{ "$schema": "https://raw.githubusercontent.com/Azure/enterprise-azure-policy-as-code/main/Schemas/policy-assignment-schema.json", "nodeName": "/Connectivity/", "scope": { "tenant1": [ // Replace with your EPAC environment name and validate the management group listed below exists "/providers/Microsoft.Management/managementGroups/connectivity" ] }, "parameters": { "ddosPlan": "" // Replace with DDOS plan Id }, "children": [ { "nodeName": "Networking", "assignment": { "name": "Enable-DDoS-VNET-Con", "displayName": "Virtual networks should be protected by Azure DDoS Network Protection", "description": "Protect your virtual networks against volumetric and protocol attacks with Azure DDoS Network Protection. For more information, visit https://aka.ms/ddosprotectiondocs." }, "definitionEntry": { "policyId": "/providers/Microsoft.Authorization/policyDefinitions/94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d", "displayName": "Enable DDOS" }, "parameters": { "effect": "Modify" }, "nonComplianceMessages": [ { "message": "Virtual networks must be protected by Azure DDoS Network Protection." } ] } ] }