v1.33.0
What's changed since v1.32.1:
- New features:
- Exporting policy as rules also generates a baseline by @BernieWhite.
#2482- A baseline is automatically generated that includes for all rules exported.
If a policy rule has been replaced by a built-in rule, the baseline will include the built-in rule instead. - The baseline is named
<Prefix>.PolicyBaseline.All. i.e.Azure.PolicyBaseline.Allby default. - For details see Policy as rules.
- A baseline is automatically generated that includes for all rules exported.
- Exporting policy as rules also generates a baseline by @BernieWhite.
- New rules:
- Databricks:
- Check that Databricks workspaces use a non-trial SKU by @batemansogq.
#2646 - Check that Databricks workspaces require use of private endpoints by @batemansogq.
#2646
- Check that Databricks workspaces use a non-trial SKU by @batemansogq.
- Dev Box:
- Check that projects limit the number of Dev Boxes per user by @BernieWhite.
#2654
- Check that projects limit the number of Dev Boxes per user by @BernieWhite.
- Databricks:
- Updated rules:
- Application Gateway:
- Updated
Azure.AppGwWAF.RuleGroupsto use the rule sets by @BenjaminEngeset.
#2629- The latest Bot Manager rule set is now
1.0. - The latest OWASP rule set is now
3.2.
- The latest Bot Manager rule set is now
- Updated
- Cognitive Services:
- Relaxed
Azure.Cognitive.ManagedIdentityto configurations that require managed identities by @BernieWhite.
#2559
- Relaxed
- Virtual Machine:
- Checks for Azure Hybrid Benefit
Azure.VM.UseHybridUseBenefitare not enabled by default by @BernieWhite.
#2493- To enable, set the
AZURE_VM_USE_HYBRID_USE_BENEFIToption totrue.
- To enable, set the
- Checks for Azure Hybrid Benefit
- Virtual Network:
- Added option for excluding subnets to
Azure.VNET.UseNSGsby @BernieWhite.
#2572- To add a subnet exclusion, set the
AZURE_VNET_SUBNET_EXCLUDED_FROM_NSGoption.
- To add a subnet exclusion, set the
- Added option for excluding subnets to
- Application Gateway:
- General improvements:
- Rules that are ignored during exporting policy as rules are now generate a verbose logs by @BernieWhite.
#2482- This is to improve transparency of why rules are not exported.
- To see details on why a rule is ignored, enable verbose logging with
-Verbose.
- Policies that duplicate built-in rules can now be exported by using the
-KeepDuplicatesparameter by @BernieWhite.
#2482- For details see Policy as rules.
- Quality updates to rules and documentation by @BernieWhite.
#1772
#2570
- Rules that are ignored during exporting policy as rules are now generate a verbose logs by @BernieWhite.
- Engineering:
- Bug fixes:
- Fixed
dateTimeAddmay fail with different localization by @BernieWhite.
#2631 - Fixed inconclusive result reported for
Azure.ACR.Usageby @BernieWhite.
#2494 - Fixed export of Front Door resource data is incomplete by @BernieWhite.
#2668 - Fixed
Azure.Template.TemplateFileto support withlanguageVersion2.0 template properties by @MrRoundRobin.
#2660 - Fixed
Azure.VM.DiskSizeAlignmentdoes not handle smaller sizes and ultra disks by @BernieWhite.
#2656
- Fixed
What's changed since pre-release v1.33.0-B0169:
- No additional changes.
See change log.
Contributors
MrRoundRobin, BernieWhite, and 2 other contributors