udpate category and add cognitive service policy

Author: taoyangcloud

policyDefinitions/azure-sql/pol-audit-deny-sql-server-aad-auth.json

@@ -4,7 +4,7 @@
     "displayName": "Azure SQL Database should have Azure Active Directory Only Authentication enabled",
     "description": "Disabling local authentication methods and allowing only Azure Active Directory Authentication improves security by ensuring that Azure SQL Databases can exclusively be accessed by Azure Active Directory identities. Learn more at: aka.ms/adonlycreate.",
     "metadata": {
-      "category": "Network Security",
+      "category": "Azure SQL",
       "version": "1.0.0",
       "preview": false,
       "deprecated": false,

policyDefinitions/azure-sql/pol-audit-deny-sql-server-public-endpoint.json

@@ -4,7 +4,7 @@
     "displayName": "Public network access on Azure SQL Database should be disabled",
     "description": "Disabling the public network access property improves security by ensuring your Azure SQL Database can only be accessed from a private endpoint. This configuration denies all logins that match IP or virtual network based firewall rules.",
     "metadata": {
-      "category": "Network Security",
+      "category": "Azure SQL",
       "version": "1.1.0",
       "preview": false,
       "deprecated": false,

policyDefinitions/azure-sql/pol-audit-deny-sql-server-tls-version.json

@@ -4,7 +4,7 @@
     "displayName": "Azure SQL Database should be running TLS version 1.2 or newer",
     "description": "Setting TLS version to 1.2 or newer improves security by ensuring your Azure SQL Database can only be accessed from clients using TLS 1.2 or newer. Using versions of TLS less than 1.2 is not recommended since they have well documented security vulnerabilities.",
     "metadata": {
-      "category": "Application and Database security",
+      "category": "Azure SQL",
       "version": "2.0.0",
       "preview": false,
       "deprecated": false,

policyDefinitions/azure-sql/pol-audit-sql-advanced-data-security.json

@@ -4,7 +4,7 @@
     "displayName": "Azure Defender for SQL should be enabled for unprotected Azure SQL servers",
     "description": "Audit SQL servers without Advanced Data Security",
     "metadata": {
-      "category": "Application and Database security",
+      "category": "Azure SQL",
       "version": "2.0.1",
       "preview": false,
       "deprecated": false,

policyDefinitions/azure-sql/pol-audit-sql-server-private-endpoint.json

@@ -4,7 +4,7 @@
     "displayName": "Private endpoint connections on Azure SQL Database should be enabled",
     "description": "Private endpoint connections enforce secure communication by enabling private connectivity to Azure SQL Database.",
     "metadata": {
-      "category": "Network security",
+      "category": "Azure SQL",
       "version": "1.1.0",
       "preview": false,
       "deprecated": false,

policyDefinitions/azure-sql/pol-audit-sql-vuln-assessment.json

@@ -4,7 +4,7 @@
     "displayName": "Vulnerability assessment should be enabled on your SQL servers",
     "description": "Audit Azure SQL servers which do not have recurring vulnerability assessment scans enabled. Vulnerability assessment can discover, track, and help you remediate potential database vulnerabilities.",
     "metadata": {
-      "category": "Application and Database security",
+      "category": "Azure SQL",
       "version": "2.0.0",
       "preview": false,
       "deprecated": false,

policyDefinitions/azure-sql/pol-deploy-sql-database-auditing-settings.json

@@ -4,7 +4,7 @@
     "displayName": "Deploy SQL database auditing settings",
     "description": "Deploy auditing settings to SQL Database when it not exist in the deployment.",
     "metadata": {
-      "category": "Application and Database security",
+      "category": "Azure SQL",
       "version": "1.0.0",
       "preview": false,
       "deprecated": false

policyDefinitions/azure-sql/pol-deploy-sql-tde.json

@@ -4,7 +4,7 @@
     "displayName": "Deploy SQL Database Transparent Data Encryption",
     "description": "Deploy the Transparent Data Encryption when it is not enabled in the deployment.",
     "metadata": {
-      "category": "Application and Database security",
+      "category": "Azure SQL",
       "version": "2.1.0",
       "preview": false,
       "deprecated": false,

policyDefinitions/cognitive-service/pol-restrict-cog-local-auth.json

@@ -0,0 +1,46 @@
+{
+  "name": "pol-restrict-cog-local-auth",
+  "properties": {
+    "displayName": "Cognitive Services accounts should have local authentication methods disabled",
+    "description": "Disable local authentication methods so that your Cognitive Services accounts require Azure Active Directory identities exclusively for authentication. Learn more at: https://aka.ms/cs/auth.",
+    "metadata": {
+      "category": "Cognitive Services",
+      "version": "1.0.0",
+      "preview": false,
+      "deprecated": false
+    },
+    "mode": "Indexed",
+    "parameters": {
+      "effect": {
+        "type": "String",
+        "metadata": {
+          "displayName": "Effect",
+          "description": "Enable or disable the execution of the policy"
+        },
+        "allowedValues": [
+          "Audit",
+          "Deny",
+          "Disabled"
+        ],
+        "defaultValue": "Deny"
+      }
+    },
+    "policyRule": {
+      "if": {
+        "allOf": [
+          {
+            "field": "type",
+            "equals": "Microsoft.CognitiveServices/accounts"
+          },
+          {
+            "field": "Microsoft.CognitiveServices/accounts/disableLocalAuth",
+            "notEquals": true
+          }
+        ]
+      },
+      "then": {
+        "effect": "[parameters('effect')]"
+      }
+    }
+  }
+}

policyDefinitions/container-registry/pol-audit-acr-disable-public-network-access.json

@@ -4,7 +4,7 @@
     "displayName": "Public network access should be disabled for Container registries",
     "description": "Disabling public network access improves security by ensuring that container registries are not exposed on the public internet. Creating private endpoints can limit exposure of container registry resources.",
     "metadata": {
-      "category": "Network Security",
+      "category": "Container Registry",
       "version": "1.0.0",
       "preview": false,
       "deprecated": true,