How does Azure Policies in Enterprise-scale Landing Zone help?

Published 04-14-2021 09:59 AM 1,304 Views

Policy-driven Governance is a cornerstone in Enterprise-scale Landing Zone (ESLZ!).  It's possible to codify corporate, industry or country specific governance requirements declaratively using Azure Policy. ESLZ provides 90+ custom policies which help in meeting most common corporate governance requirements with a single click.

 

Benefits of these 90+ custom policies is documented in detail.

 

Following table lists these policies and the governance requirements they help in enforcing.  

 

Custom Policy in ESLZ Benefit

Deny-PublicIP

Deny-Public-Endpoints-for-PaaS-Services*

Prevent Public IP based services 
Deploy-Diag-LogAnalytics**
Enforce audit and log information collection
Deploy-Sql-Security
Provide comprehensive security for SQL Databases 
Deploy-Sql-Tde
Encrypt SQL data at rest 
Deploy-Sql-SecurityAlertPolicies
Enforce alerts for suspicious activity 
Deploy-Sql-AuditingSettings
Enforce audit trail of operations 
Deploy-Sql-vulnerabilityAssessments
Enforce evaluation against proven best practices 
Append-KV-SoftDelete
Protect against intentional/unintentional secret deletion 
Deny-AppGW-Without-WAF
Enforce Web Application Firewall (WAF)
Deny-IP-forwarding
Prevent IP forwarding on VMs 
Deny-Private-DNS-Zones
Enforce centralized DNS record management 
Deny-Subnet-Without-Nsg
Enforce network traffic control 
Deploy-ASC-Standard
Detect and protect against security threats by using Azure Security Center 
Deploy-AzureBackup-on-VM
Protect against ransomware attacks and other data-loss related issues
Deploy-DDoSProtection
Protect against DDoS attacks 
Deploy-DNSZoneGroup-For-*-PrivateEndpoint***
Auto-provision Private Link/Endpoint with Private DNS Zone 
Deploy-FirewallPolicy
Centrally manage firewall rules 
Deploy-HUB
Deny-VNetPeering
Provision Hub and Spoke Network topology 
Deploy-LA-Config
Provision default configuration for Azure Monitor 
Deploy-Log-Analytics
Enable Log Storage and Querying 
Deploy-*-Arc-Monitoring
Provision logging for Azure-Arc enabled servers 
Deploy-Nsg-FlowLogs
Enforce Network Traffic Log collection 
Deploy-vWAN
Deploy-vHUB
Provision at-scale network connectivity solution 
Deploy-VM-Backup
Provision backup for Azure VMs 
Deploy-vNet
Provision connectivity between Virtual Networks (VNets) 
Deploy-Windows-DomainJoin
Enforce Windows VMs to join AD Domain 

 

Deny-Public-Endpoints-for-PaaS-Services Policy Initiative includes following policies which apply on specific Azure services.
 
  1.     Deny-PublicEndpoint-CosmosDB
  2.     Deny-PublicEndpoint-MariaDB
  3.     Deny-PublicEndpoint-MySQL
  4.     Deny-PublicEndpoint-PostgreSql
  5.     Deny-PublicEndpoint-KeyVault
  6.     Deny-PublicEndpoint-Sql
  7.     Deny-PublicEndpoint-Storage
  8.     Deny-PublicEndpoint-Aks
  
Deploy-Diag-LogAnalytics PolicySet helps capturing Logs and Metrics as shown below.
 
