3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4')`
	`59`	`+ policyDefinitionId: tenantResourceId('Microsoft.Authorization/policyDefinitions', '3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4')`
`65`	`60`	`policyDefinitionReferenceId: toLower(replace('Vulnerabilities in security configuration on your virtual machine scale sets should be remediated', ' ', '-'))`
`66`	`61`	`parameters: {}`
`67`	`62`	`}`
`68`	`63`	`{`
`69`	`64`	`groupNames: [`
`70`	`65`	`'EXTRA'`
`71`	`66`	`]`
`72`		`- policyDefinitionId: extensionResourceId(customPolicyDefinitionMgScope, 'Microsoft.Authorization/policyDefinitions', 'e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15')`
	`67`	`+ policyDefinitionId: tenantResourceId('Microsoft.Authorization/policyDefinitions', 'e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15')`
`73`	`68`	`policyDefinitionReferenceId: toLower(replace('Vulnerabilities in security configuration on your machines should be remediated', ' ', '-'))`
`74`	`69`	`parameters: {}`
`75`	`70`	`}`
`76`	`71`	`{`
`77`	`72`	`groupNames: [`
`78`	`73`	`'EXTRA'`
`79`	`74`	`]`
`80`		`- policyDefinitionId: extensionResourceId(customPolicyDefinitionMgScope, 'Microsoft.Authorization/policyDefinitions', '501541f7-f7e7-4cd6-868c-4190fdad3ac9')`
	`75`	`+ policyDefinitionId: tenantResourceId('Microsoft.Authorization/policyDefinitions', '501541f7-f7e7-4cd6-868c-4190fdad3ac9')`
`81`	`76`	`policyDefinitionReferenceId: toLower(replace('vulnerability assessment solution should be enabled on your virtual machines', ' ', '-'))`
`82`	`77`	`parameters: {}`
`83`	`78`	`}`
`84`	`79`	`{`
`85`	`80`	`groupNames: [`
`86`	`81`	`'EXTRA'`
`87`	`82`	`]`
`88`		`- policyDefinitionId: extensionResourceId(customPolicyDefinitionMgScope, 'Microsoft.Authorization/policyDefinitions', '13ce0167-8ca6-4048-8e6b-f996402e3c1b')`
	`83`	`+ policyDefinitionId: tenantResourceId('Microsoft.Authorization/policyDefinitions', '13ce0167-8ca6-4048-8e6b-f996402e3c1b')`
`89`	`84`	`policyDefinitionReferenceId: toLower(replace('Configure machines to receive the Qualys vulnerability assessment agent', ' ', '-'))`
`90`	`85`	`parameters: {}`
`91`	`86`	`}`
`92`	`87`	`{`
`93`	`88`	`groupNames: [`
`94`	`89`	`'EXTRA'`
`95`	`90`	`]`
`96`		`- policyDefinitionId: extensionResourceId(customPolicyDefinitionMgScope, 'Microsoft.Authorization/policyDefinitions', '1f725891-01c0-420a-9059-4fa46cb770b7')`
	`91`	`+ policyDefinitionId: tenantResourceId('Microsoft.Authorization/policyDefinitions', '1f725891-01c0-420a-9059-4fa46cb770b7')`
`97`	`92`	`policyDefinitionReferenceId: toLower(replace('Configure Azure Defender for Key Vaults to be enabled', ' ', '-'))`
`98`	`93`	`parameters: {}`
`99`	`94`	`}`
`100`	`95`	`{`
`101`	`96`	`groupNames: [`
`102`	`97`	`'EXTRA'`
`103`	`98`	`]`
`104`		`- policyDefinitionId: extensionResourceId(customPolicyDefinitionMgScope, 'Microsoft.Authorization/policyDefinitions', 'b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d')`
