Azure Policy built-ins

This page is an index of documentation for Azure Policy built-in policy definitions and initiatives, and Regulatory Compliance built-ins that are available in Azure portal.

Built-ins

Azure Policy built-in policies and initiatives and the name links to the documentation.

Name Description
Policies Azure Policy built-in definitions.
Initiatives Azure Policy built-in initiatives.

Regulatory Compliance

The following are the Regulatory Compliance built-ins in Azure. The name links to the documentation and you can use the ID to find the initiative in Azure Policy definitions in the portal.

Name ID
Australian Government ISM PROTECTED 27272c0b-c225-4cc3-b8b0-f2534b093077
Canada Federal PBMM 4c4a5f27-de81-430b-b4e5-9cbd50595a87
CIS Microsoft Azure Foundations Benchmark 1.1.0 1a5bb27d-173f-493e-9568-eb56638dde4d
CIS Microsoft Azure Foundations Benchmark 1.3.0 612b5213-9160-4969-8578-1518bd2a000c
CIS Microsoft Azure Foundations Benchmark 1.4.0 c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5
CIS Microsoft Azure Foundations Benchmark 2.0.0 06f19060-9e68-4070-92ca-f15cc126059e
CMMC Level 3 b5629c75-5c77-4422-87b9-2509e680f8de
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f
FedRAMP Moderate e95f5a9f-57ad-4d03-bb0b-b1d16db93693
HIPAA HITRUST a169a624-5599-4385-a696-c8d643089fab
IRS 1075 September 2016 105e0327-6175-4eb2-9af4-1fba43bdb39d
ISO 27001:2013 89c6cddc-1c73-4ac1-b19c-54d1a15a42f2
Microsoft cloud security benchmark 1f3afdf9-d0c9-4c3d-847f-89da613e70a8
Microsoft Cloud for Sovereignty Confidential 03de05a4-c324-4ccd-882f-a814ea8ab9ea
Microsoft Cloud for Sovereignty Global c1cbff38-87c0-4b9f-9f70-035c7a3b5523
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f
NIST SP 800-171 R2 03055927-78bd-4236-86c0-f36125a10dc9
NL BIO Cloud Theme 6ce73208-883e-490f-a2ac-44aac3b3687f
PCI DSS 3.2.1 496eeda9-8f2f-4d5e-8dfd-204f0a92ed41
PCI DSS 4.0 c676748e-3af9-4e22-bc28-50feed564afb
RBI ITF Banks v2016 d0d5578d-cc08-2b22-31e3-f525374f235a
RBI ITF NBFC v2017 7f89f09c-48c1-f28d-1bd5-84f3fb22f86c
RMIT Malaysia 97a6d4f1-3bed-4cf4-ac5b-0e444c0408d6
Spain ENS 175daf90-21e1-4fec-b745-7b4c909aa94c
System and Organization Controls (SOC) 2 4054785f-702b-4a98-9215-009cbd58b141
SWIFT CSP-CSCF v2021 abf84fac-f817-a70c-14b5-47eec767458a
SWIFT CSP-CSCF v2022 7bc7cd6c-4114-ff31-3cac-59be3157596d
UK OFFICIAL and UK NHS 3937f550-eedd-4639-9c5e-294358be442e

Regulatory Compliance Azure Government

The following are the Regulatory Compliance built-ins in Azure Government. The name links to the documentation and you can use the ID to find the initiative in Azure Policy definitions in the portal. The government initiatives use the same ID but might differ from Azure initiatives by which policy definitions are included. The initiative version numbers between Azure and Azure Government are also different.

Name ID
CIS Microsoft Azure Foundations Benchmark v1.1.0 1a5bb27d-173f-493e-9568-eb56638dde4d
CIS Microsoft Azure Foundations Benchmark v1.3.0 612b5213-9160-4969-8578-1518bd2a000c
CMMC Level 3 b5629c75-5c77-4422-87b9-2509e680f8de
FedRAMP High d5264498-16f4-418a-b659-fa7ef418175f
FedRAMP Moderate e95f5a9f-57ad-4d03-bb0b-b1d16db93693
IRS 1075 September 2016 105e0327-6175-4eb2-9af4-1fba43bdb39d
ISO 27001:2013 89c6cddc-1c73-4ac1-b19c-54d1a15a42f2
Microsoft cloud security benchmark 1f3afdf9-d0c9-4c3d-847f-89da613e70a8
NIST SP 800-53 Rev. 4 cf25b9c1-bd23-4eb6-bd2c-f4f3ac644a5f
NIST SP 800-53 Rev. 5 179d1daa-458f-4e47-8086-2a68d0d6c38f
NIST SP 800-171 R2 03055927-78bd-4236-86c0-f36125a10dc9
System and Organization Controls (SOC) 2 4054785f-702b-4a98-9215-009cbd58b141

Next steps