Policy Name Log Categories Metrics
Deploy-Diagnostics-AA JobLogs JobStreams DscNodeStatus AllMetrics
Deploy-Diagnostics-ACI   AllMetrics
Deploy-Diagnostics-ACR   AllMetrics
Deploy-Diagnostics-ActivityLog Administrative Security ServiceHealth Alert Recommendation Policy Autoscale ResourceHealth  
Deploy-Diagnostics-AKS kube-audit kube-apiserver kube-controller-manager kube-scheduler cluster-autoscaler AllMetrics
Deploy-Diagnostics-AnalysisService Engine Service AllMetrics
Deploy-Diagnostics-APIMgmt GatewayLogs Gateway Requests Capacity EventHub Events
Deploy-Diagnostics-ApplicationGateway ApplicationGatewayAccessLog ApplicationGatewayPerformanceLog ApplicationGatewayFirewallLog AllMetrics
Deploy-Diagnostics-Batch ServiceLog AllMetrics
Deploy-Diagnostics-CDNEndpoints CoreAnalytics  
Deploy-Diagnostics-CognitiveServices Audit RequestResponse AllMetrics
Deploy-Diagnostics-CosmosDB DataPlaneRequests MongoRequests QueryRuntimeStatistics Requests"
Deploy-Diagnostics-DataFactory ActivityRuns PipelineRuns TriggerRuns AllMetrics
Deploy-Diagnostics-DataLakeStore Audit Requests AllMetrics
Deploy-Diagnostics-DLAnalytics Audit Requests AllMetrics
Deploy-Diagnostics-EventGridSub   AllMetrics
Deploy-Diagnostics-EventGridTopic   AllMetrics
Deploy-Diagnostics-EventHub ArchiveLogs OperationalLogs AutoScaleLogs AllMetrics
Deploy-Diagnostics-ExpressRoute PeeringRouteLog AllMetrics
Deploy-Diagnostics-Firewall AzureFirewallApplicationRule AzureFirewallNetworkRule AzureFirewallDnsProxy AllMetrics
Deploy-Diagnostics-HDInsight   AllMetrics
Deploy-Diagnostics-iotHub Connections DeviceTelemetry C2DCommands DeviceIdentityOperations FileUploadOperations Routes D2CTwinOperations C2DTwinOperations TwinQueries JobsOperations DirectMethods E2EDiagnostics Configurations AllMetrics
Deploy-Diagnostics-KeyVault AuditEvent AllMetrics
Deploy-Diagnostics-LoadBalancer LoadBalancerAlertEvent LoadBalancerProbeHealthStatus AllMetrics
Deploy-Diagnostics-LogicAppsISE IntegrationAccountTrackingEvents  
Deploy-Diagnostics-LogicAppsWF WorkflowRuntime AllMetrics
Deploy-Diagnostics-MlWorkspace AmlComputeClusterEvent AmlComputeClusterNodeEvent AmlComputeJobEvent AmlComputeCpuGpuUtilization AmlRunStatusChangedEvent Run Model Quota Resource
Deploy-Diagnostics-MySQL MySqlSlowLogs AllMetrics
Deploy-Diagnostics-NetworkSecurityGroups NetworkSecurityGroupEvent NetworkSecurityGroupRuleCounter  
Deploy-Diagnostics-NIC   AllMetrics
Deploy-Diagnostics-PostgreSQL PostgreSQLLogs AllMetrics
Deploy-Diagnostics-PowerBIEmbedded Engine AllMetrics
Deploy-Diagnostics-PublicIP DDoSProtectionNotifications DDoSMitigationFlowLogs DDoSMitigationReports AllMetrics
Deploy-Diagnostics-RecoveryVault CoreAzureBackup AddonAzureBackupAlerts AddonAzureBackupJobs AddonAzureBackupPolicy AddonAzureBackupProtectedInstance AddonAzureBackupStorage  
Deploy-Diagnostics-RedisCache   AllMetrics
Deploy-Diagnostics-Relay   AllMetrics
Deploy-Diagnostics-SearchServices OperationLogs AllMetrics
Deploy-Diagnostics-ServiceBus OperationalLogs AllMetrics
Deploy-Diagnostics-SignalR   AllMetrics
Deploy-Diagnostics-SQLDBs SQLInsights AutomaticTuning QueryStoreRuntimeStatistics QueryStoreWaitStatistics Errors DatabaseWaitStatistics Timeouts Blocks Deadlocks SQLSecurityAuditEvents AllMetrics
Deploy-Diagnostics-SQLElasticPools   AllMetrics
Deploy-Diagnostics-SQLMI ResourceUsageStats SQLSecurityAuditEvents  
Deploy-Diagnostics-StreamAnalytics Execution Authoring AllMetrics
Deploy-Diagnostics-TimeSeriesInsights   AllMetrics
Deploy-Diagnostics-TrafficManager ProbeHealthStatusEvents AllMetrics
Deploy-Diagnostics-VirtualNetwork VMProtectionAlerts AllMetrics
Deploy-Diagnostics-VM   AllMetrics
Deploy-Diagnostics-VMSS   AllMetrics
Deploy-Diagnostics-VNetGW GatewayDiagnosticLog IKEDiagnosticLog P2SDiagnosticLog RouteDiagnosticLog RouteDiagnosticLog TunnelDiagnosticLog AllMetrics
Deploy-Diagnostics-WebServerFarm   AllMetrics
Deploy-Diagnostics-Website   AllMetrics
 
PolicySet Deploy-DNSZoneGroup-For-*-PrivateEndpoint targets Azure services as shown below.
 
Policy Name Azure Service
Deploy-DNSZoneGroup-For-Blob-PrivateEndpoint Azure Storage Blob
Deploy-DNSZoneGroup-For-File-PrivateEndpoint
Azure Storage File
Deploy-DNSZoneGroup-For-Queue-PrivateEndpoint
Azure Storage Queue
Deploy-DNSZoneGroup-For-Table-PrivateEndpoint
Azure Storage Table
Deploy-DNSZoneGroup-For-KeyVault-PrivateEndpoint
Azure KeyVault
Deploy-DNSZoneGroup-For-Sql-PrivateEndpoint
Azure SQL Database
 
