From eaa8e3743cac27d5284c6e81a8e3968f4e3ae132 Mon Sep 17 00:00:00 2001
From: Marvin Buss <marvin.buss@gmail.com>
Date: Mon, 14 Dec 2020 10:51:16 +0100
Subject: [PATCH] added private dns zone and LA workspace policy

---
 ...ms.policyDefinition.Deny-LogAnalytics.json | 41 +++++++++++++++++++
 ...policyDefinition.Deny-PrivateDnsZones.json | 41 +++++++++++++++++++
 2 files changed, 82 insertions(+)
 create mode 100644 infra/Policies/DataPolicies/params.policyDefinition.Deny-LogAnalytics.json
 create mode 100644 infra/Policies/DataPolicies/params.policyDefinition.Deny-PrivateDnsZones.json

diff --git a/infra/Policies/DataPolicies/params.policyDefinition.Deny-LogAnalytics.json b/infra/Policies/DataPolicies/params.policyDefinition.Deny-LogAnalytics.json
new file mode 100644
index 0000000..202f4a6
--- /dev/null
+++ b/infra/Policies/DataPolicies/params.policyDefinition.Deny-LogAnalytics.json
@@ -0,0 +1,41 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "policyName": {
+            "value": "Deny-LogAnalytics"
+        },
+        "policyDescription": {
+            "value": "Restrict deployment of log analytics workspace."
+        },
+        "policyMode": {
+            "value": "All"
+        },
+        "policyParameters": {
+            "value": {}
+        },
+        "policyDefinition": {
+            "value": {
+                "if": {
+                    "allOf": [
+                        {
+                            "field": "type",
+                            "equals": "Microsoft.OperationalInsights/workspaces"
+                        }
+                    ]
+                },
+                "then": {
+                    "effect": "Deny"
+                }
+            }
+        },
+        "policyMetadata": {
+            "value": {
+                "version": "1.0.0",
+                "category": "Log Analytics",
+                "preview": false,
+                "deprecated": false
+            }
+        }
+    }
+}
\ No newline at end of file
diff --git a/infra/Policies/DataPolicies/params.policyDefinition.Deny-PrivateDnsZones.json b/infra/Policies/DataPolicies/params.policyDefinition.Deny-PrivateDnsZones.json
new file mode 100644
index 0000000..ffedf13
--- /dev/null
+++ b/infra/Policies/DataPolicies/params.policyDefinition.Deny-PrivateDnsZones.json
@@ -0,0 +1,41 @@
+{
+    "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
+    "contentVersion": "1.0.0.0",
+    "parameters": {
+        "policyName": {
+            "value": "Deny-PrivateDnsZones"
+        },
+        "policyDescription": {
+            "value": "Restrict deployment of private dns zones."
+        },
+        "policyMode": {
+            "value": "All"
+        },
+        "policyParameters": {
+            "value": {}
+        },
+        "policyDefinition": {
+            "value": {
+                "if": {
+                    "allOf": [
+                        {
+                            "field": "type",
+                            "equals": "Microsoft.Network/privateDnsZones"
+                        }
+                    ]
+                },
+                "then": {
+                    "effect": "Deny"
+                }
+            }
+        },
+        "policyMetadata": {
+            "value": {
+                "version": "1.0.0",
+                "category": "Private DNS Zones",
+                "preview": false,
+                "deprecated": false
+            }
+        }
+    }
+}
\ No newline at end of file