	`99`	`+ policyDefinitionId: tenantResourceId('Microsoft.Authorization/policyDefinitions', 'b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d')`
`105`	`100`	`policyDefinitionReferenceId: toLower(replace('Configure Azure Defender for App Service to be enabled', ' ', '-'))`
`106`	`101`	`parameters: {}`
`107`	`102`	`}`
`108`	`103`	`{`
`109`	`104`	`groupNames: [`
`110`	`105`	`'EXTRA'`
`111`	`106`	`]`
`112`		`- policyDefinitionId: extensionResourceId(customPolicyDefinitionMgScope, 'Microsoft.Authorization/policyDefinitions', 'b7021b2b-08fd-4dc0-9de7-3c6ece09faf9')`
	`107`	`+ policyDefinitionId: tenantResourceId('Microsoft.Authorization/policyDefinitions', 'b7021b2b-08fd-4dc0-9de7-3c6ece09faf9')`
`113`	`108`	`policyDefinitionReferenceId: toLower(replace('Configure Azure Defender for Resource Manager to be enabled', ' ', '-'))`
`114`	`109`	`parameters: {}`
`115`	`110`	`}`
`116`	`111`	`{`
`117`	`112`	`groupNames: [`
`118`	`113`	`'EXTRA'`
`119`	`114`	`]`
`120`		`- policyDefinitionId: extensionResourceId(customPolicyDefinitionMgScope, 'Microsoft.Authorization/policyDefinitions', '2370a3c1-4a25-4283-a91a-c9c1a145fb2f')`
	`115`	`+ policyDefinitionId: tenantResourceId('Microsoft.Authorization/policyDefinitions', '2370a3c1-4a25-4283-a91a-c9c1a145fb2f')`
`121`	`116`	`policyDefinitionReferenceId: toLower(replace('Configure Azure Defender for DNS to be enabled', ' ', '-'))`
`122`	`117`	`parameters: {}`
`123`	`118`	`}`
`124`	`119`	`{`
`125`	`120`	`groupNames: [`
`126`	`121`	`'EXTRA'`
`127`	`122`	`]`
`128`		`- policyDefinitionId: extensionResourceId(customPolicyDefinitionMgScope, 'Microsoft.Authorization/policyDefinitions', '44433aa3-7ec2-4002-93ea-65c65ff0310a')`
	`123`	`+ policyDefinitionId: tenantResourceId('Microsoft.Authorization/policyDefinitions', '44433aa3-7ec2-4002-93ea-65c65ff0310a')`
`129`	`124`	`policyDefinitionReferenceId: toLower(replace('Configure Azure Defender for open-source relational databases to be enabled', ' ', '-'))`
`130`	`125`	`parameters: {}`
`131`	`126`	`}`
`132`	`127`	`{`
`133`	`128`	`groupNames: [`
`134`	`129`	`'EXTRA'`
`135`	`130`	`]`
`136`		`- policyDefinitionId: extensionResourceId(customPolicyDefinitionMgScope, 'Microsoft.Authorization/policyDefinitions', 'b99b73e7-074b-4089-9395-b7236f094491')`
	`131`	`+ policyDefinitionId: tenantResourceId('Microsoft.Authorization/policyDefinitions', 'b99b73e7-074b-4089-9395-b7236f094491')`
`137`	`132`	`policyDefinitionReferenceId: toLower(replace('Configure Azure Defender for Azure SQL database to be enabled', ' ', '-'))`
`138`	`133`	`parameters: {}`
`139`	`134`	`}`
`140`	`135`	`{`
`141`	`136`	`groupNames: [`
`142`	`137`	`'EXTRA'`
`143`	`138`	`]`
`144`		`- policyDefinitionId: extensionResourceId(customPolicyDefinitionMgScope, 'Microsoft.Authorization/policyDefinitions', '50ea7265-7d8c-429e-9a7d-ca1f410191c3')`