 
1 Comment
Contributor

Nicely tabulated the policies

%3CLINGO-SUB%20id%3D%22lingo-sub-2121478%22%20slang%3D%22en-US%22%3EHow%20does%20Azure%20Policies%20in%20Enterprise-scale%20Landing%20Zone%20help%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2121478%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Fcloud-adoption-framework%2Fready%2Fenterprise-scale%2Fmanagement-group-and-subscription-organization%23policy-driven-governance%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EPolicy-driven%20Governance%3C%2FA%3E%20is%20a%20cornerstone%20in%20%3CA%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FEnterprise-Scale%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EEnterprise-scale%20Landing%20Zone%3C%2FA%3E%26nbsp%3B(ESLZ!).%26nbsp%3B%20It's%20possible%20to%20codify%20corporate%2C%20industry%20or%20country%20specific%20governance%20requirements%20declaratively%20using%20Azure%20Policy.%20ESLZ%20provides%2090%2B%20custom%20policies%20which%20help%20in%20meeting%20most%20common%20corporate%20governance%20requirements%20with%20a%20single%20click.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EBenefits%20of%20these%2090%2B%20custom%20policies%20is%20documented%20in%20detail.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFollowing%20table%20lists%20these%20policies%20and%20the%20governance%20requirements%20they%20help%20in%20enforcing.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CTABLE%20class%3D%22lia-align-left%22%20style%3D%22width%3A%20100%25%3B%22%20border%3D%221%22%20width%3D%22100%25%22%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2228px%22%3E%3CSTRONG%3ECustom%20Poli%3C%2FSTRONG%3E%3CSTRONG%3Ecy%20in%20ESLZ%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2228px%22%3E%3CSTRONG%3EBenefit%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2256px%22%3E%3CP%3EDeny-PublicIP%3C%2FP%3E%0A%3CP%3E%3CEM%3E%3CSPAN%20style%3D%22background-color%3A%20transparent%3B%22%3EDeny-Public-Endpoints-for-PaaS-Services*%3C%2FSPAN%3E%3C%2FEM%3E%3C%2FP%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2256px%22%3E%3CA%20title%3D%22Prevent%20Public%20IP%20based%20services%22%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FEnterprise-Scale%2Fblob%2Fmain%2Fdocs%2Freference%2Fazpol.md%23prevent-public-ip-based-services%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EPrevent%20Public%20IP%20based%20services%3C%2FA%3E%26nbsp%3B%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2228px%22%3E%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%3CEM%3EDeploy-Diag-LogAnalytics**%3C%2FEM%3E%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2228px%22%3E%3CA%20title%3D%22Enforce%20audit%20and%20log%20information%20collection%22%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FEnterprise-Scale%2Fblob%2Fmain%2Fdocs%2Freference%2Fazpol.md%23enforce-audit-and-log-information-collection%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EEnforce%20audit%20and%20log%20information%3C%2FA%3E%3CA%20title%3D%22Enforce%20audit%20and%20log%20information%20collection%22%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FEnterprise-Scale%2Fblob%2Fmain%2Fdocs%2Freference%2Fazpol.md%23enforce-audit-and-log-information-collection%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E%20collecti%3C%2FA%3E%3CA%20title%3D%22Enforce%20audit%20and%20log%20information%20collection%22%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FEnterprise-Scale%2Fblob%2Fmain%2Fdocs%2Freference%2Fazpol.md%23enforce-audit-and-log-information-collection%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Eon%3C%2FA%3E%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2256px%22%3E%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3EDeploy-Sql-Security%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2256px%22%3E%3CA%20title%3D%22Provide%20comprehensive%20security%20for%20SQL%20Databases%22%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FEnterprise-Scale%2Fblob%2Fmain%2Fdocs%2Freference%2Fazpol.md%23provide-comprehensive-security-for-sql-databases%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EProvide%20comprehensive%20security%20for%20SQL%20Databases%3C%2FA%3E%26nbsp%3B%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2228px%22%3E%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3EDeploy-Sql-Tde%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2228px%22%3E%3CA%20title%3D%22Encrypt%20SQL%20data%20at%20rest%22%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FEnterprise-Scale%2Fblob%2Fmain%2Fdocs%2Freference%2Fazpol.md%23encrypt-sql-data-at-rest%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EEncrypt%20SQL%20data%20at%20rest%3C%2FA%3E%26nbsp%3B%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2228px%22%3E%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3EDeploy-Sql-SecurityAlertPolicies%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2228px%22%3E%3CA%20title%3D%22Enforce%20alerts%20for%20suspicious%20activity%22%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FEnterprise-Scale%2Fblob%2Fmain%2Fdocs%2Freference%2Fazpol.md%23enforce-alerts-for-suspicious-activity%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EEnforce%20alerts%20for%20suspicious%20activity%3C%2FA%3E%26nbsp%3B%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2228px%22%3E%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3EDeploy-Sql-AuditingSettings%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2228px%22%3E%3CA%20title%3D%22Enforce%20audit%20trail%20of%20operations%22%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FEnterprise-Scale%2Fblob%2Fmain%2Fdocs%2Freference%2Fazpol.md%23enforce-audit-trail-of-operations%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EEnforce%20audit%20trail%20of%20operations%3C%2FA%3E%26nbsp%3B%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2228px%22%3E%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3EDeploy-Sql-vulnerabilityAssessments%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2228px%22%3E%3CA%20title%3D%22Enforce%20evaluation%20against%20proven%20best%20practices%22%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FEnterprise-Scale%2Fblob%2Fmain%2Fdocs%2Freference%2Fazpol.md%23enforce-evaluation-against-proven-best-practices%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EEnforce%20evaluation%20against%20proven%20best%20practices%3C%2FA%3E%26nbsp%3B%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2256px%22%3E%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3EAppend-KV-SoftDelete%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2256px%22%3E%3CA%20title%3D%22Protect%20against%20intentional%2Funintentional%20secret%20deletion%22%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