Temporary fix for Microsoft cloud security benchmark policy initiative
This release introduces a custom policy definition and policy initiative definition in order to work around a breaking change in the built in equivalents that can't currently be handled in the Terraform alz provider. The policy initiative and assignment have been post-fixed with -Tp to differentiate them from the previous ones. You should expect to see the previous assignment being destroyed in your plan.
Once provider support has been added, this release will be reverted.
If you don't wish to leverage these custom policies, then you can remove them using an archetype override for the root archetype. The minimum settings required to remove them are:
base_archetype: root
name: root_custom
policy_assignments_to_add: []
policy_assignments_to_remove: [
"Deploy-ASC-Monitoring-Tp"
]
policy_definitions_to_add: []
policy_definitions_to_remove: [
"Audit-Kubernetes-ApprovedHostNetworkAndPorts"
]
policy_set_definitions_to_add: []
policy_set_definitions_to_remove: [
"Deploy-ASC-Monitoring-Tp"
]
role_definitions_to_add: []
role_definitions_to_remove: []What's Changed
- fix: asc monitoring temporary by @jaredfholgate in #240
Full Changelog: platform/alz/2025.09.0...platform/alz/2025.09.1