	`139`	`+ policyDefinitionId: tenantResourceId('Microsoft.Authorization/policyDefinitions', '50ea7265-7d8c-429e-9a7d-ca1f410191c3')`
`145`	`140`	`policyDefinitionReferenceId: toLower(replace('Configure Azure Defender for SQL servers on machines to be enabled', ' ', '-'))`
`146`	`141`	`parameters: {}`
`147`	`142`	`}`
`148`	`143`	`{`
`149`	`144`	`groupNames: [`
`150`	`145`	`'EXTRA'`
`151`	`146`	`]`
`152`		`- policyDefinitionId: extensionResourceId(customPolicyDefinitionMgScope, 'Microsoft.Authorization/policyDefinitions', '74c30959-af11-47b3-9ed2-a26e03f427a3')`
	`147`	`+ policyDefinitionId: tenantResourceId('Microsoft.Authorization/policyDefinitions', '74c30959-af11-47b3-9ed2-a26e03f427a3')`
`153`	`148`	`policyDefinitionReferenceId: toLower(replace('Configure Azure Defender for Storage to be enabled', ' ', '-'))`
`154`	`149`	`parameters: {}`
`155`	`150`	`}`
`156`	`151`	`{`
`157`	`152`	`groupNames: [`
`158`	`153`	`'EXTRA'`
`159`	`154`	`]`
`160`		`- policyDefinitionId: extensionResourceId(customPolicyDefinitionMgScope, 'Microsoft.Authorization/policyDefinitions', '8e86a5b6-b9bd-49d1-8e21-4bb8a0862222')`
	`155`	`+ policyDefinitionId: tenantResourceId('Microsoft.Authorization/policyDefinitions', '8e86a5b6-b9bd-49d1-8e21-4bb8a0862222')`
`161`	`156`	`policyDefinitionReferenceId: toLower(replace('Configure Azure Defender for servers to be enabled', ' ', '-'))`
`162`	`157`	`parameters: {}`
`163`	`158`	`}`
`164`	`159`	`{`
`165`	`160`	`groupNames: [`
`166`	`161`	`'EXTRA'`
`167`	`162`	`]`
`168`		`- policyDefinitionId: extensionResourceId(customPolicyDefinitionMgScope, 'Microsoft.Authorization/policyDefinitions', 'c9ddb292-b203-4738-aead-18e2716e858f')`
	`163`	`+ policyDefinitionId: tenantResourceId('Microsoft.Authorization/policyDefinitions', 'c9ddb292-b203-4738-aead-18e2716e858f')`
`169`	`164`	`policyDefinitionReferenceId: toLower(replace('Configure Microsoft Defender for Containers to be enabled', ' ', '-'))`
`170`	`165`	`parameters: {}`
`171`	`166`	`}`
`172`	`167`	`{`
`173`	`168`	`groupNames: [`
`174`	`169`	`'EXTRA'`
`175`	`170`	`]`
`176`		`- policyDefinitionId: extensionResourceId(customPolicyDefinitionMgScope, 'Microsoft.Authorization/policyDefinitions', '82bf5b87-728b-4a74-ba4d-6123845cf542')`
	`171`	`+ policyDefinitionId: tenantResourceId('Microsoft.Authorization/policyDefinitions', '82bf5b87-728b-4a74-ba4d-6123845cf542')`
`177`	`172`	`policyDefinitionReferenceId: toLower(replace('Configure Microsoft Defender for Azure Cosmos DB to be enabled', ' ', '-'))`
`178`	`173`	`parameters: {}`
`179`	`174`	`}`
Original file line number	Diff line number	Diff line change
`@@ -2,8 +2,6 @@`
`2`	`2`	`"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",`
`3`	`3`	`"contentVersion": "1.0.0.0",`
`4`	`4`	`"parameters": {`
`5`		`- "policyDefinitionManagementGroupId": {`
`6`		`- "value": "{{var-topLevelManagementGroupName}}"`
`7`		`- }`
	`5`	`+`
`8`	`6`	`}`
`9`	`7`	`}`