FEnterprise-Scale%2Fblob%2Fmain%2Fdocs%2Freference%2Fazpol.md%23protect-against-intentionalunintentional-secret-deletion%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EProtect%20against%20intentional%2Funintentional%20secret%20deletion%3C%2FA%3E%26nbsp%3B%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2228px%22%3E%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3EDeny-AppGW-Without-WAF%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2228px%22%3E%3CA%20title%3D%22Enforce%20Web%20Application%20Firewall%20(WAF)%22%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FEnterprise-Scale%2Fblob%2Fmain%2Fdocs%2Freference%2Fazpol.md%23enforce-web-application-firewall-waf%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EEnforce%20Web%20Application%20Firewall%20%3C%2FA%3E%3CA%20title%3D%22Enforce%20Web%20Application%20Firewall%20(WAF)%22%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FEnterprise-Scale%2Fblob%2Fmain%2Fdocs%2Freference%2Fazpol.md%23enforce-web-application-firewall-waf%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3E(WAF)%3C%2FA%3E%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2228px%22%3E%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3EDeny-IP-forwarding%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2228px%22%3E%3CA%20title%3D%22Prevent%20IP%20forwarding%20on%20VMs%22%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FEnterprise-Scale%2Fblob%2Fmain%2Fdocs%2Freference%2Fazpol.md%23prevent-ip-forwarding-on-vms%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EPrevent%20IP%20forwarding%20on%20VMs%3C%2FA%3E%26nbsp%3B%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2228px%22%3E%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3EDeny-Private-DNS-Zones%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2228px%22%3E%3CA%20title%3D%22Enforce%20centralized%20DNS%20record%20management%22%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FEnterprise-Scale%2Fblob%2Fmain%2Fdocs%2Freference%2Fazpol.md%23enforce-centralized-dns-record-management%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EEnforce%20centralized%20DNS%20record%20management%3C%2FA%3E%26nbsp%3B%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2228px%22%3E%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3EDeny-Subnet-Without-Nsg%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2228px%22%3E%3CA%20title%3D%22Enforce%20network%20traffic%20control%22%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FEnterprise-Scale%2Fblob%2Fmain%2Fdocs%2Freference%2Fazpol.md%23enforce-network-traffic-control%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EEnforce%20network%20traffic%20control%3C%2FA%3E%26nbsp%3B%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2256px%22%3E%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3EDeploy-ASC-Standard%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2256px%22%3E%3CA%20title%3D%22Detect%20and%20protect%20against%20security%20threats%20by%20using%20Azure%20Security%20Center%22%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FEnterprise-Scale%2Fblob%2Fmain%2Fdocs%2Freference%2Fazpol.md%23detect-and-protect-against-security-threats-by-using-azure-security-center%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EDetect%20and%20protect%20against%20security%20threats%20by%20using%20Azure%20Security%20Center%3C%2FA%3E%26nbsp%3B%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2256px%22%3E%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3EDeploy-AzureBackup-on-VM%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2256px%22%3E%3CA%20title%3D%22Protect%20against%20ransomware%20attacks%20and%20other%20data-loss%20related%20issues%22%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FEnterprise-Scale%2Fblob%2Fmain%2Fdocs%2Freference%2Fazpol.md%23protect-against-ransomware-attacks-and-other-data-loss-related-issues%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EProtect%20against%20ransomware%20attacks%20and%20other%20dat%3C%2FA%3E%3CA%20title%3D%22Protect%20against%20ransomware%20attacks%20and%20other%20data-loss%20related%20issues%22%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FEnterprise-Scale%2Fblob%2Fmain%2Fdocs%2Freference%2Fazpol.md%23protect-against-ransomware-attacks-and-other-data-loss-related-issues%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ea-loss%20related%20issues%3C%2FA%3E%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2228px%22%3E%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3EDeploy-DDoSProtection%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2228px%22%3E%3CA%20title%3D%22Protect%20against%20DDoS%20attacks%22%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FEnterprise-Scale%2Fblob%2Fmain%2Fdocs%2Freference%2Fazpol.md%23protect-against-ddos-attacks%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EProtect%20against%20DDoS%20attacks%3C%2FA%3E%26nbsp%3B%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2256px%22%3E%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%3CSPAN%3E%3CEM%3EDeploy-DNSZoneGroup-For-*-PrivateEndpoint%3C%2FEM%3E***%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2256px%22%3E%3CA%20title%3D%22Auto-provision%20Private%20Link%2FEndpoint%20with%20Private%20DNS%20Zone%22%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FEnterprise-Scale%2Fblob%2Fmain%2Fdocs%2Freference%2Fazpol.md%23auto-provision-private-linkendpoint-with-private-dns-zone%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EAuto-provision%20Private%20Link%2FEndpoint%20with%20Private%20DNS%20Zone%3C%2FA%3E%26nbsp%3B%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2228px%22%3E%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%3CSPAN%3EDeploy-FirewallPolicy%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2228px%22%3E%3CA%20title%3D%22Centrally%20manage%20firewall%20rules%22%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FEnterprise-Scale%2Fblob%2Fmain%2Fdocs%2Freference%2Fazpol.md%23centrally-manage-firewall-rules%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3ECentrally%20manage%20firewall%20rules%3C%2FA%3E%26nbsp%3B%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2256px%22%3E%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%3CSPAN%3EDeploy-HUB%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CDIV%3E%3CSPAN%3EDeny-VNetPeering%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2256px%22%3E%3CA%20title%3D%22Provision%20Hub%20and%20Spoke%20Network%20topology%22%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FEnterprise-Scale%2Fblob%2Fmain%2Fdocs%2Freference%2Fazpol.md%23provision-hub-and-spoke-network-topology%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EProvision%20Hub%20and%20Spoke%20Network%20topology%3C%2FA%3E%26nbsp%3B%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2256px%22%3E%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%3CSPAN%3EDeploy-LA-Config%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2256px%22%3E%3CA%20title%3D%22Provision%20default%20configuration%20for%20Azure%20Monitor%22%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FEnterprise-Scale%2Fblob%2Fmain%2Fdocs%2Freference%2Fazpol.md%23provision-default-configuration-for-azure-monitor%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EProvision%20default%20configuration%20for%20Azure%20Monitor%3C%2FA%3E%26nbsp%3B%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2228px%22%3E%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%3CSPAN%3EDeploy-Log-Analytics%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2228px%22%3E%3CA%20title%3D%22Enable%20Log%20Storage%20and%20Querying%22%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FEnterprise-Scale%2Fblob%2Fmain%2Fdocs%2Freference%2Fazpol.md%23enable-log-storage-and-querying%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EEnable%20Log%20Storage%20and%20Querying%3C%2FA%3E%26nbsp%3B%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2228px%22%3E%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%3CSPAN%3EDeploy-*-Arc-Monitoring%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2228px%22%3E%3CA%20title%3D%22Provision%20logging%20for%20Azure-Arc%20enabled%20servers%22%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FEnterprise-Scale%2Fblob%2Fmain%2Fdocs%2Freference%2Fazpol.md%23provision-logging-for-azure-arc-enabled-servers%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EProvision%20logging%20for%20Azure-Arc%20enabled%20servers%3C%2FA%3E%26nbsp%3B%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2228px%22%3E%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%3CSPAN%3EDeploy-Nsg-FlowLogs%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2228px%22%3E%3CA%20title%3D%22Enforce%20Network%20Traffic%20Log%20collection%22%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FEnterprise-Scale%2Fblob%2Fmain%2Fdocs%2Freference%2Fazpol.md%23enforce-network-traffic-log-collection%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EEnforce%20Network%20Traffic%20Log%20collection%3C%2FA%3E%26nbsp%3B%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2256px%22%3E%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%3CSPAN%3EDeploy-vWAN%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%3CSPAN%3EDeploy-vHUB%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2256px%22%3E%3CA%20title%3D%22Provision%20at-scale%20network%20connectivity%20solution%22%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FEnterprise-Scale%2Fblob%2Fmain%2Fdocs%2Freference%2Fazpol.md%23provision-at-scale-network-connectivity-solution%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EProvision%20at-scale%20network%20connectivity%20solution%3C%2FA%3E%26nbsp%3B%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2228px%22%3E%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%3CSPAN%3EDeploy-VM-Backup%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2228px%22%3E%3CA%20title%3D%22Provision%20backup%20for%20Azure%20VMs%22%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FEnterprise-Scale%2Fblob%2Fmain%2Fdocs%2Freference%2Fazpol.md%23provision-backup-for-azure-vms%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EProvision%20backup%20for%20Azure%20VMs%3C%2FA%3E%26nbsp%3B%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2256px%22%3E%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%3CSPAN%3EDeploy-vNet%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2256px%22%3E%3CA%20title%3D%22Provision%20connectivity%20between%20Virtual%20Networks%20(VNets)%22%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FEnterprise-Scale%2Fblob%2Fmain%2Fdocs%2Freference%2Fazpol.md%23provision-connectivity-between-virtual-networks-vnets%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EProvision%20connectivity%20between%20Virtual%20Networks%20(VNets)%3C%2FA%3E%26nbsp%3B%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2228px%22%3E%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%3CSPAN%3EDeploy-Windows-DomainJoin%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FDIV%3E%0A%3C%2FTD%3E%0A%3CTD%20width%3D%2233.333333333333336%25%22%20height%3D%2228px%22%3E%3CA%20title%3D%22Enforce%20Windows%20VMs%20to%20join%20AD%20Domain%22%20href%3D%22https%3A%2F%2Fgithub.com%2FAzure%2FEnterprise-Scale%2Fblob%2Fmain%2Fdocs%2Freference%2Fazpol.md%23enforce-windows-vms-to-join-ad-domain%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3EEnforce%20Windows%20VMs%20to%20join%20AD%20Domain%3C%2FA%3E%26nbsp%3B%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CDIV%3E%0A%3CDIV%3E%3CSPAN%3E%3CEM%3EDeny-Public-Endpoints-for-PaaS-Services%3C%2FEM%3E%20Policy%20Initiative%20includes%20following%20policies%20which%20apply%20on%20specific%20Azure%20services.%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%3E%0A%3CDIV%3E%0A%3COL%3E%0A%3CLI%3E%3CSPAN%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3BDeny-PublicEndpoint-CosmosDB%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3BDeny-PublicEndpoint-MariaDB%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3BDeny-PublicEndpoint-MySQL%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3BDeny-PublicEndpoint-PostgreSql%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3BDeny-PublicEndpoint-KeyVault%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3BDeny-PublicEndpoint-Sql%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3BDeny-PublicEndpoint-Storage%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%3E%26nbsp%3B%26nbsp%3B%26nbsp%3B%26nbsp%3BDeny-PublicEndpoint-Aks%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3C%2FDIV%3E%3CSPAN%3E%26nbsp%3B%26nbsp%3B%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CDIV%3E%3CSPAN%3E%3CEM%3EDeploy-Diag-LogAnalytics%3C%2FEM%3E%20PolicySet%20helps%20capturing%20Logs%20and%20Metrics%20as%20shown%20below.