Skip to content

Commit

Permalink
bug: incorrect policy enforcement setting for defender plans (#61)
Browse files Browse the repository at this point in the history 
Update defender.md
  • Loading branch information
@jaredfholgate
jaredfholgate authored Feb 26, 2025
1 parent 33d6651 commit 1cc8147
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions .../accelerator/startermodules/terraform-platform-landing-zone/options/defender.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ weight: 13
The Defender Plan policy is enabled by default. If you want to turn off individual Defender plans, you can follow these steps:

1. Update the `management_group_settings.policy_assignments_to_modify` section.
1. Find the `Deploy-MDFC-Config-H224` block setting and set the enforcement mode of the individual Defender plan line settings to `DoNotEnforce`. See the following example to turn off a subset the Defender plans:
1. Find the `Deploy-MDFC-Config-H224` block setting and set the enforcement mode of the individual Defender plan line settings to `Disabled`. See the following example to turn off a subset the Defender plans:

{{< hint type=warning >}}
If you have updated the `alz` management group ID, then you need to update the management group ID in this block setting to match. For example, replace `alz` with `contoso`.
Expand All @@ -31,9 +31,9 @@ If you have updated the `alz` management group ID, then you need to update the m
enableAscForStorage = "DeployIfNotExists"
enableAscForContainers = "DeployIfNotExists"
enableAscForKeyVault = "DeployIfNotExists"
enableAscForSqlOnVm = "DoNotEnforce"
enableAscForSqlOnVm = "Disabled"
enableAscForArm = "DeployIfNotExists"
enableAscForOssDb = "DoNotEnforce"
enableAscForOssDb = "Disabled"
enableAscForCosmosDbs = "DeployIfNotExists"
enableAscForCspm = "DeployIfNotExists"
}
Expand Down

0 comments on commit 1cc8147

Please sign in to comment.