policyAssignments/CAF-Connectivity-Default.json
{
"$schema": "https://raw.githubusercontent.com/Azure/enterprise-azure-policy-as-code/main/Schemas/policy-assignment-schema.json", "nodeName": "/Connectivity/", "scope": { "tenant1": [ "/providers/Microsoft.Management/managementGroups/connectivity" ] }, "children": [ { "nodeName": "Networking", "assignment": { "name": "Enable-DDoS-VNET", "displayName": "Virtual networks should be protected by Azure DDoS Network Protection", "description": "Protect your virtual networks against volumetric and protocol attacks with Azure DDoS Network Protection. For more information, visit https://aka.ms/ddosprotectiondocs." }, "definitionEntry": { "policyId": "/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d", "displayName": "Enable DDOS" }, "parameters": { "effect": "Modify", "ddosPlan": "" }, "nonComplianceMessages": [ { "message": "Virtual networks must be protected by Azure DDoS Network Protection." } ] } ] } |