%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%3E%0A%3CTABLE%20class%3D%22lia-align-left%22%20style%3D%22border-collapse%3A%20collapse%3B%20width%3A%20100%25%3B%22%20border%3D%221%22%20width%3D%22100%25%22%20cellspacing%3D%220%22%20cellpadding%3D%220%22%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20height%3D%2228px%22%20style%3D%22width%3A%2048pt%3B%22%3E%3CSTRONG%3EPolicy%20Name%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3CTD%20height%3D%2228px%22%20style%3D%22width%3A%2048pt%3B%22%3E%3CSTRONG%3ELog%20Categories%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3CTD%20height%3D%2228px%22%20style%3D%22width%3A%2048pt%3B%22%3E%3CSTRONG%3EMetrics%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2014.5pt%3B%22%3E%0A%3CTD%20width%3D%2264%22%20height%3D%2214px%22%20style%3D%22height%3A%2014.5pt%3B%20width%3A%2048pt%3B%22%3EDeploy-Diagnostics-AA%3C%2FTD%3E%0A%3CTD%20width%3D%2264%22%20height%3D%2214px%22%20style%3D%22width%3A%2048pt%3B%22%3EJobLogs%20JobStreams%20DscNodeStatus%3C%2FTD%3E%0A%3CTD%20width%3D%2264%22%20height%3D%2214px%22%20style%3D%22width%3A%2048pt%3B%22%3EAllMetrics%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2014.5pt%3B%22%3E%0A%3CTD%20height%3D%2214px%22%20style%3D%22height%3A%2014.5pt%3B%22%3EDeploy-Diagnostics-ACI%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3E%26nbsp%3B%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EAllMetrics%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2014.5pt%3B%22%3E%0A%3CTD%20height%3D%2214px%22%20style%3D%22height%3A%2014.5pt%3B%22%3EDeploy-Diagnostics-ACR%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3E%26nbsp%3B%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EAllMetrics%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2014.5pt%3B%22%3E%0A%3CTD%20height%3D%2214px%22%20style%3D%22height%3A%2014.5pt%3B%22%3EDeploy-Diagnostics-ActivityLog%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EAdministrative%20Security%20ServiceHealth%20Alert%20Recommendation%20Policy%20Autoscale%20ResourceHealth%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3E%26nbsp%3B%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2014.5pt%3B%22%3E%0A%3CTD%20height%3D%2214px%22%20style%3D%22height%3A%2014.5pt%3B%22%3EDeploy-Diagnostics-AKS%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3Ekube-audit%20kube-apiserver%20kube-controller-manager%20kube-scheduler%20cluster-autoscaler%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EAllMetrics%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2014.5pt%3B%22%3E%0A%3CTD%20height%3D%2214px%22%20style%3D%22height%3A%2014.5pt%3B%22%3EDeploy-Diagnostics-AnalysisService%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EEngine%20Service%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EAllMetrics%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2014.5pt%3B%22%3E%0A%3CTD%20height%3D%2214px%22%20style%3D%22height%3A%2014.5pt%3B%22%3EDeploy-Diagnostics-APIMgmt%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EGatewayLogs%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EGateway%20Requests%20Capacity%20EventHub%20Events%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2014.5pt%3B%22%3E%0A%3CTD%20height%3D%2214px%22%20style%3D%22height%3A%2014.5pt%3B%22%3EDeploy-Diagnostics-ApplicationGateway%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EApplicationGatewayAccessLog%20ApplicationGatewayPerformanceLog%20ApplicationGatewayFirewallLog%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EAllMetrics%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2014.5pt%3B%22%3E%0A%3CTD%20height%3D%2214px%22%20style%3D%22height%3A%2014.5pt%3B%22%3EDeploy-Diagnostics-Batch%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EServiceLog%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EAllMetrics%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2014.5pt%3B%22%3E%0A%3CTD%20height%3D%2214px%22%20style%3D%22height%3A%2014.5pt%3B%22%3EDeploy-Diagnostics-CDNEndpoints%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3ECoreAnalytics%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3E%26nbsp%3B%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2014.5pt%3B%22%3E%0A%3CTD%20height%3D%2214px%22%20style%3D%22height%3A%2014.5pt%3B%22%3EDeploy-Diagnostics-CognitiveServices%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EAudit%20RequestResponse%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EAllMetrics%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2014.5pt%3B%22%3E%0A%3CTD%20height%3D%2214px%22%20style%3D%22height%3A%2014.5pt%3B%22%3EDeploy-Diagnostics-CosmosDB%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EDataPlaneRequests%20MongoRequests%20QueryRuntimeStatistics%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3ERequests%22%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2014.5pt%3B%22%3E%0A%3CTD%20height%3D%2214px%22%20style%3D%22height%3A%2014.5pt%3B%22%3EDeploy-Diagnostics-DataFactory%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EActivityRuns%20PipelineRuns%20TriggerRuns%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EAllMetrics%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2014.5pt%3B%22%3E%0A%3CTD%20height%3D%2214px%22%20style%3D%22height%3A%2014.5pt%3B%22%3EDeploy-Diagnostics-DataLakeStore%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EAudit%20Requests%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EAllMetrics%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2014.5pt%3B%22%3E%0A%3CTD%20height%3D%2214px%22%20style%3D%22height%3A%2014.5pt%3B%22%3EDeploy-Diagnostics-DLAnalytics%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EAudit%20Requests%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EAllMetrics%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2014.5pt%3B%22%3E%0A%3CTD%20height%3D%2214px%22%20style%3D%22height%3A%2014.5pt%3B%22%3EDeploy-Diagnostics-EventGridSub%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3E%26nbsp%3B%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EAllMetrics%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2014.5pt%3B%22%3E%0A%3CTD%20height%3D%2214px%22%20style%3D%22height%3A%2014.5pt%3B%22%3EDeploy-Diagnostics-EventGridTopic%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3E%26nbsp%3B%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EAllMetrics%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2014.5pt%3B%22%3E%0A%3CTD%20height%3D%2214px%22%20style%3D%22height%3A%2014.5pt%3B%22%3EDeploy-Diagnostics-EventHub%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EArchiveLogs%20OperationalLogs%20AutoScaleLogs%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EAllMetrics%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2014.5pt%3B%22%3E%0A%3CTD%20height%3D%2214px%22%20style%3D%22height%3A%2014.5pt%3B%22%3EDeploy-Diagnostics-ExpressRoute%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EPeeringRouteLog%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EAllMetrics%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2014.5pt%3B%22%3E%0A%3CTD%20height%3D%2214px%22%20style%3D%22height%3A%2014.5pt%3B%22%3EDeploy-Diagnostics-Firewall%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EAzureFirewallApplicationRule%20AzureFirewallNetworkRule%20AzureFirewallDnsProxy%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EAllMetrics%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2014.5pt%3B%22%3E%0A%3CTD%20height%3D%2214px%22%20style%3D%22height%3A%2014.5pt%3B%22%3EDeploy-Diagnostics-HDInsight%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3E%26nbsp%3B%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EAllMetrics%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2014.5pt%3B%22%3E%0A%3CTD%20height%3D%2214px%22%20style%3D%22height%3A%2014.5pt%3B%22%3EDeploy-Diagnostics-iotHub%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EConnections%20DeviceTelemetry%20C2DCommands%20DeviceIdentityOperations%20FileUploadOperations%20Routes%20D2CTwinOperations%20C2DTwinOperations%20TwinQueries%20JobsOperations%20DirectMethods%20E2EDiagnostics%20Configurations%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EAllMetrics%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2014.5pt%3B%22%3E%0A%3CTD%20height%3D%2214px%22%20style%3D%22height%3A%2014.5pt%3B%22%3EDeploy-Diagnostics-KeyVault%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EAuditEvent%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EAllMetrics%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2014.5pt%3B%22%3E%0A%3CTD%20height%3D%2214px%22%20style%3D%22height%3A%2014.5pt%3B%22%3EDeploy-Diagnostics-LoadBalancer%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3ELoadBalancerAlertEvent%20LoadBalancerProbeHealthStatus%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EAllMetrics%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2014.5pt%3B%22%3E%0A%3CTD%20height%3D%2214px%22%20style%3D%22height%3A%2014.5pt%3B%22%3EDeploy-Diagnostics-LogicAppsISE%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EIntegrationAccountTrackingEvents%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3E%26nbsp%3B%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2014.5pt%3B%22%3E%0A%3CTD%20height%3D%2214px%22%20style%3D%22height%3A%2014.5pt%3B%22%3EDeploy-Diagnostics-LogicAppsWF%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EWorkflowRuntime%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EAllMetrics%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2014.5pt%3B%22%3E%0A%3CTD%20height%3D%2214px%22%20style%3D%22height%3A%2014.5pt%3B%22%3EDeploy-Diagnostics-MlWorkspace%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EAmlComputeClusterEvent%20AmlComputeClusterNodeEvent%20AmlComputeJobEvent%20AmlComputeCpuGpuUtilization%20AmlRunStatusChangedEvent%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3ERun%20Model%20Quota%20Resource%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2014.5pt%3B%22%3E%0A%3CTD%20height%3D%2214px%22%20style%3D%22height%3A%2014.5pt%3B%22%3EDeploy-Diagnostics-MySQL%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EMySqlSlowLogs%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EAllMetrics%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2014.5pt%3B%22%3E%0A%3CTD%20height%3D%2214px%22%20style%3D%22height%3A%2014.5pt%3B%22%3EDeploy-Diagnostics-NetworkSecurityGroups%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3ENetworkSecurityGroupEvent%20NetworkSecurityGroupRuleCounter%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3E%26nbsp%3B%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2014.5pt%3B%22%3E%0A%3CTD%20height%3D%2214px%22%20style%3D%22height%3A%2014.5pt%3B%22%3EDeploy-Diagnostics-NIC%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3E%26nbsp%3B%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EAllMetrics%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2014.5pt%3B%22%3E%0A%3CTD%20height%3D%2214px%22%20style%3D%22height%3A%2014.5pt%3B%22%3EDeploy-Diagnostics-PostgreSQL%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EPostgreSQLLogs%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EAllMetrics%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2014.5pt%3B%22%3E%0A%3CTD%20height%3D%2214px%22%20style%3D%22height%3A%2014.5pt%3B%22%3EDeploy-Diagnostics-PowerBIEmbedded%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EEngine%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EAllMetrics%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2014.5pt%3B%22%3E%0A%3CTD%20height%3D%2214px%22%20style%3D%22height%3A%2014.5pt%3B%22%3EDeploy-Diagnostics-PublicIP%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EDDoSProtectionNotifications%20DDoSMitigationFlowLogs%20DDoSMitigationReports%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EAllMetrics%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2014.5pt%3B%22%3E%0A%3CTD%20height%3D%2214px%22%20style%3D%22height%3A%2014.5pt%3B%22%3EDeploy-Diagnostics-RecoveryVault%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3ECoreAzureBackup%20AddonAzureBackupAlerts%20AddonAzureBackupJobs%20AddonAzureBackupPolicy%20AddonAzureBackupProtectedInstance%20AddonAzureBackupStorage%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3E%26nbsp%3B%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2014.5pt%3B%22%3E%0A%3CTD%20height%3D%2214px%22%20style%3D%22height%3A%2014.5pt%3B%22%3EDeploy-Diagnostics-RedisCache%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3E%26nbsp%3B%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EAllMetrics%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2014.5pt%3B%22%3E%0A%3CTD%20height%3D%2214px%22%20style%3D%22height%3A%2014.5pt%3B%22%3EDeploy-Diagnostics-Relay%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3E%26nbsp%3B%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EAllMetrics%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2014.5pt%3B%22%3E%0A%3CTD%20height%3D%2214px%22%20style%3D%22height%3A%2014.5pt%3B%22%3EDeploy-Diagnostics-SearchServices%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EOperationLogs%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EAllMetrics%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2014.5pt%3B%22%3E%0A%3CTD%20height%3D%2214px%22%20style%3D%22height%3A%2014.5pt%3B%22%3EDeploy-Diagnostics-ServiceBus%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EOperationalLogs%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EAllMetrics%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2014.5pt%3B%22%3E%0A%3CTD%20height%3D%2214px%22%20style%3D%22height%3A%2014.5pt%3B%22%3EDeploy-Diagnostics-SignalR%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3E%26nbsp%3B%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EAllMetrics%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2014.5pt%3B%22%3E%0A%3CTD%20height%3D%2214px%22%20style%3D%22height%3A%2014.5pt%3B%22%3EDeploy-Diagnostics-SQLDBs%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3ESQLInsights%20AutomaticTuning%20QueryStoreRuntimeStatistics%20QueryStoreWaitStatistics%20Errors%20DatabaseWaitStatistics%20Timeouts%20Blocks%20Deadlocks%20SQLSecurityAuditEvents%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EAllMetrics%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2014.5pt%3B%22%3E%0A%3CTD%20height%3D%2214px%22%20style%3D%22height%3A%2014.5pt%3B%22%3EDeploy-Diagnostics-SQLElasticPools%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3E%26nbsp%3B%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EAllMetrics%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2014.5pt%3B%22%3E%0A%3CTD%20height%3D%2214px%22%20style%3D%22height%3A%2014.5pt%3B%22%3EDeploy-Diagnostics-SQLMI%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EResourceUsageStats%20SQLSecurityAuditEvents%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3E%26nbsp%3B%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2014.5pt%3B%22%3E%0A%3CTD%20height%3D%2214px%22%20style%3D%22height%3A%2014.5pt%3B%22%3EDeploy-Diagnostics-StreamAnalytics%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EExecution%20Authoring%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EAllMetrics%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2014.5pt%3B%22%3E%0A%3CTD%20height%3D%2214px%22%20style%3D%22height%3A%2014.5pt%3B%22%3EDeploy-Diagnostics-TimeSeriesInsights%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3E%26nbsp%3B%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EAllMetrics%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2014.5pt%3B%22%3E%0A%3CTD%20height%3D%2214px%22%20style%3D%22height%3A%2014.5pt%3B%22%3EDeploy-Diagnostics-TrafficManager%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EProbeHealthStatusEvents%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EAllMetrics%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2014.5pt%3B%22%3E%0A%3CTD%20height%3D%2214px%22%20style%3D%22height%3A%2014.5pt%3B%22%3EDeploy-Diagnostics-VirtualNetwork%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EVMProtectionAlerts%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EAllMetrics%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2014.5pt%3B%22%3E%0A%3CTD%20height%3D%2214px%22%20style%3D%22height%3A%2014.5pt%3B%22%3EDeploy-Diagnostics-VM%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3E%26nbsp%3B%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EAllMetrics%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2014.5pt%3B%22%3E%0A%3CTD%20height%3D%2214px%22%20style%3D%22height%3A%2014.5pt%3B%22%3EDeploy-Diagnostics-VMSS%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3E%26nbsp%3B%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EAllMetrics%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2014.5pt%3B%22%3E%0A%3CTD%20height%3D%2214px%22%20style%3D%22height%3A%2014.5pt%3B%22%3EDeploy-Diagnostics-VNetGW%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EGatewayDiagnosticLog%20IKEDiagnosticLog%20P2SDiagnosticLog%20RouteDiagnosticLog%20RouteDiagnosticLog%20TunnelDiagnosticLog%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EAllMetrics%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2014.5pt%3B%22%3E%0A%3CTD%20height%3D%2214px%22%20style%3D%22height%3A%2014.5pt%3B%22%3EDeploy-Diagnostics-WebServerFarm%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3E%26nbsp%3B%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EAllMetrics%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%20style%3D%22height%3A%2014.5pt%3B%22%3E%0A%3CTD%20height%3D%2214px%22%20style%3D%22height%3A%2014.5pt%3B%22%3EDeploy-Diagnostics-Website%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3E%26nbsp%3B%3C%2FTD%3E%0A%3CTD%20height%3D%2214px%22%3EAllMetrics%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%0A%3C%2FDIV%3E%0A%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%3EPolicySet%26nbsp%3B%3CSPAN%3E%3CEM%3EDeploy-DNSZoneGroup-For-*-PrivateEndpoint%20%3C%2FEM%3Etargets%20Azure%20services%20as%20shown%20below.%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%0A%3CDIV%3E%0A%3CTABLE%20class%3D%22lia-align-left%22%20style%3D%22width%3A%20100%25%3B%22%20border%3D%221%22%20width%3D%22100%25%22%3E%0A%3CTBODY%3E%0A%3CTR%3E%0A%3CTD%20width%3D%2250%25%22%3E%3CSTRONG%3EPolicy%20Name%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3CTD%20width%3D%2250%25%22%3E%3CSTRONG%3EAzure%20Service%3C%2FSTRONG%3E%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3E%3CSPAN%3EDeploy-DNSZoneGroup-For-Blob-PrivateEndpoint%3C%2FSPAN%3E%3C%2FTD%3E%0A%3CTD%3E%3CSPAN%3EAzure%20Storage%20Blob%3C%2FSPAN%3E%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3E%3CSPAN%3EDeploy-DNSZoneGroup-For-File-PrivateEndpoint%3C%2FSPAN%3E%3CSPAN%3E%3CBR%20%2F%3E%3C%2FSPAN%3E%3C%2FTD%3E%0A%3CTD%3E%3CSPAN%3EAzure%20Storage%20File%3C%2FSPAN%3E%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3E%3CSPAN%3EDeploy-DNSZoneGroup-For-Queue-PrivateEndpoint%3C%2FSPAN%3E%3CSPAN%3E%3CBR%20%2F%3E%3C%2FSPAN%3E%3C%2FTD%3E%0A%3CTD%3E%3CSPAN%3EAzure%20Storage%20Queue%3C%2FSPAN%3E%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3E%3CSPAN%3EDeploy-DNSZoneGroup-For-Table-PrivateEndpoint%3C%2FSPAN%3E%3CSPAN%3E%3CBR%20%2F%3E%3C%2FSPAN%3E%3C%2FTD%3E%0A%3CTD%3E%3CSPAN%3EAzure%20Storage%20Table%3C%2FSPAN%3E%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3E%3CSPAN%3EDeploy-DNSZoneGroup-For-KeyVault-PrivateEndpoint%3C%2FSPAN%3E%3CSPAN%3E%3CBR%20%2F%3E%3C%2FSPAN%3E%3C%2FTD%3E%0A%3CTD%3E%3CSPAN%3EAzure%20KeyVault%3C%2FSPAN%3E%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3CTR%3E%0A%3CTD%3E%3CSPAN%3EDeploy-DNSZoneGroup-For-Sql-PrivateEndpoint%3C%2FSPAN%3E%3CSPAN%3E%3CBR%20%2F%3E%3C%2FSPAN%3E%3C%2FTD%3E%0A%3CTD%3E%3CSPAN%3EAzure%20SQL%20Database%3C%2FSPAN%3E%3C%2FTD%3E%0A%3C%2FTR%3E%0A%3C%2FTBODY%3E%0A%3C%2FTABLE%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3C%2FDIV%3E%0A%3CDIV%3E%26nbsp%3B%3C%2FDIV%3E%0A%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-2121478%22%20slang%3D%22en-US%22%3E%3CP%3EAre%20you%20struggling%20to%20enforce%20corporate%2C%20industry%20or%20regulatory%20compliance%20requirements%20for%20applications%20running%20in%20Azure%3F%20Are%20you%20not%20sure%20how%20will%20you%20consistently%20apply%20governance%20requirements%20for%20new%20applications%3F%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2121478%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EApplication%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EInfrastructure%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2299744%22%20slang%3D%22en-US%22%3ERe%3A%20How%20does%20Azure%20Policies%20in%20Enterprise-scale%20Landing%20Zone%20help%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2299744%22%20slang%3D%22en-US%22%3E%3CP%3ENicely%20tabulated%20the%20policies%3C%2FP%3E%3C%2FLINGO-BODY%3E
Co-Authors
Version history
Last update:
‎Apr 14 2021 01:50 AM
Updated by: